Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.4 MEDIUM
CVE-2026-5220 — Stored XSS in DivvyDrive Information Technologies' DivvyDrive

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyD…

Remote | Cross-Site Scripting
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
5.5 MEDIUM
CVE-2026-14330 — Pipewire: pulse server alloca stack overflow

Multiple unbounded alloca() calls in the PulseAudio protocol server.

enterprise_linux enterprise_linux | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
6.5 MEDIUM
CVE-2026-14324 — Pipewire: raop rtsp null deref

RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.

enterprise_linux enterprise_linux | Denial of Service
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
8.2 HIGH
CVE-2026-2891 — Poly Voice Devices (CCX, Trio, Edge E) – Potential Denial of Service

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potenti…

Remote | Denial of Service
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
4.3 MEDIUM
CVE-2026-5138 — Foreman: foreman: information disclosure via improper validation of nested request parame…

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller…

satellite satellite | Remote | Authorization
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
6.5 MEDIUM
CVE-2026-5135 — Foreman: foreman: unauthorized modification of host configurations via broken access cont…

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This i…

satellite satellite | Remote | Authorization
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
6.5 MEDIUM
CVE-2026-5142 — Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass

A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH (Secure Shell) keys from other organizations by dir…

satellite satellite | Remote | Authorization
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
6.4 MEDIUM
CVE-2026-12374 — Improper XPC caller certificate validation and TOCTOU race condition in macOS PrivilegedH…

Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated at…

cato_client | Race Condition
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.6 HIGH
CVE-2026-6688 — FatFs Buffer Overflow via Unbounded LFN Filename Copy

FatFs R0.16 and earlier contains a downstream-caller vulnerability pattern associated with FatFs long filename handling. With LFN enabled, fno.fname can be up to 255 characters; many callers copy it …

| Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.6 HIGH
CVE-2026-6687 — FatFs Stack Buffer Overflow via Uncapped exFAT Label Length

FatFs R0.16 and earlier contains a stack overflow bug in f_getlabel() because exFAT label length (XDIR_NumLabel) is trusted without enforcing spec maximums. This maps to CWE-121 (Stack-based Buffer O…

| Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
4.6 MEDIUM
CVE-2026-6686 — FatFs Use of Uninitialized Clusters After Seek Past EOF

FatFs R0.16 and earlier contains an uninitialized cluster exposure when f_lseek() extends files beyond EOF without zero-filling newly allocated clusters. This maps to CWE-908 (Use of Uninitialized Re…

| Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
9.1 CRITICAL
CVE-2026-23537 — Feast: unauthenticated arbitrary file write

A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Al…

openshift_ai | Remote | Path Traversal
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
6.1 MEDIUM
CVE-2026-6685 — FatFs Integer Underflow in Dirty-Sector Cache Flush

FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in f_read() / f_write() (fp->sect - sect < cc) during interleaved read/write on fragmented filesystems. This ma…

| Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.7 HIGH
CVE-2026-13602 — Session takeover vulnerability

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: * The payment integration plugins Str…

pretix | Remote | Authentication
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
4.6 MEDIUM
CVE-2026-6684 — FatFs Infinite Loop in GPT Partition Scan

FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTH_PtNum, enabling extremely long or effectively infinit…

| Denial of Service
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
4.6 MEDIUM
CVE-2026-6683 — FatFs Divide-by-Zero in exFAT Sync

FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync operations. This maps to CWE-369 (Divide By Zero). Est…

| Denial of Service
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.6 HIGH
CVE-2026-6682 — FatFs Integer Overflow in FAT32 Volume Mount

In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mount_volume() where fasize *= fs->n_fats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in do…

| Misconfiguration
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
9.8 CRITICAL
CVE-2026-57692 — WordPress PrivateContent plugin <= 9.9.2 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation. This issue affects PrivateContent: from n/a through 9.9.2.

privatecontent | Remote | Authorization
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NA
CVE-2026-53356 — drm/i915/gem: Fix phys BO pread/pwrite with offset

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix phys BO pread/pwrite with offset sg_page() returns struct page pointer not (void *) so the scaling of pread/pwr…

linux_kernel | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NA
CVE-2026-53355 — net: rds: clear i_sends on setup unwind

In the Linux kernel, the following vulnerability has been resolved: net: rds: clear i_sends on setup unwind The RDS IB connection teardown path is written so it can run during partial startup and o…

linux_kernel | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
Showing 20 of 7991 Results