Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22971
Total
1632
Critical
7220
High
7324
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-15187 | MEDIUM | 4.3 | A security flaw has been discovered in enquirer up to 2.4.1. Affected is the function Enquirer.set of the component Public Package API. The manipulation of … | Jul 09, 2026 |
| CVE-2026-11404 | HIGH | 7.5 | Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mg_tls_server_recv_hello(), which uses an attacker-controlled session_id_len byte from a TLS ClientHello … | Jul 09, 2026 |
| CVE-2025-58151 | UNKNOWN | — | varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving … | Jul 09, 2026 |
| CVE-2025-58146 | UNKNOWN | — | There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the … | Jul 09, 2026 |
| CVE-2025-27464 | UNKNOWN | — | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to … | Jul 09, 2026 |
| CVE-2025-27463 | UNKNOWN | — | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to … | Jul 09, 2026 |
| CVE-2025-27462 | UNKNOWN | — | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to … | Jul 09, 2026 |
| CVE-2026-60109 | HIGH | 7.5 | Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending … | Jul 09, 2026 |
| CVE-2026-60108 | HIGH | 7.5 | Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a … | Jul 09, 2026 |
| CVE-2026-5005 | MEDIUM | 5.4 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Stored … | Jul 09, 2026 |
| CVE-2026-56292 | UNKNOWN | — | A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage. | Jul 09, 2026 |
| CVE-2026-54801 | HIGH | 7.2 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient … | Jul 09, 2026 |
| CVE-2026-54800 | MEDIUM | 4.8 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with … | Jul 09, 2026 |
| CVE-2026-54799 | MEDIUM | 6.7 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a … | Jul 09, 2026 |
| CVE-2026-54798 | MEDIUM | 6.5 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a … | Jul 09, 2026 |
| CVE-2026-60095 | MEDIUM | 6.5 | Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlink_server service that allows unauthenticated remote attackers … | Jul 09, 2026 |
| CVE-2026-60094 | MEDIUM | 6.5 | Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by … | Jul 09, 2026 |
| CVE-2026-4256 | HIGH | 8.2 | Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection. This issue affects PassGate: … | Jul 09, 2026 |
| CVE-2026-15186 | MEDIUM | 6.3 | A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The … | Jul 09, 2026 |
| CVE-2026-15185 | LOW | 3.3 | A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsub_read_idx of the file /src/media_tools/vobsub.c of the component MP4Box. Executing a manipulation of the … | Jul 09, 2026 |
| CVE-2026-14261 | CRITICAL | 9.1 | A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall … | Jul 09, 2026 |
| CVE-2026-12879 | UNKNOWN | — | An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to … | Jul 09, 2026 |
| CVE-2026-12593 | UNKNOWN | — | The implementation of an internal and undocumented Dashboard API endpoint (POST /api/users/~/{user}/tokens) forgot to ensure an HTTP request for creating an API Token for another … | Jul 09, 2026 |
| CVE-2026-12116 | CRITICAL | 9.8 | A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to … | Jul 09, 2026 |
| CVE-2026-15184 | LOW | 3.3 | A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwg_next_entity of the file src/dwg.c of the component DWG … | Jul 09, 2026 |