Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23503
Total
1676
Critical
7379
High
7473
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-21369 | MEDIUM | 5.3 | Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification. | Jul 06, 2026 |
| CVE-2026-21368 | MEDIUM | 5.3 | Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks. | Jul 06, 2026 |
| CVE-2026-14471 | HIGH | 8.1 | Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute … | Jul 06, 2026 |
| CVE-2026-14468 | HIGH | 7.7 | HashiCorp Terraform Enterprise contained an issue in its version control system (VCS) ingestion of registry modules that did not correctly enforce the intended boundary on … | Jul 06, 2026 |
| CVE-2025-59617 | MEDIUM | 6.6 | Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input. | Jul 06, 2026 |
| CVE-2025-59616 | MEDIUM | 6.6 | Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory. | Jul 06, 2026 |
| CVE-2025-59615 | MEDIUM | 6.6 | Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization. | Jul 06, 2026 |
| CVE-2026-59089 | MEDIUM | 5.5 | A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table … | Jul 06, 2026 |
| CVE-2026-58404 | UNKNOWN | — | Hugo is a static site generator. From v0.162.0 through v0.163.0, the default security.http.urls policy denies requests to loopback, internal, and cloud-metadata IPv4 literals, but the … | Jul 06, 2026 |
| CVE-2026-58403 | UNKNOWN | — | Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the … | Jul 06, 2026 |
| CVE-2026-58402 | UNKNOWN | — | Hugo is a static site generator. From 0.60.0 until 0.163.3, Hugo's default code-block renderer wrote the Markdown code-fence language or info-string into the code class="language-…" … | Jul 06, 2026 |
| CVE-2026-55646 | MEDIUM | 6.5 | vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read() to fully materialize … | Jul 06, 2026 |
| CVE-2026-53763 | LOW | 3.8 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … | Jul 06, 2026 |
| CVE-2026-50134 | UNKNOWN | — | Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate … | Jul 06, 2026 |
| CVE-2026-50133 | UNKNOWN | — | Hugo is a static site generator. Prior to 0.162.0, Hugo accepts content files in several markup formats. Files mapped to the text/html media type (typically … | Jul 06, 2026 |
| CVE-2026-44362 | MEDIUM | 5.5 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … | Jul 06, 2026 |
| CVE-2026-42546 | LOW | 3.8 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … | Jul 06, 2026 |
| CVE-2026-41516 | LOW | 2.5 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … | Jul 06, 2026 |
| CVE-2026-41515 | LOW | 2.5 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … | Jul 06, 2026 |
| CVE-2026-41514 | LOW | 2.5 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … | Jul 06, 2026 |
| CVE-2026-14898 | MEDIUM | 6.5 | The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in … | Jul 06, 2026 |
| CVE-2026-14536 | UNKNOWN | — | Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy … | Jul 06, 2026 |
| CVE-2026-11405 | UNKNOWN | — | The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path … | Jul 06, 2026 |
| CVE-2026-9182 | MEDIUM | 5.3 | ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful … | Jul 06, 2026 |
| CVE-2026-9181 | CRITICAL | 9.8 | ArcGIS Server contains a directory traversal vulnerability. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow access to … | Jul 06, 2026 |