Total CVEs

143,749

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,515
Quick preset (or use dates below)
Clear Filters
Showing 1,281 - 1,300 of 143,749 CVEs

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-54637. Reason: This candidate is a duplicate of CVE-2026-54637. Notes: All CVE users should reference CVE-2026-54637 instead of this candidate.

Published: Jul 06, 2026
Source: NVD
CVE-2026-54234 HIGH - 7.5

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then converted ...

Vendor: vllm-project
Product: vllm
Published: Jul 06, 2026
Source: NVD
CVE-2026-48267 MEDIUM - 5.5

DNG SDK versions 1.7.1 2536 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires...

Vendor: Adobe
Product: DNG SDK
Published: Jul 06, 2026
Source: NVD

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and cred...

Vendor: FOSSBilling
Product: FOSSBilling
Published: Jul 06, 2026
Source: NVD

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the paymen...

Vendor: FOSSBilling
Product: FOSSBilling
Published: Jul 06, 2026
Source: NVD
CVE-2026-34038 CRITICAL - 9.9

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution and...

Vendor: coollabsio
Product: coolify
Published: Jul 06, 2026
Source: NVD

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a SQL injection vulnerability in the `Massmailer` module filter functionality. An authenticated administrator can supply crafted filter values when updating a mass email message, causing untrus...

Vendor: FOSSBilling
Product: FOSSBilling
Published: Jul 06, 2026
Source: NVD
CVE-2026-25271 HIGH - 7.8

Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2026-25268 HIGH - 8.8

Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2026-21384 MEDIUM - 5.3

Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2026-21383 HIGH - 7.1

Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2026-21379 HIGH - 7.8

Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2026-21370 MEDIUM - 5.3

Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2026-21369 MEDIUM - 5.3

Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2026-21368 MEDIUM - 5.3

Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2026-14471 HIGH - 8.1

Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in i...

Vendor: AWS
Product: MCP Gateway & Registry
Published: Jul 06, 2026
Source: NVD
CVE-2026-14468 HIGH - 7.7

HashiCorp Terraform Enterprise contained an issue in its version control system (VCS) ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in a...

Vendor: HashiCorp
Product: Terraform Enterprise
Published: Jul 06, 2026
Source: NVD
CVE-2025-59617 MEDIUM - 6.6

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2025-59616 MEDIUM - 6.6

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2025-59615 MEDIUM - 6.6

Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD