Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22971
Total
1632
Critical
7220
High
7324
Medium
CVE ID Severity Score Description Published
CVE-2026-15187 MEDIUM 4.3 A security flaw has been discovered in enquirer up to 2.4.1. Affected is the function Enquirer.set of the component Public Package API. The manipulation of … Jul 09, 2026
CVE-2026-11404 HIGH 7.5 Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mg_tls_server_recv_hello(), which uses an attacker-controlled session_id_len byte from a TLS ClientHello … Jul 09, 2026
CVE-2025-58151 UNKNOWN varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving … Jul 09, 2026
CVE-2025-58146 UNKNOWN There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the … Jul 09, 2026
CVE-2025-27464 UNKNOWN [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to … Jul 09, 2026
CVE-2025-27463 UNKNOWN [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to … Jul 09, 2026
CVE-2025-27462 UNKNOWN [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to … Jul 09, 2026
CVE-2026-60109 HIGH 7.5 Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending … Jul 09, 2026
CVE-2026-60108 HIGH 7.5 Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a … Jul 09, 2026
CVE-2026-5005 MEDIUM 5.4 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Stored … Jul 09, 2026
CVE-2026-56292 UNKNOWN A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage. Jul 09, 2026
CVE-2026-54801 HIGH 7.2 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient … Jul 09, 2026
CVE-2026-54800 MEDIUM 4.8 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with … Jul 09, 2026
CVE-2026-54799 MEDIUM 6.7 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a … Jul 09, 2026
CVE-2026-54798 MEDIUM 6.5 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a … Jul 09, 2026
CVE-2026-60095 MEDIUM 6.5 Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlink_server service that allows unauthenticated remote attackers … Jul 09, 2026
CVE-2026-60094 MEDIUM 6.5 Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by … Jul 09, 2026
CVE-2026-4256 HIGH 8.2 Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection. This issue affects PassGate: … Jul 09, 2026
CVE-2026-15186 MEDIUM 6.3 A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The … Jul 09, 2026
CVE-2026-15185 LOW 3.3 A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsub_read_idx of the file /src/media_tools/vobsub.c of the component MP4Box. Executing a manipulation of the … Jul 09, 2026
CVE-2026-14261 CRITICAL 9.1 A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall … Jul 09, 2026
CVE-2026-12879 UNKNOWN An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to … Jul 09, 2026
CVE-2026-12593 UNKNOWN The implementation of an internal and undocumented Dashboard API endpoint (POST /api/users/~/{user}/tokens) forgot to ensure an HTTP request for creating an API Token for another … Jul 09, 2026
CVE-2026-12116 CRITICAL 9.8 A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to … Jul 09, 2026
CVE-2026-15184 LOW 3.3 A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwg_next_entity of the file src/dwg.c of the component DWG … Jul 09, 2026