Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.8 HIGH
CVE-2026-7570 — Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault…

netvault_backup | Injection
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-7569 — Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability

Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVa…

netvault_backup | Authentication
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-40079 — Cacti: Command Injection via escape_command() no-op in RRDtool execution

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function. The esc…

cacti | Remote | Injection
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-39951 — Cacti: Stored SQL Injection via graph_name_regexp in Reports feature

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue ha…

cacti | Remote | Injection
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
5.5 MEDIUM
CVE-2025-60473 — GPAC MP4Box NULL Pointer Dereference Denial of Service

A NULL pointer dereference in the gf_filter_in_parent_chain function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplyin…

gpac | Memory Corruption
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
5.0 MEDIUM
CVE-2025-60466 — GPAC Project/MP4Box Use-After-Free Denial of Service

A use-after-free in the gf_filter_pid_get_packet function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted…

gpac | Memory Corruption
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
9.8 CRITICAL
CVE-2026-39955 — Cacti has Pre-Authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in grap…

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue…

cacti | Remote | Injection
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-39948 — Cacti has SQL Injection via rfilter parameter in RLIKE clauses

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv() (rather than gfrv() with FILTER…

cacti | Remote | Injection
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-39938 — Cacti: Unauthenticated RCE on Graph Image

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been…

cacti | Remote | Path Traversal
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
6.1 MEDIUM
CVE-2026-39900 — Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the auth_profile.php JavaScript context. This issue …

cacti | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
6.9 MEDIUM
CVE-2026-39899 — Cacti: Path Traversal via filename parameter in package_import.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been fixed …

cacti | Remote | Path Traversal
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
7.5 HIGH
CVE-2025-60474 — GPAC MP4Box Buffer Overflow Denial of Service

A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.

gpac | Remote | Memory Corruption
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
7.5 HIGH
CVE-2025-60467 — GPAC MP4Box Use-After-Free Denial-of-Service

A use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplyin…

gpac | Remote | Memory Corruption
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
7.2 HIGH
CVE-2026-9779 — ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remot…

ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affect…

unizon | Cryptography
Jun 24, 2026 Jun 27, 2026
Jun 24, 2026
Jun 27, 2026
7.2 HIGH
CVE-2026-9778 — ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability

ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Au…

unizon | Path Traversal
Jun 24, 2026 Jun 27, 2026
Jun 24, 2026
Jun 27, 2026
7.2 HIGH
CVE-2026-9777 — ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability

ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentic…

unizon | Path Traversal
Jun 24, 2026 Jun 27, 2026
Jun 24, 2026
Jun 27, 2026
7.5 HIGH
CVE-2026-9776 — ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vul…

ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installat…

unizon | Path Traversal
Jun 24, 2026 Jun 27, 2026
Jun 24, 2026
Jun 27, 2026
6.5 MEDIUM
CVE-2026-9775 — ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability

ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authent…

unizon | Remote | Path Traversal
Jun 24, 2026 Jun 27, 2026
Jun 24, 2026
Jun 27, 2026
6.5 MEDIUM
CVE-2026-9774 — ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability

ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Aut…

unizon | Remote | Path Traversal
Jun 24, 2026 Jun 27, 2026
Jun 24, 2026
Jun 27, 2026
8.8 HIGH
CVE-2026-9773 — Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability

Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authenti…

unraid | Injection
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
Showing 20 of 7970 Results