Tue, Apr 07 · 10:16 PM CDTCVE-2026-34078
10.0/10 · Must read/watchNVDvuln
Summary
Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and c
CVECVE-2026-34078
SeverityCRITICAL
TypeUPDATED
PublishedTue, Apr 07 · 10:16 PM CDT
ModifiedMon, Jul 06 · 01:16 PM CDT
Fri, May 22 · 04:16 AM CDTCVE-2026-46595
10.0/10 · Must read/watchNVDvuln
Summary
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.
CVECVE-2026-46595
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 AM CDT
ModifiedMon, Jul 06 · 01:17 PM CDT
Fri, Nov 05 · 10:15 AM CDTCVE-2021-42237
9.8/10 · Must read/watchNVDvuln
Summary
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
CVECVE-2021-42237
SeverityCRITICAL
TypeUPDATED
PublishedFri, Nov 05 · 10:15 AM CDT
ModifiedMon, Jul 06 · 12:39 PM CDT
Mon, Mar 28 · 12:15 AM CDTCVE-2022-26258
9.8/10 · Must read/watchNVDvuln
Summary
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
CVECVE-2022-26258
SeverityCRITICAL
TypeUPDATED
PublishedMon, Mar 28 · 12:15 AM CDT
ModifiedMon, Jul 06 · 12:39 PM CDT
Wed, Mar 11 · 05:16 PM CDTCVE-2025-67038
9.8/10 · Must read/watchNVDvuln
Summary
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected
CVECVE-2025-67038
SeverityCRITICAL
TypeUPDATED
PublishedWed, Mar 11 · 05:16 PM CDT
ModifiedMon, Jul 06 · 12:39 PM CDT
Mon, Mar 09 · 07:16 AM CDTCVE-2026-3823
9.8/10 · Must read/watchNVDvuln
Summary
EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
CVECVE-2026-3823
SeverityCRITICAL
TypeUPDATED
PublishedMon, Mar 09 · 07:16 AM CDT
ModifiedTue, Jul 07 · 08:16 AM CDT
Wed, May 06 · 12:16 PM CDTCVE-2026-43125
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlm_search_rsb_tree The len parameter in dlm_dump_rsb_name() is not validated and comes from network messages. When it exceeds DLM_RESNAME_MAXLEN, it can cause out-of-bounds write in dlm_search_rsb_tree(). Add length validation
CVECVE-2026-43125
SeverityCRITICAL
TypeUPDATED
PublishedWed, May 06 · 12:16 PM CDT
ModifiedMon, Jul 06 · 01:16 PM CDT
Wed, May 06 · 12:16 PM CDTCVE-2026-43198
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcp_v6_syn_recv_sock() Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock() is done too late. After tcp_v4_syn_recv_sock(), the child socket is already visible from TCP ehash table and other cpus might use
CVECVE-2026-43198
SeverityCRITICAL
TypeUPDATED
PublishedWed, May 06 · 12:16 PM CDT
ModifiedMon, Jul 06 · 01:16 PM CDT
Fri, Jun 12 · 06:16 PM CDTCVE-2026-44172
9.8/10 · Must read/watchNVDvuln
Summary
MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections, even though mysql_r
CVECVE-2026-44172
SeverityCRITICAL
TypeUPDATED
PublishedFri, Jun 12 · 06:16 PM CDT
ModifiedMon, Jul 06 · 01:16 PM CDT
Wed, Jun 24 · 05:17 PM CDTCVE-2026-52955
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in crush_decode() A message of type CEPH_MSG_OSD_MAP containing a crush map with at least one bucket has two fields holding the bucket algorithm. If the values in these two fields differ, an out-of-bounds acc
CVECVE-2026-52955
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 24 · 05:17 PM CDT
ModifiedMon, Jul 06 · 01:17 PM CDT
Wed, Jun 24 · 05:17 PM CDTCVE-2026-53006
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in icmpv6_rcv() Caching saddr and daddr before pskb_pull() is problematic since skb->head can change. Remove these temporary variables: - We only access &ipv6_hdr(skb)->saddr and &ipv6_hdr(skb)->daddr when net_dbg_ratelimited() i
CVECVE-2026-53006
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 24 · 05:17 PM CDT
ModifiedMon, Jul 06 · 01:17 PM CDT
Thu, Jun 25 · 09:16 AM CDTCVE-2026-53151
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpc_input_soft_acks() and a potential incorrect access of the buffer in a fragmented UDP packet (the packet would probably have to be deliberat
CVECVE-2026-53151
SeverityCRITICAL
TypeUPDATED
PublishedThu, Jun 25 · 09:16 AM CDT
ModifiedMon, Jul 06 · 05:43 PM CDT
Fri, May 22 · 04:16 PM CDTCVE-2026-39821
9.6/10 · Must read/watchNVDvuln
Summary
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a
CVECVE-2026-39821
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 PM CDT
ModifiedMon, Jul 06 · 01:16 PM CDT
Thu, Jun 25 · 09:16 AM CDTCVE-2026-53131
9.4/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: netfilter: require Ethernet MAC header before using eth_hdr() `ip6t_eui64`, `xt_mac`, the `bitmap:ip,mac`, `hash:ip,mac`, and `hash:mac` ipset types, and `nf_log_syslog` access `eth_hdr(skb)` after either assuming that the skb is associated with an Eth
CVECVE-2026-53131
SeverityCRITICAL
TypeUPDATED
PublishedThu, Jun 25 · 09:16 AM CDT
ModifiedMon, Jul 06 · 03:24 PM CDT
Fri, May 22 · 04:16 AM CDTCVE-2026-39830
9.1/10 · Must read/watchNVDvuln
Summary
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.
