Total CVEs

144,269

Critical Severity

4,162

High Severity

14,979

Last 7 Days

1,663
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 3,601 - 3,620 of 40,674 CVEs
CVE-2026-8451 HIGH - 7.5

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP

Vendor: citrix
Product: netscaler_application_delivery_controller
Published: Jun 30, 2026
Source: NVD
CVE-2026-8403 MEDIUM - 6.1

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.4.0.  NOTE: The vendor was conta...

Published: Jun 30, 2026
Source: NVD
CVE-2026-6556 CRITICAL - 9.1

@fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the path argument is a string. Non-string mount paths (arrays of paths and regular expressions) are left unprefixed inside prefixed plugin scopes, so middleware registered with those forms does...

Vendor: fastify
Product: fastify\/express
Published: Jun 30, 2026
Source: NVD
CVE-2026-58374 MEDIUM - 6.5

In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame containing a malformed Multi-Link Element or Per-STA Profile subelem...

Vendor: w1.fi
Product: hostapd
Published: Jun 30, 2026
Source: NVD
CVE-2026-58116 CRITICAL - 9.8

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into AutoToken...

Vendor: hiyouga
Product: LlamaFactory
Published: Jun 30, 2026
Source: NVD
CVE-2026-58016 HIGH - 7.5

A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property&g...

Vendor: GNOME, Red Hat
Product: GLib, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images
Published: Jun 30, 2026
Source: NVD
CVE-2026-58015 MEDIUM - 5.9

A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client t...

Vendor: GNOME, Red Hat
Product: GLib, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images
Published: Jun 30, 2026
Source: NVD
CVE-2026-58014 HIGH - 7.3

A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boun...

Vendor: GNOME, Red Hat
Product: GLib, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images
Published: Jun 30, 2026
Source: NVD
CVE-2026-58013 MEDIUM - 6.5

A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 by...

Vendor: GNOME, Red Hat
Product: GLib, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images
Published: Jun 30, 2026
Source: NVD
CVE-2026-58012 MEDIUM - 6.5

A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the ...

Vendor: GNOME, Red Hat
Product: GLib, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images
Published: Jun 30, 2026
Source: NVD
CVE-2026-58011 MEDIUM - 6.5

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic er...

Vendor: GNOME, Red Hat
Product: GLib, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images
Published: Jun 30, 2026
Source: NVD
CVE-2026-58010 MEDIUM - 6.5

A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor inf...

Vendor: GNOME, Red Hat
Product: GLib, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images
Published: Jun 30, 2026
Source: NVD
CVE-2026-53433 HIGH - 7.5

fzf is vulnerable to a Denial of Service (DoS) due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity (O(n²)). A crafted POST request with many small segments can trigger excessi...

Vendor: fzf
Product: fzf
Published: Jun 30, 2026
Source: NVD
CVE-2026-53432 HIGH - 7.5

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a non-recoverab...

Vendor: fzf
Product: fzf
Published: Jun 30, 2026
Source: NVD
CVE-2026-4629 MEDIUM - 6.5

A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the `realm-admin` role into generated tokens, resu...

Vendor: redhat
Product: build_of_keycloak
Published: Jun 30, 2026
Source: NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Jun 30, 2026
Source: NVD
CVE-2026-44946 HIGH - 7.4

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,

Vendor: SUSE
Product: Rancher
Published: Jun 30, 2026
Source: NVD
CVE-2026-14209 MEDIUM - 4.3

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, an administrator who should only be able to search for users (but not view their full details) can ...

Vendor: Red Hat
Product: Red Hat Build of Keycloak, Red Hat JBoss Enterprise Application Platform Expansion Pack
Published: Jun 30, 2026
Source: NVD
CVE-2026-13474 HIGH - 7.5

Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler

Vendor: NetScaler
Product: ADC, Gateway
Published: Jun 30, 2026
Source: NVD
CVE-2026-12388 MEDIUM - 6.5

A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Ro...

Vendor: Red Hat
Product: Red Hat Build of Keycloak
Published: Jun 30, 2026
Source: NVD