Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-47633 — Microsoft Cost Management Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network.

Jun 18, 2026 Jun 26, 2026
Jun 18, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-32174 — Azure Bot Service Elevation of Privilege Vulnerability

Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network.

Jun 18, 2026 Jun 24, 2026
Jun 18, 2026
Jun 24, 2026
4.8 MEDIUM
CVE-2026-22674 — Hashgraph Guardian Stored XSS via branding companyName field

Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARD_REGISTRY role to inject malicious scr…

guardian | Remote | Cross-Site Scripting
Jun 18, 2026 Jun 23, 2026
Jun 18, 2026
Jun 23, 2026
9.1 CRITICAL
CVE-2026-49454 — Relyra SAML SignatureValue not cryptographically verified -> authentication bypass

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verifie…

Remote | Authentication
Jun 18, 2026 Jun 23, 2026
Jun 18, 2026
Jun 23, 2026
10.0 CRITICAL
CVE-2026-49257 — mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0…

mcp-pinot is a Python-based Model Context Protocol (MCP) server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults to running an HTTP MCP server bound to 0.0.0.0:8080 …

Remote | Authentication
Jun 18, 2026 Jun 23, 2026
Jun 18, 2026
Jun 23, 2026
9.9 CRITICAL
CVE-2026-49252 — deepstream is vulnerable to prototype pollution

deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are vulnerable to Prototype Pollution. Exploitation can l…

Remote | Misconfiguration
Jun 18, 2026 Jun 23, 2026
Jun 18, 2026
Jun 23, 2026
8.3 HIGH
CVE-2026-49248 — OneDev: RCE through absolute-path symlink following allows low-privileged users to overwr…

OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar() creates symbolic links verbatim from TAR entry getLinkName() without validating whether the tar…

onedev onedev | Remote | Path Traversal
Jun 18, 2026 Jun 23, 2026
Jun 18, 2026
Jun 23, 2026
7.6 HIGH
CVE-2026-46699 — conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot…

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge …

Remote | Supply Chain
Jun 18, 2026 Jun 23, 2026
Jun 18, 2026
Jun 23, 2026
8.3 HIGH
CVE-2026-45696 — OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K (High-Throughput JPEG 2000)…

openexr | Remote | Memory Corruption
Jun 18, 2026 Jun 30, 2026
Jun 18, 2026
Jun 30, 2026
7.1 HIGH
CVE-2026-44663 — OpenEXR: Integer overflow in the HTJ2K decoder leads to heap-buffer-overflow

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in ht_undo_impl()…

openexr | Memory Corruption
Jun 18, 2026 Jun 26, 2026
Jun 18, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-43994 — Coturn: Stack buffer overflow in decode_oauth_token_gcm()

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decode_oauth_token_gcm(). A uint16_t nonce_len field read from an atta…

coturn | Remote | Memory Corruption
Jun 18, 2026 Jun 26, 2026
Jun 18, 2026
Jun 26, 2026
8.3 HIGH
CVE-2025-15661 — libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that allows a malicious SSH server or man-in-the-middle…

libssh2 | Remote | Information Disclosure
Jun 18, 2026 Jun 26, 2026
Jun 18, 2026
Jun 26, 2026
6.9 MEDIUM
CVE-2026-56099 — OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel s…

openbsd | Remote | Information Disclosure
Jun 18, 2026 Jun 27, 2026
Jun 18, 2026
Jun 27, 2026
5.8 MEDIUM
CVE-2026-48983 — pam_usb: TOCTOU race condition in pad directory creation allows symlink substitution

pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in per-device and per-user pad directory creation. pam_u…

| Race Condition
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
5.8 MEDIUM
CVE-2026-48982 — pam_usb: Missing O_EXCL on pad temp file creation allows concurrent update race

pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open() without the …

| Race Condition
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
6.7 MEDIUM
CVE-2026-48981 — pam_usb: xmlReadFile flags=0 permits XXE network entity fetching in conf.c

pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, pam_usb calls xmlReadFile() with flags=0 when loading the configuration file, allowing l…

| XML External Entity
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
6.3 MEDIUM
CVE-2026-48980 — pam_usb: getenv() used in PAM context allows environment variable injection into local-ch…

pam_usb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv() environment variables XRDP_SESSION, DISPLAY and TMUX allow environment variable injecti…

| Injection
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
8.7 HIGH
CVE-2026-48716 — nanobot: Path traversal via unsanitized WhatsApp document fileName enables arbitrary file…

nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path using the fileName field from an incoming WhatsApp do…

nanobot | Remote | Path Traversal
Jun 18, 2026 Jun 23, 2026
Jun 18, 2026
Jun 23, 2026
5.3 MEDIUM
CVE-2026-47847 — Bitnami MariaDB Galera: Hardcoded Credentials

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADB_REPLICATION_USER and MARIA…

Remote | Authentication
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
9.8 CRITICAL
CVE-2026-47846 — Bitnami Cassandra Default Superuser Vulnerability

Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRA_USER environment variable, the conta…

Remote | Authentication
Jun 18, 2026 Jun 22, 2026
Jun 18, 2026
Jun 22, 2026
Showing 20 of 8012 Results