Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.8 HIGH
CVE-2026-48800 — Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text content inside <UserDefinedCommands> in shortcuts.xml is read by NppXml::value(aNode) (Parameters.cpp:…

notepad\+\+ | Misconfiguration
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
7.8 HIGH
CVE-2026-48778 — Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="commandLineInterpreter"> tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) and stored i…

notepad\+\+ | Misconfiguration
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
5.0 MEDIUM
CVE-2026-48770 — Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WM_COPYDATA message to Notepad++ using the COPYD…

notepad\+\+ | Memory Corruption
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
7.8 HIGH
CVE-2026-46710 — Notepad++: Privilege Escalation in the Installer via Uncontrolled Executable Search Path

Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invo…

notepad\+\+ | Misconfiguration
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-46604 — Panic decoding image with out-of-bounds strip offset in x/image/tiff in golang.org/x/image

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.

tiff | Remote | Memory Corruption
Jun 26, 2026 Jul 01, 2026
Jun 26, 2026
Jul 01, 2026
5.5 MEDIUM
CVE-2026-39031 — Lansweeper Credentials Decryption via Static Key and Cleartext Prefix

Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. …

| Cryptography
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-38641 — Relibc DSO Mmap And Copy Denial of Service

An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library.

Remote | Denial of Service
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-38639 — Relibc DoS

An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parsing a crafted input.

Remote | Denial of Service
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
6.7 MEDIUM
CVE-2024-23581 — HCL Traveler for Microsoft Outlook (HTMO) is susceptible to an application modification v…

The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application.

| Misconfiguration
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
4.3 MEDIUM
CVE-2026-55838 — RustFS: Missing admin authorization on /rustfs/admin/v3/metrics allows any authenticated …

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of …

rustfs | Remote | Authorization
Jun 26, 2026 Jun 27, 2026
Jun 26, 2026
Jun 27, 2026
7.7 HIGH
CVE-2026-55189 — RustFS: FTP frontend skips IAM authorization on object reads

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP frontend is enabled, the FTP read and probe handlers dispatch directly to the storage …

rustfs | Remote | Authorization
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
8.2 HIGH
CVE-2026-55188 — RustFS: ListRemoteTargetHandler authorization bypass leaks replication target credentials

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. The ListRemoteTargetHa…

rustfs | Remote | Authorization
Jun 26, 2026 Jun 27, 2026
Jun 26, 2026
Jun 27, 2026
0.0 NA
CVE-2026-53324 — net: mana: Use pci_name() for debugfs directory naming

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pci_name() for debugfs directory naming Use pci_name(pdev) for the per-device debugfs directory instead of hardcod…

linux_kernel | Misconfiguration
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53323 — net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops DSA replaces the conduit (master) device's ethtool_ops with…

linux_kernel | Race Condition
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
8.8 HIGH
CVE-2026-53322 — vfio/pci: Clean up DMABUFs before disabling function

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfio_pci_core_close_device() call vfio_pci_dma_buf_…

linux_kernel | Memory Corruption
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53321 — io_uring/napi: cap busy_poll_to 10 msec

In the Linux kernel, the following vulnerability has been resolved: io_uring/napi: cap busy_poll_to 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no…

linux_kernel | Denial of Service
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53320 — nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()

In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty() nilfs_ioctl_mark_blocks_dirty() uses bd_oblocknr to detect dea…

linux_kernel | Misconfiguration
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53319 — blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default()

In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default() wbt_init_enable_default() uses WARN_ON_ONCE to check for failures fro…

linux_kernel | Misconfiguration
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53318 — wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr()

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr() Move the NULL check for 'sta' before dereferencing…

linux_kernel | Memory Corruption
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53317 — wifi: mt76: mt7921: Place upper limit on station AID

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: Place upper limit on station AID Any station configured with an AID over 20 causes a firmware crash. This sit…

linux_kernel | Denial of Service
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
Showing 20 of 7985 Results