| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-55697 | imp | 0.42 | 7.5 | 0.00 | Jun 25, 2026 | pnpm: pnpm: Arbitrary code execution via improper handling of config dependencies | ||
| CVE-2026-55487 | imp | 0.42 | 7.5 | 0.00 | Jun 25, 2026 | pnpm: pnpm: Supply chain compromise via manipulated package source strings | ||
| CVE-2026-9705 | mod | 0.42 | 6.5 | 0.00 | Jun 25, 2026 | keycloak: Keycloak: Attacker can re-enable and take over disabled clients via Registration Access Token | ||
| CVE-2026-9099 | — | imp | 0.50 | 7.7 | 0.00 | Jun 25, 2026 | keycloak: Group-Admin Escalation to Realm-Admin | |
| CVE-2026-9086 | imp | 0.47 | 7.3 | 0.00 | Jun 25, 2026 | keycloak: Keycloak: Cross-site scripting (XSS) via case-insensitive URI validation bypass | ||
| CVE-2026-9083 | mod | 0.32 | 4.9 | 0.01 | Jun 25, 2026 | keycloak: Keycloak: Information disclosure through arbitrary filesystem path probing | ||
| CVE-2026-57236 | — | imp | 0.46 | 8.2 | 0.00 | Jun 25, 2026 | nokogiri: Nokogiri: Denial of Service or Information Disclosure via invalid encoding handling | |
| CVE-2026-13324 | — | mod | 0.42 | 6.5 | — | Jun 25, 2026 | geary: geary: Silent file attachment via ?attach= parameter | |
| CVE-2026-12578 | — | hig | 0.51 | 7.8 | 0.00 | Jun 25, 2026 | The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code. | |
| CVE-2026-12897 | hig | 0.51 | 7.8 | 0.00 | Jun 25, 2026 | Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code. | ||
| CVE-2026-28701 | hig | 0.50 | 7.7 | 0.01 | Jun 25, 2026 | Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths. | ||
| CVE-2026-31928 | — | hig | 0.53 | 8.1 | 0.01 | Jun 25, 2026 | The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access. | |
| CVE-2026-33560 | — | hig | 0.46 | 7.1 | 0.00 | Jun 25, 2026 | The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable… | |
| CVE-2026-55975 | hig | 0.47 | 7.2 | 0.01 | Jun 25, 2026 | A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may… | ||
| CVE-2026-56414 | — | hig | 0.47 | 7.2 | 0.00 | Jun 25, 2026 | A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of… | |
| CVE-2026-40702 | — | cri | 0.61 | 9.4 | 0.00 | Jun 25, 2026 | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is… | |
| CVE-2026-44622 | — | med | 0.42 | 6.5 | 0.00 | Jun 25, 2026 | Charging station authentication identifiers are publicly accessible via web-based mapping platforms. | |
| CVE-2026-50176 | — | hig | 0.49 | 7.5 | 0.00 | Jun 25, 2026 | The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks or brute-force attacks to gain unauthorized access. | |
| CVE-2026-54479 | — | hig | 0.47 | 7.3 | 0.00 | Jun 25, 2026 | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to… | |
| CVE-2026-13311 | mod | 0.35 | 6.5 | 0.00 | Jun 25, 2026 | shell-quote: shell-quote/parse: shell-quote: Denial of Service due to inefficient input parsing | ||
| CVE-2026-13235 | — | 0.00 | — | 0.00 | Jun 25, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | ||
| CVE-2026-13236 | — | 0.00 | — | 0.00 | Jun 25, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | ||
| CVE-2026-13237 | — | 0.00 | — | 0.00 | Jun 25, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | ||
| CVE-2026-13238 | — | 0.00 | — | 0.00 | Jun 25, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | ||
| CVE-2026-13239 | — | 0.00 | — | 0.00 | Jun 25, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | ||
| CVE-2026-13240 | — | 0.00 | — | 0.00 | Jun 25, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | ||
| CVE-2026-13241 | — | 0.00 | — | 0.00 | Jun 25, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | ||
| CVE-2026-13242 | — | 0.00 | — | 0.00 | Jun 25, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | ||
| CVE-2026-13243 | — | 0.00 | — | 0.00 | Jun 25, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | ||
