Total CVEs

144,218

Critical Severity

4,148

High Severity

14,965

Last 7 Days

1,623
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 3,541 - 3,560 of 40,623 CVEs

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where pa...

Vendor: KTM System
Product: e-BOK
Published: Jun 30, 2026
Source: NVD

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026.

Vendor: KTM System
Product: e-BOK
Published: Jun 30, 2026
Source: NVD

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery (CSRF) in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the attac...

Vendor: KTM System
Product: e-BOK
Published: Jun 30, 2026
Source: NVD

KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, its value remains unchanged after successful login. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. T...

Vendor: KTM System
Product: e-BOK
Published: Jun 30, 2026
Source: NVD
CVE-2026-14241 CRITICAL - 9.8

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152.0.4.

Vendor: Mozilla
Product: Firefox
Published: Jun 30, 2026
Source: NVD
CVE-2026-14178 MEDIUM - 5.9

openGauss 在处理带 NLS 参数的 to_timestamp 调用时,to_timestamp_with_fmt_nls() 会将 nls_fmt_str 保存到 u_sess->parser_cxt.nls_fmt_str。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestamp_out() 仍会通过 CheckNlsFormat() 访问 u_sess->parser_cxt.nls_fmt_str,导致访问已释放内存。攻击者在...

Vendor: openGauss-server
Product: openGauss-server-7.0.0-RC2, openGauss-server-7.0.0-RC1, openGauss-server-7.0.0-RC3
Published: Jun 30, 2026
Source: NVD
CVE-2025-53648 MEDIUM - 5.4

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue.

Vendor: apache
Product: gravitino
Published: Jun 30, 2026
Source: NVD
CVE-2026-8655 CRITICAL - 9.8

Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursive ...

Vendor: citrix
Product: netscaler_application_delivery_controller
Published: Jun 30, 2026
Source: NVD
CVE-2026-8452 CRITICAL - 9.8

Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server

Vendor: citrix
Product: netscaler_application_delivery_controller
Published: Jun 30, 2026
Source: NVD
CVE-2026-8451 HIGH - 7.5

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP

Vendor: citrix
Product: netscaler_application_delivery_controller
Published: Jun 30, 2026
Source: NVD
CVE-2026-8403 MEDIUM - 6.1

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.4.0.  NOTE: The vendor was conta...

Published: Jun 30, 2026
Source: NVD
CVE-2026-6556 CRITICAL - 9.1

@fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the path argument is a string. Non-string mount paths (arrays of paths and regular expressions) are left unprefixed inside prefixed plugin scopes, so middleware registered with those forms does...

Vendor: fastify
Product: fastify\/express
Published: Jun 30, 2026
Source: NVD
CVE-2026-58374 MEDIUM - 6.5

In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame containing a malformed Multi-Link Element or Per-STA Profile subelem...

Vendor: w1.fi
Product: hostapd
Published: Jun 30, 2026
Source: NVD
CVE-2026-58116 CRITICAL - 9.8

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into AutoToken...

Vendor: hiyouga
Product: LlamaFactory
Published: Jun 30, 2026
Source: NVD
CVE-2026-58016 HIGH - 7.5

A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property&g...

Vendor: GNOME, Red Hat
Product: GLib, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images
Published: Jun 30, 2026
Source: NVD
CVE-2026-58015 MEDIUM - 5.9

A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client t...

Vendor: GNOME, Red Hat
Product: GLib, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images
Published: Jun 30, 2026
Source: NVD
CVE-2026-58014 HIGH - 7.3

A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boun...

Vendor: GNOME, Red Hat
Product: GLib, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images
Published: Jun 30, 2026
Source: NVD
CVE-2026-58013 MEDIUM - 6.5

A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 by...

Vendor: GNOME, Red Hat
Product: GLib, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images
Published: Jun 30, 2026
Source: NVD
CVE-2026-58012 MEDIUM - 6.5

A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the ...

Vendor: GNOME, Red Hat
Product: GLib, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images
Published: Jun 30, 2026
Source: NVD
CVE-2026-58011 MEDIUM - 6.5

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic er...

Vendor: GNOME, Red Hat
Product: GLib, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images
Published: Jun 30, 2026
Source: NVD