Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields (e.g., title, description) that are rendered…
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose to…
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring dat…
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file (glances.conf) via self.confi…
A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions…
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to incon…
Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and …
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5. This is due to insufficie…
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This …
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited c…
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks confidential information in metadata, and files such as information on contributo…
Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file.
External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.