Total CVEs

145,992

Critical Severity

4,294

High Severity

15,807

Last 7 Days

2,239
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 6,341 - 6,360 of 42,397 CVEs
CVE-2026-47151 HIGH - 7.1

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock cl...

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-47150 HIGH - 7.1

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the IA...

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-47149 MEDIUM - 6.5

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices ...

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-47148 MEDIUM - 6.5

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Onl...

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-47147 HIGH - 7.1

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the network...

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-47146 MEDIUM - 6.5

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted.

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-47145 MEDIUM - 6.5

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted.

Vendor: silabs
Product: emberznet
Published: Jun 25, 2026
Source: NVD
CVE-2026-46734 HIGH - 7.3

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

Vendor: Dell
Product: Display and Peripheral Manager
Published: Jun 25, 2026
Source: NVD
CVE-2026-46733 HIGH - 7.8

Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Vendor: Dell
Product: Display and Peripheral Manager
Published: Jun 25, 2026
Source: NVD
CVE-2026-46732 MEDIUM - 6.7

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to E...

Vendor: Dell
Product: Display and Peripheral Manager
Published: Jun 25, 2026
Source: NVD
CVE-2026-42390 MEDIUM - 5.3

An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation.

Vendor: PowerDNS
Product: Recursor
Published: Jun 25, 2026
Source: NVD
CVE-2026-42389 MEDIUM - 5.3

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers.

Vendor: PowerDNS
Product: Recursor
Published: Jun 25, 2026
Source: NVD
CVE-2026-42388 MEDIUM - 5.9

Incomplete validation of the SOA record present in a catalog zone might lead to a crash.

Vendor: PowerDNS
Product: Recursor
Published: Jun 25, 2026
Source: NVD
CVE-2026-42387 MEDIUM - 5.9

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation.

Vendor: PowerDNS
Product: Recursor
Published: Jun 25, 2026
Source: NVD
CVE-2026-41120 CRITICAL - 9.8

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.

Vendor: Dell
Product: Wyse Management Suite
Published: Jun 25, 2026
Source: NVD
CVE-2026-40012 MEDIUM - 5.3

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;

Vendor: PowerDNS
Product: Recursor
Published: Jun 25, 2026
Source: NVD

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys

Published: Jun 25, 2026
Source: NVD
CVE-2026-27366 HIGH - 7.5

Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions.

Vendor: MainWP
Product: MainWP Child
Published: Jun 25, 2026
Source: NVD

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2 chall...

Vendor: Devolutions
Product: Server
Published: Jun 25, 2026
Source: NVD

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.

Vendor: PowerDNS
Product: DNSdist
Published: Jun 25, 2026
Source: NVD