Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-30906 | HIGH | 7.8 | Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege … | May 13, 2026 |
| CVE-2026-30905 | HIGH | 7.8 | External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to … | May 13, 2026 |
| CVE-2026-30904 | LOW | 1.8 | Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access. | May 13, 2026 |
| CVE-2026-22677 | MEDIUM | 6.5 | Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary … | May 13, 2026 |
| CVE-2026-0262 | UNKNOWN | — | Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) … | May 13, 2026 |
| CVE-2026-0261 | UNKNOWN | — | Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root … | May 13, 2026 |
| CVE-2026-0259 | UNKNOWN | — | An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary … | May 13, 2026 |
| CVE-2026-0258 | UNKNOWN | — | A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to … | May 13, 2026 |
| CVE-2026-0257 | UNKNOWN | — | Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an … | May 13, 2026 |
| CVE-2026-0256 | UNKNOWN | — | A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web … | May 13, 2026 |
| CVE-2026-0251 | UNKNOWN | — | Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows … | May 13, 2026 |
| CVE-2026-0250 | UNKNOWN | — | A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and … | May 13, 2026 |
| CVE-2026-0249 | UNKNOWN | — | Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This … | May 13, 2026 |
| CVE-2026-0248 | UNKNOWN | — | An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to … | May 13, 2026 |
| CVE-2026-0247 | UNKNOWN | — | Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations. | May 13, 2026 |
| CVE-2026-0246 | UNKNOWN | — | A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges … | May 13, 2026 |
| CVE-2026-0245 | UNKNOWN | — | Multiple information disclosure vulnerabilities in Prisma Access Agent® allow a local user to access sensitive configuration data and credentials. The Prisma Access Agent on Linux, … | May 13, 2026 |
| CVE-2026-0244 | UNKNOWN | — | An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION enables man-in-the-middle (MitM) attacker to impersonate the controller. | May 13, 2026 |
| CVE-2026-0242 | UNKNOWN | — | A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow … | May 13, 2026 |
| CVE-2026-0241 | UNKNOWN | — | Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources. | May 13, 2026 |
| CVE-2026-0240 | UNKNOWN | — | An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue … | May 13, 2026 |
| CVE-2026-0239 | UNKNOWN | — | An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticated attacker with network access to the collector service to retrieve sensitive information. | May 13, 2026 |
| CVE-2026-0238 | UNKNOWN | — | A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields. | May 13, 2026 |
| CVE-2026-0236 | UNKNOWN | — | A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated … | May 13, 2026 |
| CVE-2026-0235 | UNKNOWN | — | A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies. | May 13, 2026 |