Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.8 HIGH
CVE-2026-24240 — NVIDIA Megatron Bridge: Deserialization Vulnerability

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, esc…

Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
0.0 NONE
CVE-2026-13707 — Session fixation attacks on improperly configured OAuth 1.0a tools

Session fixation vulnerability in Wikimedia Foundation OAuth. This vulnerability is associated with program files src/Backend/MWOAuthServer.Php. This issue affects OAuth: from * through 1.46.0, …

Remote | Authentication
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NONE
CVE-2026-13706 — UrlShortener extension url validation can be bypassed due to difference between php url p…

Improper input validation vulnerability in Wikimedia Foundation UrlShortener. This vulnerability is associated with program files includes/UrlShortenerUtils.Php.

Remote | Injection
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
9.0 CRITICAL
CVE-2025-23351 — NVIDIA ConnectX/BlueField Arbitrary Code Execution via Out-of-Bounds Write

NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful expl…

| Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
9.0 CRITICAL
CVE-2025-23350 — NVIDIA ConnectX/BlueField VF Arbitrary Code Execution

NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful expl…

| Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
9.8 CRITICAL
CVE-2025-15646 — HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion

HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion. Support for the <template> element was added to libgumbo 0.10.0 in 2015, but the walk_tree function in lib/HTML/Gum…

Remote | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
7.6 HIGH
CVE-2026-6688 — FatFs Buffer Overflow via Unbounded LFN Filename Copy

FatFs R0.16 and earlier contains a downstream-caller vulnerability pattern associated with FatFs long filename handling. With LFN enabled, fno.fname can be up to 255 characters; many callers copy it …

fatfs | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
7.6 HIGH
CVE-2026-6687 — FatFs Stack Buffer Overflow via Uncapped exFAT Label Length

FatFs R0.16 and earlier contains a stack overflow bug in f_getlabel() because exFAT label length (XDIR_NumLabel) is trusted without enforcing spec maximums. This maps to CWE-121 (Stack-based Buffer O…

fatfs | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
4.6 MEDIUM
CVE-2026-6686 — FatFs Use of Uninitialized Clusters After Seek Past EOF

FatFs R0.16 and earlier contains an uninitialized cluster exposure when f_lseek() extends files beyond EOF without zero-filling newly allocated clusters. This maps to CWE-908 (Use of Uninitialized Re…

fatfs | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
6.1 MEDIUM
CVE-2026-6685 — FatFs Integer Underflow in Dirty-Sector Cache Flush

FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in f_read() / f_write() (fp->sect - sect < cc) during interleaved read/write on fragmented filesystems. This ma…

fatfs | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
4.6 MEDIUM
CVE-2026-6684 — FatFs Infinite Loop in GPT Partition Scan

FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTH_PtNum, enabling extremely long or effectively infinit…

fatfs | Denial of Service
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
4.6 MEDIUM
CVE-2026-6683 — FatFs Divide-by-Zero in exFAT Sync

FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync operations. This maps to CWE-369 (Divide By Zero). Est…

fatfs | Denial of Service
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
7.6 HIGH
CVE-2026-6682 — FatFs Integer Overflow in FAT32 Volume Mount

In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mount_volume() where fasize *= fs->n_fats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in do…

fatfs | Misconfiguration
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
5.4 MEDIUM
CVE-2026-6283 — Stored XSS in DivvyDrive Information Technologies' DivvyDrive

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyD…

Remote | Cross-Site Scripting
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
6.4 MEDIUM
CVE-2026-5220 — Stored XSS in DivvyDrive Information Technologies' DivvyDrive

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyD…

Remote | Cross-Site Scripting
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
6.5 MEDIUM
CVE-2026-5142 — Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass

A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH (Secure Shell) keys from other organizations by dir…

satellite satellite | Remote | Authorization
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
4.3 MEDIUM
CVE-2026-5138 — Foreman: foreman: information disclosure via improper validation of nested request parame…

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller…

satellite satellite | Remote | Authorization
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
6.5 MEDIUM
CVE-2026-5135 — Foreman: foreman: unauthorized modification of host configurations via broken access cont…

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This i…

satellite satellite | Remote | Authorization
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
8.7 HIGH
CVE-2026-58399 — @acastellon/auth has an authentication bypass via spoofable headers in validateToken()

@acastellon/auth is an authentication control system for microservices. Versions prior to 2.3.0 appear to allow an unauthenticated authentication bypass in validateToken() through spoofable auth-user…

Remote | Authentication
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
0.0 NONE
CVE-2026-58035 — Stored XSS through a system message in the codex version of Special:Block

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files reso…

mediawiki | Remote | Cross-Site Scripting
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
Showing 20 of 7887 Results