Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.6 HIGH
CVE-2026-41234 — Froxlor: BIND Zone File Injection via TXT Record Content

Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline characters in TXT record content. An authenticated customer…

froxlor | Remote | Injection
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
7.5 HIGH
CVE-2026-40898 — quic-go: HTTP/3 QPACK Trailer Expansion Memory Exhaustion

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a …

quic-go | Remote | Denial of Service
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-36499 — Open vSwitch DoS via Resource Exhaustion

A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. T…

Remote | Denial of Service
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2025-71316 — SQLite sqldiff remote code execution via argument injection

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL wi…

Remote | Misconfiguration
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
6.3 MEDIUM
CVE-2025-65640 — Arket Globe Document Intelligence Cross-Site Scripting

Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating…

Remote | Cross-Site Scripting
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
Showing 20 of 7905 Results