Latest CVEs

Real-time Sync

Monitoring global CVE publications.

Live Feed
Page 1 of 366
Database: 7318 Entries
🔥 CISA KEV Only 🚨 Critical Only ⚡ RCE Threat 💣 PoC Available
2.2
CVSS

CVE-2026-50266

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set device_owner to a value that has "network:" at the beginning ("network:dhcp" for example). The default port RBAC policies incorrectly included PROJECT_MANAGER without requiring network ownership, allowing any project manager to obtain trusted network-service port behavior on shared networks. Depending on backend and deployment, this can bypass anti-spoofing and security group protections, enabling DHCP, MAC, or IP spoofing against other tenants on the shared network. This is a regression of CVE-2015-5240 (OSSA-2015-018).

EPSS: 0.00%
Type: Other
0.0
CVSS

CVE-2026-50076

#RCE
PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-50076

Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via crafted Fory serialized data. Users are recommended to upgrade to version 1.1.0 or later, which fixes this issue.

EPSS: 0.00%
Type: RCE
0.0
CVSS

CVE-2026-49942

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-49942

Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One (U+0661), or non-digits, which were ignored. This could allow network masks to accept larger networks. Leading zeros were also accepted, but treated as decimal instead of octal. This could lead to confusion about what networks are acceptable.

EPSS: 0.00%
Type: Other
0.0
CVSS

CVE-2026-49941

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-49941

Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit netmask. If the argument was not a well-formed IP address, then this would lead to indefinite recursion. An attacker could use this to cause a denial of service.

EPSS: 0.00%
Type: DoS
0.0
CVSS

CVE-2026-49940

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-49940

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks.

EPSS: 0.00%
Type: Other
0.0
CVSS

CVE-2026-46741

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-46741

Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an unreleased version with the gauge and set methods that also do not check for potential metric injections.

EPSS: 0.00%
Type: Other
0.0
CVSS

CVE-2026-46739

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-46739

Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The update_stats (used for updating counters) and gauge methods do not check that values are numeric (which would block metric injection).

EPSS: 0.00%
Type: Other
9.8
CVSS

CVE-2025-67446

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2025-67446

Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value (e.g., setting it to "admin"), an attacker can bypass the authentication schema and gain unauthorized access to admin functionalities.

EPSS: 0.00%
Type: Auth Bypass
6.9
CVSS

CVE-2026-7774

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-7774

tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.

EPSS: 0.00%
Type: Arbitrary File Access
8.8
CVSS

CVE-2026-5228

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-5228

Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WriteUp Mobile App: from 1.3.0 through 04062026.

EPSS: 0.00%
Type: Other
2.1
CVSS

CVE-2026-45287

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-45287

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on each successful `ParseFile` call. `ParseFile` opens the schema file and passes it to `Parse` without closing it; repeated parsing in a long-running process can exhaust the process file descriptor limit and cause denial of service. Exploitation depends on a consuming application exposing repeated schema parsing to an attacker-controlled path. Version 0.0.17 contains a patch for the issue.

EPSS: 0.00%
Type: DoS
0.0
CVSS

CVE-2026-44393

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-44393

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When ssl_ca_file is configured, the driver enables certificate chain validation but does not pass the expected broker hostname into the underlying TLS stack. Any certificate signed by the deployment CA is accepted regardless of hostname, allowing an attacker who can intercept control-plane traffic to impersonate the RabbitMQ broker and perform a man-in-the-middle attack on RPC and notification traffic. All OpenStack services using oslo.messaging with RabbitMQ over TLS are affected.

EPSS: 0.00%
Type: Other
9.9
CVSS

CVE-2026-43986

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-43986

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public `/image/<hash>` route that resolves attacker-controlled entries from `image_hash_lookup` and replays them through the same server-side image fetch logic used by authenticated image proxying. A low-privilege guest user can seed a malicious external image URL into this lookup table and then trigger server-side fetches through a fully unauthenticated endpoint. This turns an authenticated SSRF primitive into a persistent unauthenticated SSRF gadget. Once the malicious hash entry exists, any external user can request `/image/<hash>.png` and cause the PMS or Tautulli host to fetch an arbitrary attacker-chosen URL. Version 2.17.1 patches the issue.

EPSS: 0.00%
Type: SSRF
8.8
CVSS

CVE-2026-43985

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-43985

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `configUpdate` as a state-changing administrator endpoint, but the route does not enforce `POST` and does not use any anti-CSRF token. In the default form and JWT-based authentication mode, the administrator session cookie is issued with `SameSite=Lax`, which still permits top-level cross-site navigation requests. An attacker can exploit this by luring a logged-in administrator to a malicious page that submits a cross-site request to `/configUpdate` and overwrites the local administrator username and password. The attacker can then sign in directly with the chosen credentials and take over the Tautulli administrative interface. Version 2.17.1 patches the issue.

EPSS: 0.00%
Type: Arbitrary File Access
8.9
CVSS

CVE-2026-43984

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-43984

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `log_js_errors` to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The administrator-only `logFile` view then reads that log file and embeds it into an HTML response without escaping. This creates a stored cross-site scripting condition where a low-privilege guest can inject HTML or JavaScript into the log file and have it execute in an administrator's browser when the log viewer is opened. Version 2.17.1 patches the issue.

EPSS: 0.00%
Type: XSS
5.3
CVSS

CVE-2026-41178

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-41178

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue.

EPSS: 0.00%
Type: DoS
5.4
CVSS

CVE-2026-40930

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-40930

LIBPNG is a reference library for use in applications that process PNG (Portable Network Graphics) raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing attacker-controlled bytes inside an ignored ancillary chunk to be reinterpreted as a fresh chunk header on the next call to `png_process_data`. Commit faf06924688b62d7c1654b5ceddedbde66ffadb4 fixes the issue.

EPSS: 0.00%
Type: Other
0.0
CVSS

CVE-2026-38570

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-38570

bacnet_stack 1.3.1 contains an Out-of-bounds Read in bacnet_tag_number_decode which allows attackers to cause a denial of service.

EPSS: 0.00%
Type: DoS
0.0
CVSS

CVE-2026-36182

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-36182

GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.

EPSS: 0.00%
Type: Other
9.0
CVSS

CVE-2026-10868

PUBLISHED Jun 04, 2026
MODIFIED Jun 04, 2026

CVE-2026-10868

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit(). When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could craft a modified request containing another user identifier, potentially causing updates to be applied to an unintended user account. Depending on the editable fields and the attacker’s privileges, this could allow unauthorized modification of user account attributes and impact account integrity. The issue was addressed by explicitly removing the User.id field from request data before processing the user edit operation.

EPSS: 0.00%
Type: Auth Bypass