Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-44436 — Quicly is vulnerable to connection state corruption

Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit 8b178e6, Quicly is vulnerable to a Denial of Service attack through connection st…

quicly | Remote | Denial of Service
Jul 16, 2026 Jul 17, 2026
Jul 16, 2026
Jul 17, 2026
7.5 HIGH
CVE-2026-44435 — Quicly: Remote Denial of Service via assertion failure when CRYPTO stream handshake data …

Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit 937d0e9, an assertion failure is raised when the total number of valid handshake …

quicly | Remote | Denial of Service
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
5.3 MEDIUM
CVE-2026-44434 — Quicly is vulnerable to stateless reset injection

Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit dccf5d4, Quicly was vulnerable to stateless reset injection through lack of packe…

quicly | Remote | Injection
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
5.3 MEDIUM
CVE-2026-44433 — Quicly is vulnerable to memory exhaustion

Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit 8b178e6, an adversarial peer could send a STREAM frame carrying just one byte at …

quicly | Remote | Denial of Service
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
10.0 CRITICAL
CVE-2026-44182 — Jupyter Enterprise Gateway Has Kubernetes Manifest Injection via Jinja2 Template Rendering

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions prior to 3.3.0, the server interpolates un…

Remote | Injection
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
10.0 CRITICAL
CVE-2026-44181 — Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection results in Rem…

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions 2.0.0rc2 and above, prior to 3.3.0, the en…

Remote | Injection
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
8.1 HIGH
CVE-2026-43978 — wger: Privilege escalation via trainer-login session chaining allows gym trainers to impe…

wger is a free, open-source workout and fitness manager. In versions prior to 2.6, a gym trainer can escalate their session to any higher-privileged account (gym manager, general manager) by chaining…

wger | Remote | Authentication
Jul 16, 2026 Jul 17, 2026
Jul 16, 2026
Jul 17, 2026
7.5 HIGH
CVE-2026-43977 — wger IDOR: Authenticated Users Can Read Others' Private Workout Session Data via Template…

wger is a free, open-source workout and fitness manager. In versions prior to 2.6, any authenticated user can read another user's private workout session notes, exercise history, and training statist…

wger | Remote | Authorization
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
1.7 LOW
CVE-2026-15997 — Native ARM SHA3 / SHAKE `restoreFullState` fails to detect size_t underflow in a crafted…

Out-of-bounds write vulnerability in Legion of the Bouncy Castle Inc. BC-LTS bcprov-lts8on on ARM allows Overflow Buffers. This vulnerability is associated with program files https://github.Com/bcg…

| Memory Corruption
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
4.6 MEDIUM
CVE-2026-62826 — Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
7.5 HIGH
CVE-2026-59117 — Windows Terminal Remote Code Execution Vulnerability

Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code over a network.

Jul 16, 2026 Jul 17, 2026
Jul 16, 2026
Jul 17, 2026
6.1 MEDIUM
CVE-2026-58643 — Windows Admin Center Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.

Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
7.0 HIGH
CVE-2026-58598 — Windows Backup Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Backup Engine allows an authorized attacker to elevate privileges locally.

Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
0.0 NA
CVE-2026-57077 — YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded new…

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newline_len. In the bundled libsyck newline_len and is_newline dereference the scan pointer, and…

| Memory Corruption
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
0.0 NA
CVE-2026-57076 — YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name r…

YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syck_hdlr_add_anchor. In the bundled libsyck an anchor name allocated by syc…

| Memory Corruption
Jul 16, 2026 Jul 17, 2026
Jul 16, 2026
Jul 17, 2026
0.0 NA
CVE-2026-57075 — YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lo…

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static ta…

| Memory Corruption
Jul 16, 2026 Jul 17, 2026
Jul 16, 2026
Jul 17, 2026
9.8 CRITICAL
CVE-2026-53412 — Zoom Workplace VDI Plugin for Windows - Improper Input Validation

Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via networ…

Remote | Authentication
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
7.8 HIGH
CVE-2026-53411 — Zoom Workplace VDI Plugin for Windows - Improper Input Validation

A time-of-check to time-of-use (TOCTOU) race condition in the installation and uninstallation process of certain Zoom Clients for Windows could allow an authenticated local user to escalate privilege…

| Race Condition
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
8.4 HIGH
CVE-2026-45368 — Kirby: Cross-site scripting (XSS) from links in KirbyTags and image blocks in the site fr…

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the underlying URL methods for the KirbyTags and image blocks components did not filter out malicious URL valu…

kirby | Remote | Cross-Site Scripting
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
5.3 MEDIUM
CVE-2026-45334 — Kirby: Content locks disclose IDs and emails of inaccessible users from `users.access/lis…

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the content-locking feature returned lock information without checking the requesting user's access permission…

kirby | Remote | Information Disclosure
Jul 16, 2026 Jul 16, 2026
Jul 16, 2026
Jul 16, 2026
Showing 20 of 7833 Results