CVECVE-2026-39830
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 AM CDT
ModifiedMon, Jul 06 · 01:16 PM CDT
Fri, May 22 · 04:16 AM CDTCVE-2026-39832
9.1/10 · Must read/watchNVDvuln
Summary
When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. A
CVECVE-2026-39832
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 AM CDT
ModifiedMon, Jul 06 · 01:16 PM CDT
Fri, May 22 · 04:16 AM CDTCVE-2026-42508
9.1/10 · Must read/watchNVDvuln
Summary
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.
CVECVE-2026-42508
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 AM CDT
ModifiedMon, Jul 06 · 01:16 PM CDT
Mon, Feb 15 · 01:15 PM CSTCVE-2021-25296
8.8/10 · Worth your timeNVDvuln
Summary
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the N
CVECVE-2021-25296
SeverityHIGH
TypeUPDATED
PublishedMon, Feb 15 · 01:15 PM CST
ModifiedMon, Jul 06 · 12:40 PM CDT
Mon, Feb 15 · 01:15 PM CSTCVE-2021-25297
8.8/10 · Worth your timeNVDvuln
Summary
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI
CVECVE-2021-25297
SeverityHIGH
TypeUPDATED
PublishedMon, Feb 15 · 01:15 PM CST
ModifiedMon, Jul 06 · 12:40 PM CDT
Mon, Feb 15 · 01:15 PM CSTCVE-2021-25298
8.8/10 · Worth your timeNVDvuln
Summary
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagio
CVECVE-2021-25298
SeverityHIGH
TypeUPDATED
PublishedMon, Feb 15 · 01:15 PM CST
ModifiedMon, Jul 06 · 12:40 PM CDT
Thu, Apr 02 · 02:16 PM CDTCVE-2026-3692
8.8/10 · Worth your timeNVDvuln
Summary
In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server.
CVECVE-2026-3692
SeverityHIGH
TypeUPDATED
PublishedThu, Apr 02 · 02:16 PM CDT
ModifiedMon, Jul 06 · 06:42 PM CDT
Wed, May 13 · 04:16 PM CDTCVE-2026-42266
8.8/10 · Worth your timeNVDvuln
Summary
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manage
CVECVE-2026-42266
SeverityHIGH
TypeUPDATED
PublishedWed, May 13 · 04:16 PM CDT
ModifiedMon, Jul 06 · 01:16 PM CDT
Tue, Jun 09 · 05:17 PM CDTCVE-2026-45447
8.8/10 · Worth your timeNVDvuln
Summary
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signed message, if the SignedD
CVECVE-2026-45447
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 05:17 PM CDT
ModifiedMon, Jul 06 · 01:16 PM CDT
Thu, May 14 · 02:16 PM CDTCVE-2026-6473
8.8/10 · Worth your timeNVDvuln
Summary
Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant d
CVECVE-2026-6473
SeverityHIGH
TypeUPDATED
PublishedThu, May 14 · 02:16 PM CDT
ModifiedMon, Jul 06 · 01:17 PM CDT
Thu, May 14 · 02:16 PM CDTCVE-2026-6477
8.8/10 · Worth your timeNVDvuln
Summary
Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length
CVECVE-2026-6477
SeverityHIGH
TypeUPDATED
PublishedThu, May 14 · 02:16 PM CDT
ModifiedMon, Jul 06 · 01:17 PM CDT