Total CVEs

145,959

Critical Severity

4,294

High Severity

15,797

Last 7 Days

2,215
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 6,301 - 6,320 of 42,364 CVEs
CVE-2026-54821 HIGH - 7.4

Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.

Vendor: Bootstrapped Ventures
Product: Visual Link Preview
Published: Jun 25, 2026
Source: NVD
CVE-2026-52690 MEDIUM - 5.9

Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail.

Vendor: PowerDNS
Product: Recursor
Published: Jun 25, 2026
Source: NVD
CVE-2026-4526 MEDIUM - 6.5

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed.

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-49506 HIGH - 7.2

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.

Vendor: Dell
Product: Wyse Management Suite
Published: Jun 25, 2026
Source: NVD
CVE-2026-47154 MEDIUM - 6.5

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. ...

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-47153 MEDIUM - 6.5

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-47152 MEDIUM - 6.5

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-47151 HIGH - 7.1

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock cl...

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-47150 HIGH - 7.1

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the IA...

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-47149 MEDIUM - 6.5

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices ...

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-47148 MEDIUM - 6.5

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Onl...

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-47147 HIGH - 7.1

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the network...

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-47146 MEDIUM - 6.5

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted.

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-47145 MEDIUM - 6.5

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted.

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-46734 HIGH - 7.3

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

Vendor: Dell
Product: Display and Peripheral Manager
Published: Jun 25, 2026
Source: NVD
CVE-2026-46733 HIGH - 7.8

Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Vendor: Dell
Product: Display and Peripheral Manager
Published: Jun 25, 2026
Source: NVD
CVE-2026-46732 MEDIUM - 6.7

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to E...

Vendor: Dell
Product: Display and Peripheral Manager
Published: Jun 25, 2026
Source: NVD
CVE-2026-42390 MEDIUM - 5.3

An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation.

Vendor: PowerDNS
Product: Recursor
Published: Jun 25, 2026
Source: NVD
CVE-2026-42389 MEDIUM - 5.3

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers.

Vendor: PowerDNS
Product: Recursor
Published: Jun 25, 2026
Source: NVD
CVE-2026-42388 MEDIUM - 5.9

Incomplete validation of the SOA record present in a catalog zone might lead to a crash.

Vendor: PowerDNS
Product: Recursor
Published: Jun 25, 2026
Source: NVD