Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22374
Total
1599
Critical
6838
High
7169
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-15520 | MEDIUM | 5.3 | A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompress_R2004_section of the file src/decode.c of the component R2004 Section Decompression. Executing a … | Jul 13, 2026 |
| CVE-2026-15519 | MEDIUM | 5.0 | A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file system_prompt.jinja of the component PyPI Handler. Performing … | Jul 13, 2026 |
| CVE-2026-15551 | MEDIUM | 5.5 | Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects . | Jul 13, 2026 |
| CVE-2026-15518 | MEDIUM | 4.7 | A vulnerability has been found in AREA 17 Twill CMS up to 3.6.0. The impacted element is the function FileLibraryController::storeFile of the file src/Http/Controllers/Admin/FileLibraryController.php of … | Jul 13, 2026 |
| CVE-2026-15517 | HIGH | 7.3 | A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx. This manipulation of the argument … | Jul 13, 2026 |
| CVE-2026-15516 | MEDIUM | 5.6 | A vulnerability was detected in MacCMS Pro up to 2022.1000.3005. Impacted is the function step5 of the file application/install/controller/Index.php of the component Installation Module. The … | Jul 13, 2026 |
| CVE-2026-15515 | HIGH | 7.0 | A security vulnerability has been detected in Tencent PC Manager 18.1.30242.301. This issue affects some unknown processing in the library qmudisk64.sys of the component QMUDisk … | Jul 13, 2026 |
| CVE-2026-15514 | HIGH | 7.3 | A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the … | Jul 13, 2026 |
| CVE-2026-15513 | MEDIUM | 6.3 | A security flaw has been discovered in Wavlink WL-NU516U1 260515. This affects the function wlink_uci_set_value of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument … | Jul 13, 2026 |
| CVE-2026-15512 | MEDIUM | 6.3 | A vulnerability was identified in pig-mesh Pig up to 3.9.2. Affected by this issue is some unknown functionality of the file \pig-master\pig-visual\pig-codegen\src\main\java\com\pig4cloud\pig\codegen\service\impl\GeneratorServiceImpl.java of the component … | Jul 13, 2026 |
| CVE-2026-15511 | CRITICAL | 9.8 | A vulnerability was determined in Comfast CF-WR631AX V3 up to 2.7.0.8. Affected by this vulnerability is the function system_wl_upload_pic_file of the file /usr/bin/webmgnt of the … | Jul 12, 2026 |
| CVE-2026-15510 | MEDIUM | 6.3 | A vulnerability was found in Leantime up to 3.8.0. Affected is the function Setting::saveSetting of the component API. The manipulation results in improper authorization. The … | Jul 12, 2026 |
| CVE-2026-15509 | MEDIUM | 6.3 | A vulnerability has been found in Leantime up to 3.8.0. This impacts the function editUser/addUser of the component JSON-RPC Endpoint. The manipulation of the argument … | Jul 12, 2026 |
| CVE-2026-15508 | MEDIUM | 6.3 | A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function build_target_url of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata … | Jul 12, 2026 |
| CVE-2026-15507 | MEDIUM | 6.3 | A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file /app/Policies/ of the component Policy … | Jul 12, 2026 |
| CVE-2026-15506 | HIGH | 7.8 | A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown function in the library saappctl.sys of the … | Jul 12, 2026 |
| CVE-2026-15505 | LOW | 3.5 | A weakness has been identified in vnotex vnote up to 3.20.1. Impacted is an unknown function of the file /src/data/extra/web/js/markdownit.js of the component YAML Frontmatter. … | Jul 12, 2026 |
| CVE-2026-10668 | LOW | 2.4 | The Nuvoton NuMaker HSUSBD USB device-controller driver (drivers/usb/udc/udc_numaker.c) armed the control Data IN stage unconditionally (base->CEPTXCNT = len in numaker_hsusbd_ep_trigger). Because the HSUSBD hardware cannot … | Jul 12, 2026 |
| CVE-2026-10667 | HIGH | 7.8 | Zephyr's dynamic kernel-object tracking (kernel/userspace/userspace.c, formerly kernel/userspace.c) maintains a doubly-linked list (obj_list) of dynamically allocated kernel objects. Iteration over this list in k_object_wordlist_foreach() was performed … | Jul 12, 2026 |
| CVE-2026-10666 | HIGH | 8.1 | parse_ipv4() in subsys/net/ip/utils.c (reached via net_ipaddr_parse() for strings of the form "a.b.c.d:port") copies the port substring into a fixed 17-byte stack buffer (char ipaddr[NET_IPV4_ADDR_LEN + … | Jul 12, 2026 |
| CVE-2026-10665 | HIGH | 7.4 | In Zephyr's WireGuard subsystem (subsys/net/lib/wireguard), wg_process_data_message() in wg_crypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIG_WIREGUARD_BUF_LEN bytes before decryption. The call … | Jul 12, 2026 |
| CVE-2026-10664 | MEDIUM | 5.0 | The nRF70 Wi-Fi driver's power-save event handler nrf_wifi_event_proc_get_power_save_info() in drivers/wifi/nrf_wifi/src/wifi_mgmt.c copied TWT (Target Wake Time) flow entries from an nrf_wifi_umac_event_power_save_info event into the fixed-size twt_flows[WIFI_MAX_TWT_FLOWS] … | Jul 12, 2026 |
| CVE-2026-10663 | MEDIUM | 6.1 | In Zephyr's experimental USB host stack (CONFIG_USB_HOST_STACK), usbh_device_disconnect() (subsys/usb/host/usbh_device.c) freed the root usb_device slab object without clearing the cached pointer ctx->root. The bus removal handler … | Jul 12, 2026 |
| CVE-2026-58596 | HIGH | 8.3 | Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network. | Jul 12, 2026 |
| CVE-2026-15502 | MEDIUM | 6.3 | A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function _rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The … | Jul 12, 2026 |