Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.8 MEDIUM
CVE-2026-54250 — K3s: ZIP Archive Path Traversal Vulnerability in etcd Snapshot Decompression

K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functi…

k3s | Path Traversal
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.2 HIGH
CVE-2026-54097 — File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in D…

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebr…

filebrowser | Remote | Authorization
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.4 HIGH
CVE-2026-54096 — File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-exist…

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.7, `POST /api/share/<path>` accepts an authentic…

filebrowser | Misconfiguration
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.5 HIGH
CVE-2026-54094 — File Browser: Symlink following lets scoped users read, overwrite, and share files outsid…

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from…

filebrowser | Remote | Path Traversal
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
6.8 MEDIUM
CVE-2026-54093 — File Browser: Path traversal in download-as-zip/tar via Windows-style backslash separator…

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / down…

filebrowser | Path Traversal
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
6.5 MEDIUM
CVE-2026-54092 — File Browser: DoS Vulnerability on Public Login API

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, unchecked passwords maximums allow for an arb…

filebrowser | Remote | Denial of Service
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54091 — File Browser: Incorrect access control in public directory shares via rule path rebasing

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, File Browser's public share handlers rebase t…

filebrowser | Remote | Path Traversal
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.7 HIGH
CVE-2026-54090 — File Browser: Command Allowlist Bypass via Shell Metacharacter Injection

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured (e.g. …

filebrowser | Remote | Injection
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
9.1 CRITICAL
CVE-2026-54089 — File Browser: Authentication Bypass via Proxy Auth Header Forgery

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with …

filebrowser | Remote | Authentication
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
9.3 CRITICAL
CVE-2026-54088 — File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentic…

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Brows…

filebrowser | Remote | Injection
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.8 HIGH
CVE-2026-53925 — Glances: Arbitrary file write and command execution via `secure_popen` redirection and ch…

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interprets > (file redirection), | (pipe), and && (command ch…

glances | Injection
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
9.8 CRITICAL
CVE-2026-50549 — Cursor Desktop sandbox escape via symlink and failed path canonicalization

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it…

cursor | Remote | Path Traversal
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-50548 — Cursor Desktop sandbox escape via agent-controlled working directory

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working director…

cursor | Remote | Misconfiguration
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-4930 — DPA Countermeasures weakening on Series 3 devices

SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing). DPA Countermeasures …

Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
5.3 MEDIUM
CVE-2026-46611 — Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP Host header, leav…

glances | Remote | Misconfiguration
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.4 HIGH
CVE-2026-46608 — Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incompl…

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s) introduced a configurable CORS origin list in version 4.5.3 as a mitigation fo…

glances | Remote | Misconfiguration
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.8 HIGH
CVE-2026-46607 — Glances: Insecure Pickle Deserialization in Version Cache Leads to Arbitrary Code Executi…

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible pa…

glances | Information Disclosure
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.8 HIGH
CVE-2026-46606 — Glances: Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/vi…

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly fr…

glances | Injection
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
5.3 MEDIUM
CVE-2026-28898 — swift-nio-http2 HTTP/2 to HTTP/1.1 Codec Control Character Header Injection

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validatio…

swiftnio_http\/2 | Remote | Misconfiguration
Jun 25, 2026 Jun 30, 2026
Jun 25, 2026
Jun 30, 2026
8.4 HIGH
CVE-2026-12921 — Use after free in AzeoTech DAQFactory

In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.

daqfactory | Memory Corruption
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Showing 20 of 7970 Results