Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-46602 — Lack of limit on tile sizes in x/image/tiff in golang.org/x/image

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption.

tiff | Remote | Denial of Service
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-46601 — Panic on VP8 alpha channel size mismatch in x/image/webp in golang.org/x/image

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size.

image | Remote | Denial of Service
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-37454 — MSI NBFoundation Service Insecure Permissions

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption

Remote | Cryptography
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-37453 — MSI NBFoundation Service Insecure Permissions Vulnerability

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSI_SERVICE_2 pipe

Remote | Information Disclosure
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.7 HIGH
CVE-2026-37149 — Grocery Store Management System PHP SQL Injection

GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/search_products.php. This vulnerability …

| Injection
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
4.2 MEDIUM
CVE-2026-2299 — Improper Access Control in Mattermost Google Drive Plugin File Creation Endpoint

The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Googl…

Remote | Authorization
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-12340 — Out-of-bounds heap read in SM2/SM3 certificate Subject Key Identifier computation

Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of …

wolfssl | Remote | Memory Corruption
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.7 HIGH
CVE-2026-11310 — X.509 trust-chain bypass in wolfSSL_X509_verify_cert() via untrusted intermediate anchori…

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra (OPENSSL_EXTRA) and whose application vali…

wolfssl | Remote | Authentication
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
6.3 MEDIUM
CVE-2026-10592 — Wildcard DNS SAN bypasses CA name-constraint checks

Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS n…

wolfssl | Remote | Misconfiguration
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-10512 — X25519 x86_64 assembly final reduction leaves non-canonical field element

The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19…

wolfssl | Remote | Cryptography
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.3 HIGH
CVE-2026-10097 — ML-KEM-1024 x64 AVX2 incomplete cipher text comparison enables IND-CCA2 break and static …

wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertex…

wolfssl | Remote | Cryptography
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
6.1 MEDIUM
CVE-2025-60465 — GPAC MP4Box Use-After-Free Denial-of-Service

A use-after-free in the gf_filter_pid_inst_swap function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted …

gpac | Memory Corruption
Jun 25, 2026 Jun 30, 2026
Jun 25, 2026
Jun 30, 2026
7.8 HIGH
CVE-2025-60464 — GPAC MP4Box Use-After-Free

A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafte…

gpac | Memory Corruption
Jun 25, 2026 Jun 30, 2026
Jun 25, 2026
Jun 30, 2026
10.0 CRITICAL
CVE-2026-57700 — WordPress OMGF Pro plugin <= 5.2.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6.

Remote | Misconfiguration
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
7.3 HIGH
CVE-2026-56790 — CANBoat - Off-by-One Global Buffer Overflow in searchForPgn()

CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function in analyzer/pgn.c that allows remote attackers to crash the application. At…

| Memory Corruption
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-56789 — RTKLIB 2.4.3 - Heap Buffer Overflow and Stack Read via Oversized RINEX Epoch Satellite Co…

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count va…

rtklib | Remote | Memory Corruption
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-56788 — RTKLIB 2.4.3 - Out-of-bounds Read via Negative Array Index in getcodepri

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted…

rtklib | Denial of Service
Jun 25, 2026 Jun 27, 2026
Jun 25, 2026
Jun 27, 2026
7.5 HIGH
CVE-2026-56787 — RTKLIB 2.4.3 - Off-by-One Out-of-Bounds Read in decode_ssr3 via RTCM3 SSR Message

RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via craft…

rtklib | Remote | Memory Corruption
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-56786 — RTKLIB 2.4.3 - Out-of-bounds Write in decode_type1033 via Crafted RTCM3 Message

RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fi…

rtklib | Remote | Memory Corruption
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
6.4 MEDIUM
CVE-2026-56779 — MaxKB < 2.10.0 - Server-Side Request Forgery via downloadCallbackUrl and download_url Par…

MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidat…

maxkb | Remote | Server-Side Request Forgery
Jun 25, 2026 Jun 30, 2026
Jun 25, 2026
Jun 30, 2026
Showing 20 of 7989 Results