| CVE-2026-13244 | — | 0.00 | — | 0.00 | Jun 25, 2026 | Mentioned in Drupal. See https://www.drupal.org/security for vendor details. | ||
| CVE-2026-57589 | 0.00 | — | 0.00 | Jun 25, 2026 | sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget(). | |||
| CVE-2026-9153 | 0.00 | — | 0.00 | Jun 25, 2026 | Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation. | |||
| CVE-2026-9154 | 0.00 | — | 0.00 | Jun 25, 2026 | Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter. | |||
| CVE-2026-9155 | 0.00 | — | 0.01 | Jun 25, 2026 | OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation. | |||
| CVE-2026-8659 | 0.00 | — | 0.01 | Jun 25, 2026 | OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation. | |||
| CVE-2026-13218 | mod | 0.27 | 4.2 | 0.00 | Jun 25, 2026 | kubevirt: kubevirt: symlink following in WriteToCachedFile allows host file overwrite from virt-launcher | ||
| CVE-2026-13318 | mod | 0.42 | 6.4 | 0.00 | Jun 25, 2026 | virt-api-rhel9: kubevirt: KubeVirt: SSRF in virt-api port-forward via unvalidated guest-agent-reported IP | ||
| CVE-2026-13322 | low | 0.25 | 3.8 | 0.00 | Jun 25, 2026 | kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial ReadLine in virt-handler causes OOM denial of service | ||
| CVE-2026-53131 | mod | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: netfilter: require Ethernet MAC header before using eth_hdr() | ||
| CVE-2026-53133 | mod | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: RDMA/umem: Fix truncation for block sizes >= 4G | ||
| CVE-2026-53143 | imp | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 | ||
| CVE-2026-53148 | imp | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: thunderbolt: Clamp XDomain response data copy to allocation size | ||
| CVE-2026-53156 | — | mod | 0.29 | 5.5 | 0.00 | Jun 25, 2026 | kernel: nvmem: core: fix use-after-free bugs in error paths | |
| CVE-2026-53159 | — | 0.00 | — | 0.00 | Jun 25, 2026 | kernel: misc: fastrpc: fix DMA address corruption due to find_vma misuse | ||
| CVE-2026-53161 | — | 0.00 | — | 0.00 | Jun 25, 2026 | kernel: misc: fastrpc: fix use-after-free of fastrpc_user in workqueue context | ||
| CVE-2026-53171 | — | 0.00 | — | 0.00 | Jun 25, 2026 | kernel: accel/ethosu: fix arithmetic issues in dma_length() | ||
| CVE-2026-53173 | 0.00 | — | 0.00 | Jun 25, 2026 | kernel: accel/ethosu: fix OOB write in ethosu_gem_cmdstream_copy_and_validate() | |||
| CVE-2026-53176 | imp | 0.39 | 7.0 | 0.01 | Jun 25, 2026 | kernel: IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN | ||
| CVE-2026-53178 | — | mod | 0.19 | — | 0.00 | Jun 25, 2026 | kernel: staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction | |
| CVE-2026-53184 | — | mod | 0.29 | 5.5 | 0.01 | Jun 25, 2026 | kernel: udp: clear skb->dev before running a sockmap verdict |
- risk 0.42cvss 7.5epss 0.00
pnpm: pnpm: Arbitrary code execution via improper handling of config dependencies
- risk 0.42cvss 7.5epss 0.00
pnpm: pnpm: Supply chain compromise via manipulated package source strings
- risk 0.42cvss 6.5epss 0.00
keycloak: Keycloak: Attacker can re-enable and take over disabled clients via Registration Access Token
- risk 0.50cvss 7.7epss 0.00
keycloak: Group-Admin Escalation to Realm-Admin
- risk 0.47cvss 7.3epss 0.00
keycloak: Keycloak: Cross-site scripting (XSS) via case-insensitive URI validation bypass
- risk 0.32cvss 4.9epss 0.01
keycloak: Keycloak: Information disclosure through arbitrary filesystem path probing
- risk 0.46cvss 8.2epss 0.00
nokogiri: Nokogiri: Denial of Service or Information Disclosure via invalid encoding handling
- risk 0.42cvss 6.5epss —
geary: geary: Silent file attachment via ?attach= parameter
- risk 0.51cvss 7.8epss 0.00
The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.
