Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.1 HIGH
CVE-2026-35210 — OpenCTI: Authorization Bypass via `synchronized-upsert` HTTP Header Injection

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated use…

Remote | Authorization
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
5.5 MEDIUM
CVE-2026-15174 — Heap-based Buffer Overflow in Wireshark

Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

| Denial of Service
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
4.7 MEDIUM
CVE-2026-15173 — Heap-based Buffer Overflow in Wireshark

pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service

| Denial of Service
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
5.5 MEDIUM
CVE-2026-15172 — Unchecked Input for Loop Condition in Wireshark

FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

| Denial of Service
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
5.5 MEDIUM
CVE-2026-15171 — NULL Pointer Dereference in Wireshark

SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

| Denial of Service
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
5.5 MEDIUM
CVE-2026-15170 — Heap-based Buffer Overflow in Wireshark

Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

| Denial of Service
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
5.5 MEDIUM
CVE-2026-15169 — Heap-based Buffer Overflow in Wireshark

UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

| Denial of Service
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
7.5 HIGH
CVE-2026-15167 — Stack-based Buffer Overflow in Wireshark

DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

Remote | Denial of Service
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
5.5 MEDIUM
CVE-2026-15166 — Stack-based Buffer Overflow in Wireshark

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

| Denial of Service
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
5.5 MEDIUM
CVE-2026-15165 — Heap-based Buffer Overflow in Wireshark

TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service

| Denial of Service
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
5.5 MEDIUM
CVE-2026-15164 — Heap-based Buffer Overflow in ciscodump

Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

| Denial of Service
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
5.5 MEDIUM
CVE-2026-15163 — Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark

Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service

| Denial of Service
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
4.2 MEDIUM
CVE-2026-14896 — Nomad vulnerable to cross-namespace host volume claim deletion

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission …

nomad | Authorization
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
7.3 HIGH
CVE-2026-13320 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in G…

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenti…

Remote | Cross-Site Scripting
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
2.7 LOW
CVE-2026-13151 — Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authentica…

Remote | Authorization
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
4.9 MEDIUM
CVE-2026-11827 — Insufficiently Protected Credentials in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticate…

Remote | Authorization
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
7.2 HIGH
CVE-2026-0288 — PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent

Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a de…

pan-os prisma_access pan-os prisma_access prisma_access pan-os +1 more | Remote | Memory Corruption
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
3.5 LOW
CVE-2025-12506 — Use of Incorrectly-Resolved Name or Reference in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenti…

Remote | Misconfiguration
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
0.0 NA
CVE-2026-55830 — RestrictedPython guard hooks can be shadowed via positional-only arguments

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, check_function_argument_names() rejec…

| Authorization
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
0.0 NA
CVE-2026-48492 — Snipe-IT's selectlist visibility is too permissive

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/{object}/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - reg…

| Authorization
Jul 08, 2026 Jul 08, 2026
Jul 08, 2026
Jul 08, 2026
Showing 20 of 7787 Results