Total CVEs

145,438

Critical Severity

4,245

High Severity

15,631

Last 7 Days

2,408
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 4,781 - 4,800 of 41,843 CVEs
CVE-2026-58010 MEDIUM - 6.5

A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor inf...

Vendor: GNOME, Red Hat
Product: GLib, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images
Published: Jun 30, 2026
Source: NVD
CVE-2026-53433 HIGH - 7.5

fzf is vulnerable to a Denial of Service (DoS) due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity (O(n²)). A crafted POST request with many small segments can trigger excessi...

Vendor: fzf
Product: fzf
Published: Jun 30, 2026
Source: NVD
CVE-2026-53432 HIGH - 7.5

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a non-recoverab...

Vendor: fzf
Product: fzf
Published: Jun 30, 2026
Source: NVD
CVE-2026-4629 MEDIUM - 6.5

A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the `realm-admin` role into generated tokens, resu...

Vendor: redhat
Product: build_of_keycloak
Published: Jun 30, 2026
Source: NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Jun 30, 2026
Source: NVD
CVE-2026-44946 HIGH - 7.4

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,

Vendor: SUSE
Product: Rancher
Published: Jun 30, 2026
Source: NVD
CVE-2026-14209 MEDIUM - 4.3

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, an administrator who should only be able to search for users (but not view their full details) can ...

Vendor: Red Hat
Product: Red Hat Build of Keycloak, Red Hat JBoss Enterprise Application Platform Expansion Pack
Published: Jun 30, 2026
Source: NVD
CVE-2026-13474 HIGH - 7.5

Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler

Vendor: NetScaler
Product: ADC, Gateway
Published: Jun 30, 2026
Source: NVD
CVE-2026-12388 MEDIUM - 6.5

A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Ro...

Vendor: Red Hat
Product: Red Hat Build of Keycloak
Published: Jun 30, 2026
Source: NVD
CVE-2026-10817 HIGH - 7.5

Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler

Vendor: NetScaler
Product: ADC, Gateway
Published: Jun 30, 2026
Source: NVD
CVE-2026-10816 HIGH - 7.5

Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled

Vendor: NetScaler
Product: ADC, Gateway
Published: Jun 30, 2026
Source: NVD
CVE-2026-8402 CRITICAL - 9.8

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0.  NOTE: The vendor ...

Published: Jun 30, 2026
Source: NVD
CVE-2026-57082 MEDIUM - 5.9

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE (Message Stream Encryption) handshake derives its 160-bit Diffie-Hellman private key from Perl's rand(), a non-cryptographic drand48-class generator seeded once pe...

Vendor: SANKO
Product: Net::BitTorrent
Published: Jun 30, 2026
Source: NVD
CVE-2026-57081 HIGH - 7.5

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches capture...

Vendor: SANKO
Product: Net::BitTorrent
Published: Jun 30, 2026
Source: NVD
CVE-2026-57080 HIGH - 7.5

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix. The peer-wire framing in _process_messages trusts the 4-byte length prefix sent by a connected peer with no upper bound, while receive_data appends every inbound byte to t...

Vendor: SANKO
Product: Net::BitTorrent
Published: Jun 30, 2026
Source: NVD
CVE-2026-57079 MEDIUM - 5.3

Net::BitTorrent versions through 2.0.1 for Perl write files outside the download directory via path traversal in peer-supplied metadata. Net::BitTorrent validates file path components only on the .torrent-file ingest path. The peer and magnet metadata path (_on_metadata_received, reached from the B...

Vendor: SANKO
Product: Net::BitTorrent
Published: Jun 30, 2026
Source: NVD

Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials.

Vendor: Redeight
Product: Redeight CMS
Published: Jun 30, 2026
Source: NVD

An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST "/admin/index.php?module=pages&mode=FileAdd" endpoint. The application fails to validate file extensions and MIME types, permitting the upl...

Vendor: Redeight
Product: Redeight CMS
Published: Jun 30, 2026
Source: NVD

An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize user input and directly interpolates it into SQL queries without using prepared statements, which allow...

Vendor: Redeight
Product: Redeight CMS
Published: Jun 30, 2026
Source: NVD
CVE-2026-41053 HIGH - 8.8

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.

Vendor: SUSE
Product: Rancher
Published: Jun 30, 2026
Source: NVD