Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.1 HIGH
CVE-2026-48103 — GHSL-2026-119 7-Zip WIM SecurityId OOB read

7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM (Windows Imaging) archive handler's security descriptor lo…

7-zip | Remote | Memory Corruption
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
8.8 HIGH
CVE-2026-11339 — D-Link DWR-M920 formUSSDSetup sub_41CF20 command injection

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in …

dwr-m920_firmware dwr-m920 | Remote | Injection
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
3.3 LOW
CVE-2026-11338 — SourceCodester Ship Ferry Ticket Reservation System manage_user cross site scripting

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user. The manipulation of t…

ship_ferry_ticket_reservation_system | Remote | Cross-Site Scripting
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
5.0 MEDIUM
CVE-2026-11337 — tittuvarghese CollegeManagementSystem fetch.php cross site scripting

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown func…

collegemanagementsystem | Remote | Cross-Site Scripting
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
7.1 HIGH
CVE-2025-5090 — Arista CloudVision Exchange Cluster Instability via Unexpected Switch Messages

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial …

Remote | Denial of Service
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
7.1 HIGH
CVE-2025-5089 — Arista EOS SysDB Agent Denial of Service via Malformed CVX Client/Server Messages

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain …

Remote | Denial of Service
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
8.7 HIGH
CVE-2025-5088 — Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on…

Remote | Authentication
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
9.1 CRITICAL
CVE-2026-9270 — DataDog::DogStatsd versions through 0.07 for Perl allow metric injections

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The send_s…

datadog\ | Remote | Injection
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2026-48102 — GHSL-2026-118: 7-Zip UDF Field OOB Read

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parse…

7-zip | Remote | Memory Corruption
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-48101 — GHSL-2026-117: 7-Zip UEFI Capsule uninitialized heap memory disclosure

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule (.scap) parser in 7-Zip. The OpenCa…

7-zip | Remote | Memory Corruption
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-11362 — DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sour…

datadog\ | Remote | Injection
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-11336 — tittuvarghese CollegeManagementSystem Admin admin_page.php improper authorization

A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file …

collegemanagementsystem | Remote | Authorization
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
Showing 20 of 7452 Results