Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22796
Total
1628
Critical
7094
High
7273
Medium
CVE ID Severity Score Description Published
CVE-2026-15518 MEDIUM 4.7 A vulnerability has been found in AREA 17 Twill CMS up to 3.6.0. The impacted element is the function FileLibraryController::storeFile of the file src/Http/Controllers/Admin/FileLibraryController.php of … Jul 13, 2026
CVE-2026-15517 HIGH 7.3 A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx. This manipulation of the argument … Jul 13, 2026
CVE-2026-15516 MEDIUM 5.6 A vulnerability was detected in MacCMS Pro up to 2022.1000.3005. Impacted is the function step5 of the file application/install/controller/Index.php of the component Installation Module. The … Jul 13, 2026
CVE-2026-15515 HIGH 7.0 A security vulnerability has been detected in Tencent PC Manager 18.1.30242.301. This issue affects some unknown processing in the library qmudisk64.sys of the component QMUDisk … Jul 13, 2026
CVE-2026-15514 HIGH 7.3 A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the … Jul 13, 2026
CVE-2026-15513 MEDIUM 6.3 A security flaw has been discovered in Wavlink WL-NU516U1 260515. This affects the function wlink_uci_set_value of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument … Jul 13, 2026
CVE-2026-15512 MEDIUM 6.3 A vulnerability was identified in pig-mesh Pig up to 3.9.2. Affected by this issue is some unknown functionality of the file \pig-master\pig-visual\pig-codegen\src\main\java\com\pig4cloud\pig\codegen\service\impl\GeneratorServiceImpl.java of the component … Jul 13, 2026
CVE-2026-15511 CRITICAL 9.8 A vulnerability was determined in Comfast CF-WR631AX V3 up to 2.7.0.8. Affected by this vulnerability is the function system_wl_upload_pic_file of the file /usr/bin/webmgnt of the … Jul 12, 2026
CVE-2026-15510 MEDIUM 6.3 A vulnerability was found in Leantime up to 3.8.0. Affected is the function Setting::saveSetting of the component API. The manipulation results in improper authorization. The … Jul 12, 2026
CVE-2026-15509 MEDIUM 6.3 A vulnerability has been found in Leantime up to 3.8.0. This impacts the function editUser/addUser of the component JSON-RPC Endpoint. The manipulation of the argument … Jul 12, 2026
CVE-2026-15508 MEDIUM 6.3 A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function build_target_url of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata … Jul 12, 2026
CVE-2026-15507 MEDIUM 6.3 A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file /app/Policies/ of the component Policy … Jul 12, 2026
CVE-2026-15506 HIGH 7.8 A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown function in the library saappctl.sys of the … Jul 12, 2026
CVE-2026-15505 LOW 3.5 A weakness has been identified in vnotex vnote up to 3.20.1. Impacted is an unknown function of the file /src/data/extra/web/js/markdownit.js of the component YAML Frontmatter. … Jul 12, 2026
CVE-2026-10668 LOW 2.4 The Nuvoton NuMaker HSUSBD USB device-controller driver (drivers/usb/udc/udc_numaker.c) armed the control Data IN stage unconditionally (base->CEPTXCNT = len in numaker_hsusbd_ep_trigger). Because the HSUSBD hardware cannot … Jul 12, 2026
CVE-2026-10667 HIGH 7.8 Zephyr's dynamic kernel-object tracking (kernel/userspace/userspace.c, formerly kernel/userspace.c) maintains a doubly-linked list (obj_list) of dynamically allocated kernel objects. Iteration over this list in k_object_wordlist_foreach() was performed … Jul 12, 2026
CVE-2026-10666 HIGH 8.1 parse_ipv4() in subsys/net/ip/utils.c (reached via net_ipaddr_parse() for strings of the form "a.b.c.d:port") copies the port substring into a fixed 17-byte stack buffer (char ipaddr[NET_IPV4_ADDR_LEN + … Jul 12, 2026
CVE-2026-10665 HIGH 7.4 In Zephyr's WireGuard subsystem (subsys/net/lib/wireguard), wg_process_data_message() in wg_crypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIG_WIREGUARD_BUF_LEN bytes before decryption. The call … Jul 12, 2026
CVE-2026-10664 MEDIUM 5.0 The nRF70 Wi-Fi driver's power-save event handler nrf_wifi_event_proc_get_power_save_info() in drivers/wifi/nrf_wifi/src/wifi_mgmt.c copied TWT (Target Wake Time) flow entries from an nrf_wifi_umac_event_power_save_info event into the fixed-size twt_flows[WIFI_MAX_TWT_FLOWS] … Jul 12, 2026
CVE-2026-10663 MEDIUM 6.1 In Zephyr's experimental USB host stack (CONFIG_USB_HOST_STACK), usbh_device_disconnect() (subsys/usb/host/usbh_device.c) freed the root usb_device slab object without clearing the cached pointer ctx->root. The bus removal handler … Jul 12, 2026
CVE-2026-58596 HIGH 8.3 Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network. Jul 12, 2026
CVE-2026-15502 MEDIUM 6.3 A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function _rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The … Jul 12, 2026
CVE-2026-15501 MEDIUM 6.3 A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.test_mcp_connection of the file astrbot/dashboard/routes/tools.py of … Jul 12, 2026
CVE-2026-61876 HIGH 8.8 LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send … Jul 12, 2026
CVE-2026-61875 HIGH 8.8 luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious … Jul 12, 2026