Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,636
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 5,121 - 5,140 of 37,942 CVEs
CVE-2025-7018 MEDIUM - 5.5

Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64.

Published: Jun 12, 2026
Source: NVD
CVE-2025-7017 HIGH - 7.8

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.5...

Published: Jun 12, 2026
Source: NVD
CVE-2025-7011 HIGH - 7.8

Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on...

Published: Jun 12, 2026
Source: NVD
CVE-2025-7010 MEDIUM - 5.5

Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and ...

Published: Jun 12, 2026
Source: NVD
CVE-2025-7009 HIGH - 7.8

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on ...

Published: Jun 12, 2026
Source: NVD
CVE-2025-7008 HIGH - 7.8

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Bus...

Published: Jun 12, 2026
Source: NVD
CVE-2025-7006 MEDIUM - 5.5

Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux f...

Published: Jun 12, 2026
Source: NVD
CVE-2025-7005 MEDIUM - 5.5

Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus...

Published: Jun 12, 2026
Source: NVD
CVE-2025-7004 HIGH - 7.8

Heap buffer out-of-bounds write vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on...

Published: Jun 12, 2026
Source: NVD
CVE-2025-7003 HIGH - 7.8

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56.

Published: Jun 12, 2026
Source: NVD
CVE-2025-7002 HIGH - 7.8

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68.

Published: Jun 12, 2026
Source: NVD

Rejected reason: This candidate was issued in error.

Published: Jun 12, 2026
Source: NVD
CVE-2026-54091 HIGH - 7.5

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths...

Vendor: go
Product: github.com/filebrowser/filebrowser/v2
Published: Jun 12, 2026
Source: GitHub

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for backslash...

Vendor: go
Product: github.com/filebrowser/filebrowser/v2
Published: Jun 12, 2026
Source: GitHub
CVE-2026-54094 MEDIUM - 6.8

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a scope...

Vendor: go
Product: github.com/filebrowser/filebrowser/v2
Published: Jun 12, 2026
Source: GitHub
CVE-2026-54092 HIGH - 6.5

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testin...

Vendor: go
Product: github.com/filebrowser/filebrowser/v2
Published: Jun 12, 2026
Source: GitHub

A vulnerability in MISPโ€™s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an eventโ€™s sharing_group_id to a sharing group they were not authorized to use. When distribution was set to sharing group distribution, the n...

Vendor: misp
Product: misp
Published: Jun 12, 2026
Source: NVD

An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the attacker-controlled AuthKey.user_id value from the submitted request data. An authenticated user with permis...

Vendor: misp
Product: misp
Published: Jun 12, 2026
Source: NVD

MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML escaping inside a single-quoted JavaScript string. Because browsers HTML-decode attribute values before JavaScript parsing, a craf...

Vendor: misp
Product: misp
Published: Jun 12, 2026
Source: NVD

MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/ directo...

Vendor: misp
Product: misp
Published: Jun 12, 2026
Source: NVD