Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.8 HIGH
CVE-2026-30802 — Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Bu…

Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before 4.3.0, from 2.4.5 before 2.4.*.

connext_micro | Remote | Memory Corruption
Jun 17, 2026 Jun 25, 2026
Jun 17, 2026
Jun 25, 2026
6.1 MEDIUM
CVE-2026-30799 — Missing Authentication for Critical Function vulnerability in RTI Connext Professional (S…

Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, fr…

connext_professional | Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.0 MEDIUM
CVE-2026-2675 — Missing Authentication for Critical Function vulnerability in RTI Connext Professional (S…

Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7…

connext_professional | Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.8 MEDIUM
CVE-2026-2674 — Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libr…

Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers, Overflow Buffers…

connext_professional | Memory Corruption
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.2 CRITICAL
CVE-2026-2467 — Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) all…

Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 b…

connext_professional | Remote | Memory Corruption
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.1 CRITICAL
CVE-2026-20266 — OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit

In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is pos…

ai_toolkit | Injection
Jun 17, 2026 Jun 22, 2026
Jun 17, 2026
Jun 22, 2026
4.3 MEDIUM
CVE-2026-20265 — Insecure Default Domain Allowlist in Splunk AI Toolkit

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a serv…

ai_toolkit | Server-Side Request Forgery
Jun 17, 2026 Jun 22, 2026
Jun 17, 2026
Jun 22, 2026
4.3 MEDIUM
CVE-2026-20178 — Cisco Webex App: Cross-Site Scripting

A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability…

webex_web_app | Remote | Server-Side Request Forgery
Jun 17, 2026 Jun 22, 2026
Jun 17, 2026
Jun 22, 2026
3.7 LOW
CVE-2026-11525 — undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring mat…

Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RF…

undici | Misconfiguration
Jun 17, 2026 Jun 25, 2026
Jun 17, 2026
Jun 25, 2026
7.5 HIGH
CVE-2026-9675 — undici WebSocket client vulnerable to denial of service via cumulative fragment bypass

Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small …

undici | Denial of Service
Jun 17, 2026 Jun 25, 2026
Jun 17, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-53875 — picklescan - Scanning Bypass via Dynamic Eval in scan_pytorch

picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the __reduce__ trick. Attac…

picklescan | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-53874 — picklescan - Arbitrary Code Execution via Obfuscated eval Call

picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attac…

picklescan | Remote | Injection
Jun 17, 2026 Jun 23, 2026
Jun 17, 2026
Jun 23, 2026
9.8 CRITICAL
CVE-2026-53873 — picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass

picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run() function, allowing attackers to achieve arbitrary code execution via…

picklescan | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.7 HIGH
CVE-2026-53872 — picklescan - Arbitrary File Read via Unsafe Pickle Deserialization

picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. At…

picklescan | Remote | Information Disclosure
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
10.0 CRITICAL
CVE-2026-3490 — picklescan - Universal Blocklist Bypass via pkgutil.resolve_name

picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can …

picklescan | Remote | Injection
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
9.1 CRITICAL

JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeSelectApi endpoint passes user-supplied input directl…

Remote | Injection
Jun 17, 2026 Jun 22, 2026
Jun 17, 2026
Jun 22, 2026
8.0 HIGH
CVE-2026-35069 — Dell PowerFlex Manager SQL Injection

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with a…

Jun 17, 2026 Jun 25, 2026
Jun 17, 2026
Jun 25, 2026
5.7 MEDIUM

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with a…

Jun 17, 2026 Jun 25, 2026
Jun 17, 2026
Jun 25, 2026
7.8 HIGH
CVE-2026-32652 — Dell AIOps Collector Default Credentials Filesystem Access Vulnerability

Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain …

aiops_collector | Authentication
Jun 17, 2026 Jun 23, 2026
Jun 17, 2026
Jun 23, 2026
6.0 MEDIUM
CVE-2026-20246 — Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insuff…

Jun 17, 2026 Jun 22, 2026
Jun 17, 2026
Jun 22, 2026
Showing 20 of 7972 Results