- risk 0.51cvss 7.8epss 0.00
Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code.
- risk 0.50cvss 7.7epss 0.01
Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths.
- risk 0.53cvss 8.1epss 0.01
The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access.
- risk 0.46cvss 7.1epss 0.00
The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable…
- risk 0.47cvss 7.2epss 0.01
A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may…
- risk 0.47cvss 7.2epss 0.00
A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of…
- risk 0.61cvss 9.4epss 0.00
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is…
- risk 0.42cvss 6.5epss 0.00
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
- risk 0.49cvss 7.5epss 0.00
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks or brute-force attacks to gain unauthorized access.
- risk 0.47cvss 7.3epss 0.00
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to…
- risk 0.35cvss 6.5epss 0.00
shell-quote: shell-quote/parse: shell-quote: Denial of Service due to inefficient input parsing
- CVE-2026-13235Jun 25, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-13236Jun 25, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-13237Jun 25, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-13238Jun 25, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-13239Jun 25, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-13240Jun 25, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-13241Jun 25, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-13242Jun 25, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-13243Jun 25, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-13244Jun 25, 2026risk 0.00cvss —epss 0.00
Mentioned in Drupal. See https://www.drupal.org/security for vendor details.
- CVE-2026-57589Jun 25, 2026risk 0.00cvss —epss 0.00
sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().
- CVE-2026-9153Jun 25, 2026risk 0.00cvss —epss 0.00
Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.
- CVE-2026-9154Jun 25, 2026risk 0.00cvss —epss 0.00
Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter.
- CVE-2026-9155Jun 25, 2026risk 0.00cvss —epss 0.01
OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.
- CVE-2026-8659Jun 25, 2026risk 0.00cvss —epss 0.01
OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation.
- risk 0.27cvss 4.2epss 0.00
kubevirt: kubevirt: symlink following in WriteToCachedFile allows host file overwrite from virt-launcher
- risk 0.42cvss 6.4epss 0.00
virt-api-rhel9: kubevirt: KubeVirt: SSRF in virt-api port-forward via unvalidated guest-agent-reported IP
- risk 0.25cvss 3.8epss 0.00
kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial ReadLine in virt-handler causes OOM denial of service
- risk 0.39cvss 7.0epss 0.00
kernel: netfilter: require Ethernet MAC header before using eth_hdr()
- risk 0.39cvss 7.0epss 0.00
kernel: RDMA/umem: Fix truncation for block sizes >= 4G
- risk 0.39cvss 7.0epss 0.00
kernel: drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11
- risk 0.39cvss 7.0epss 0.00
kernel: thunderbolt: Clamp XDomain response data copy to allocation size
- risk 0.29cvss 5.5epss 0.00
kernel: nvmem: core: fix use-after-free bugs in error paths
- CVE-2026-53159Jun 25, 2026risk 0.00cvss —epss 0.00
kernel: misc: fastrpc: fix DMA address corruption due to find_vma misuse
- CVE-2026-53161Jun 25, 2026risk 0.00cvss —epss 0.00
kernel: misc: fastrpc: fix use-after-free of fastrpc_user in workqueue context
- CVE-2026-53171Jun 25, 2026risk 0.00cvss —epss 0.00
kernel: accel/ethosu: fix arithmetic issues in dma_length()
- CVE-2026-53173Jun 25, 2026risk 0.00cvss —epss 0.00
kernel: accel/ethosu: fix OOB write in ethosu_gem_cmdstream_copy_and_validate()
- risk 0.39cvss 7.0epss 0.01
kernel: IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN
- risk 0.19cvss —epss 0.00
kernel: staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction
- risk 0.29cvss 5.5epss 0.01
kernel: udp: clear skb->dev before running a sockmap verdict