Total CVEs

143,232

Critical Severity

4,056

High Severity

14,610

Last 7 Days

1,261
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 361 - 380 of 1,573 CVEs

In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Jun 01, 2026
Source: NVD
CVE-2026-5419 LOW - 3.7

A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of in...

Published: Jun 01, 2026
Source: NVD

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2.

Vendor: nextcloud
Product: security-advisories
Published: Jun 01, 2026
Source: NVD

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2.

Vendor: nextcloud
Product: security-advisories
Published: Jun 01, 2026
Source: NVD

Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions 21.1.10, 22.0.11, and ...

Vendor: nextcloud
Product: security-advisories
Published: Jun 01, 2026
Source: NVD

Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files into other end-to-end ...

Vendor: nextcloud
Product: security-advisories
Published: Jun 01, 2026
Source: NVD

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circles. Since circle IDs have 62^15 complexity by defau...

Vendor: nextcloud
Product: security-advisories
Published: Jun 01, 2026
Source: NVD

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This is...

Vendor: nextcloud
Product: security-advisories
Published: Jun 01, 2026
Source: NVD

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshal_one_fiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made available...

Vendor: janet-lang
Product: janet
Published: Jun 01, 2026
Source: NVD

A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. ...

Vendor: janet-lang
Product: janet
Published: Jun 01, 2026
Source: NVD

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly di...

Vendor: lharries
Product: whatsapp-mcp
Published: Jun 01, 2026
Source: NVD

kas checks out SHA-like git branches as valid commits

Vendor: pip
Product: kas
Published: Jun 01, 2026
Source: GitHub

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function create_generic_name of the file /ShowForm/create_generic_name/main. The manipulation of the argument generic_name results in cross site scripting. The attack may be launched r...

Vendor: SourceCodester
Product: Pharmacy Sales and Inventory System
Published: Jun 01, 2026
Source: NVD

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function create_medicine_presentation of the file /ShowForm/create_medicine_presentation/main. The manipulation of the argument medicine_presentation leads to cross site scripting. The attack m...

Vendor: SourceCodester
Product: Pharmacy Sales and Inventory System
Published: Jun 01, 2026
Source: NVD

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function create_supplier of the file /ShowForm/create_supplier/main. Executing a manipulation of the argument company_name can lead to cross site scripting. The attack can be launched remot...

Vendor: SourceCodester
Product: Pharmacy Sales and Inventory System
Published: Jun 01, 2026
Source: NVD

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function create_medicine_name of the file /ShowForm/create_medicine_name/main. Performing a manipulation of the argument medicine_name results in cross site scripting. The at...

Vendor: SourceCodester
Product: Pharmacy Sales and Inventory System
Published: Jun 01, 2026
Source: NVD

Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's `str.lstrip()` to the requested path segment when verifying th...

Vendor: Apache Software Foundation
Product: Apache Airflow
Published: Jun 01, 2026
Source: NVD

The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other Da...

Vendor: Apache Software Foundation
Product: Apache Airflow
Published: Jun 01, 2026
Source: NVD

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be use...

Vendor: Mettle
Product: sendportal
Published: Jun 01, 2026
Source: NVD

A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read. The attack needs to ...

Product: Assimp
Published: Jun 01, 2026
Source: NVD