Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-52948 — i2c: dev: prevent integer overflow in I2C_TIMEOUT ioctl

In the Linux kernel, the following vulnerability has been resolved: i2c: dev: prevent integer overflow in I2C_TIMEOUT ioctl While fuzzing with Syzkaller, a persistent `schedule_timeout: wrong timeo…

linux_kernel | Denial of Service
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
7.8 HIGH
CVE-2026-52947 — net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove In qrtr_port_remove(), the socket reference count is dec…

linux_kernel | Race Condition
Jun 24, 2026 Jun 28, 2026
Jun 24, 2026
Jun 28, 2026
7.5 HIGH
CVE-2026-52946 — fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling

In the Linux kernel, the following vulnerability has been resolved: fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock can occur in sen…

linux_kernel | Remote | Race Condition
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-52945 — Revert "wireguard: device: enable threaded NAPI"

In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9…

linux_kernel | Remote | Race Condition
Jun 24, 2026 Jul 02, 2026
Jun 24, 2026
Jul 02, 2026
8.8 HIGH
CVE-2026-13164 — Unauthenticated self-registration in MailerUp allows access to stored email data

Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp <1.0.1 allows a remote, unauthenticated attacker …

mailerup | Remote | Authentication
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
9.8 CRITICAL
CVE-2026-56121 — Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the re…

Remote | Injection
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
9.1 CRITICAL
CVE-2026-56111 — Marlin Firmware 2.1.2.7 Out-of-Bounds Write via M421 G-code Handler

Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH_BED_LEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to …

Remote | Memory Corruption
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
7.7 HIGH
CVE-2026-55488 — motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

motionEye (mEye) is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path travers…

motioneye | Remote | Path Traversal
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.8 MEDIUM
CVE-2026-50712 — Frappe Framework 17.0.0-dev - Stored XSS in Tree View node label rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.6 MEDIUM
CVE-2026-50711 — Frappe Framework 17.0.0-dev - Stored XSS in Number Card filter fields rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.6 MEDIUM
CVE-2026-50710 — Frappe Framework 17.0.0-dev - Stored XSS via eval in Number Card filters_config

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.8 MEDIUM
CVE-2026-50709 — Frappe Framework 17.0.0-dev - Stored XSS in Notifications Events color rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications > Events panel.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.8 MEDIUM
CVE-2026-50708 — Frappe Framework 17.0.0-dev - Stored XSS in Multi Select Dialog result rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.6 MEDIUM
CVE-2026-50705 — Frappe Framework 17.0.0-dev - Stored XSS in Form Dashboard headline rendering

A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.6 MEDIUM
CVE-2026-50704 — Frappe Framework 17.0.0-dev - Reflected/Stored XSS in File View breadcrumbs rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.8 MEDIUM
CVE-2026-50703 — Frappe Framework 17.0.0-dev - Stored XSS in Desktop Icon label rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
5.1 MEDIUM
CVE-2026-50701 — Frappe Framework 17.0.0-dev - Reflected DOM XSS in dashboard-view breadcrumb rendering

A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.6 MEDIUM
CVE-2026-50700 — Frappe Framework 17.0.0-dev - Stored XSS in frappe.get_avatar image rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.get_avatar function.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.6 HIGH
CVE-2026-49269 — Apple Silicon GPU Information Disclosure

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by…

Remote | Information Disclosure
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.6 MEDIUM
CVE-2026-50699 — Frappe Framework 17.0.0-dev - Stored XSS in Auto Repeat dashboard schedule rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in reference_do…

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
Showing 20 of 7941 Results