Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.1 HIGH
CVE-2026-9154 — Arbitrary File Write in Rapid7 InsightConnect Sed Plugin

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression paramete…

linux_kernel sed | Remote | Path Traversal
Jun 25, 2026 Jun 27, 2026
Jun 25, 2026
Jun 27, 2026
6.5 MEDIUM
CVE-2026-9153 — Arbitrary File Read in Rapid7 InsightConnect Sed Plugin

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.

linux_kernel sed | Remote | Path Traversal
Jun 25, 2026 Jun 27, 2026
Jun 25, 2026
Jun 27, 2026
7.4 HIGH
CVE-2026-57589 — OpenBSD Use-After-Free Privilege Escalation

sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().

openbsd | Memory Corruption
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-9787 — Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetV…

netvault_backup | Injection
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-9786 — Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault…

netvault_backup | Injection
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-9785 — Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVau…

netvault_backup | Injection
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-9784 — Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVau…

netvault_backup | Injection
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-9783 — Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Net…

netvault_backup | Injection
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-9782 — Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVau…

netvault_backup | Injection
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-9781 — Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault…

netvault_backup | Injection
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-9780 — Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability

Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVa…

netvault_backup | Authentication
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-8663 — OS Command Injection in Rapid7 InsightConnect RPM Plugin

OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficie…

linux_kernel insightconnect_rpm | Remote | Injection
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
8.8 HIGH
CVE-2026-8659 — OS Command Injection in Rapid7 InsightConnect SQLmap Plugin

OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during conne…

linux_kernel insightconnect_sqlmap | Remote | Injection
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
8.8 HIGH
CVE-2026-7570 — Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault…

netvault_backup | Injection
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-7569 — Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability

Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVa…

netvault_backup | Authentication
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-40079 — Cacti: Command Injection via escape_command() no-op in RRDtool execution

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function. The esc…

cacti | Remote | Injection
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-39951 — Cacti: Stored SQL Injection via graph_name_regexp in Reports feature

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue ha…

cacti | Remote | Injection
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
5.5 MEDIUM
CVE-2025-60473 — GPAC MP4Box NULL Pointer Dereference Denial of Service

A NULL pointer dereference in the gf_filter_in_parent_chain function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplyin…

gpac | Memory Corruption
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
5.0 MEDIUM
CVE-2025-60466 — GPAC Project/MP4Box Use-After-Free Denial of Service

A use-after-free in the gf_filter_pid_get_packet function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted…

gpac | Memory Corruption
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
9.8 CRITICAL
CVE-2026-39955 — Cacti has Pre-Authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in grap…

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue…

cacti | Remote | Injection
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
Showing 20 of 7983 Results