Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.3 HIGH
CVE-2026-50033 — Acronis DeviceLock DLP DLL Hijacking Privilege Escalation

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

| Misconfiguration
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
7.3 HIGH
CVE-2026-44682 — Acronis DeviceLock DLP DLL Hijacking Local Privilege Escalation

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

| Misconfiguration
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
7.3 HIGH
CVE-2026-44609 — Acronis DeviceLock DLP Privilege Escalation via EXE Hijacking

Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

| Misconfiguration
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
4.8 MEDIUM
CVE-2026-43924 — FOSSBilling has an open redirect via administrator-configured redirect targets

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs befo…

Remote | Misconfiguration
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
7.3 HIGH
CVE-2026-42061 — Acronis DeviceLock DLP Privilege Escalation

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

| Authorization
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
6.9 MEDIUM
CVE-2026-40495 — FOSSBilling version exposed via asset cache buster

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the `hid…

Remote | Information Disclosure
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-37700 — MaxSite CMS Cross-Site Scripting

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page

| Cross-Site Scripting
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-26825 — libxls Use-After-Free

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory origi…

| Memory Corruption
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-26824 — libxls: Use of Uninitialized Memory in OLE Container Parser

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not ful…

| Memory Corruption
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
3.6 LOW
CVE-2026-10766 — mlrun DataFrame Hash helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/utils/helpers.py of the component DataFrame Hash Han…

| Cryptography
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-8889 — CVE-2026-8889

Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes).

| Cryptography
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-8888 — CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. A…

| Denial of Service
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-8881 — CVE-2026-8881

Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no …

| Cryptography
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-8879 — CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manif…

| Misconfiguration
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-8878 — CVE-2026-8878

Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that…

| Information Disclosure
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-8876 — CVE-2026-8876

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data.

| Cryptography
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-8874 — CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension …

| Misconfiguration
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
8.4 HIGH
CVE-2026-7888 — Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in…

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction. An unauthenticat…

| Injection
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
4.4 MEDIUM
CVE-2026-45702 — OP-TEE has FF-A type confusion in SPMC tmem path that causes S-EL1 kernel panic

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior t…

| Memory Corruption
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
4.7 MEDIUM
CVE-2026-45614 — OP-TEE vulnerable to ECDH private key recovery

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of t…

| Cryptography
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
Showing 20 of 7137 Results