Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23657
Total
1684
Critical
7428
High
7547
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-54887 | UNKNOWN | — | Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl (DTLS server) allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. … | Jul 02, 2026 |
| CVE-2026-54886 | UNKNOWN | — | Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to render an SFTP channel permanently … | Jul 02, 2026 |
| CVE-2026-53422 | UNKNOWN | — | Observable Response Discrepancy vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to enumerate the existence of files and directories outside the … | Jul 02, 2026 |
| CVE-2026-50282 | UNKNOWN | — | Craft CMS is a content management system (CMS). Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an … | Jul 02, 2026 |
| CVE-2026-50281 | UNKNOWN | — | Craft CMS is a content management system (CMS). Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An … | Jul 02, 2026 |
| CVE-2026-44935 | CRITICAL | 9.9 | Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 … | Jul 02, 2026 |
| CVE-2024-58352 | HIGH | 7.5 | Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the … | Jul 02, 2026 |
| CVE-2024-14037 | CRITICAL | 9.8 | Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob … | Jul 02, 2026 |
| CVE-2022-50973 | CRITICAL | 9.8 | Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a … | Jul 02, 2026 |
| CVE-2026-58455 | CRITICAL | 9.8 | Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit() after … | Jul 02, 2026 |
| CVE-2026-44941 | HIGH | 8.4 | A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious … | Jul 02, 2026 |
| CVE-2026-9272 | UNKNOWN | — | In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the … | Jul 02, 2026 |
| CVE-2026-8079 | UNKNOWN | — | In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation … | Jul 02, 2026 |
| CVE-2026-56842 | HIGH | 7.5 | A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist … | Jul 02, 2026 |
| CVE-2026-56841 | HIGH | 8.8 | A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate … | Jul 02, 2026 |
| CVE-2026-56004 | CRITICAL | 10.0 | A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a … | Jul 02, 2026 |
| CVE-2026-55119 | HIGH | 8.1 | A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Talk Application to escalate … | Jul 02, 2026 |
| CVE-2026-55118 | HIGH | 8.3 | A malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi Network Application … | Jul 02, 2026 |
| CVE-2026-55117 | HIGH | 8.6 | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host … | Jul 02, 2026 |
| CVE-2026-55116 | CRITICAL | 9.0 | A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running … | Jul 02, 2026 |
| CVE-2026-55115 | CRITICAL | 9.9 | A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges … | Jul 02, 2026 |
| CVE-2026-55114 | HIGH | 8.8 | A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate … | Jul 02, 2026 |
| CVE-2026-55113 | HIGH | 7.5 | A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi Talk Application to execute a Denial … | Jul 02, 2026 |
| CVE-2026-55112 | HIGH | 7.5 | A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi … | Jul 02, 2026 |
| CVE-2026-55111 | HIGH | 7.5 | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the … | Jul 02, 2026 |