Common Vulnerabilities and Exposures (CVE)

CVE-2026-57028

Jul 10, 2026 14:37:21 UTC

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion. Due to an incorrect initialization, a...

CVE-2026-57031

Jul 10, 2026 14:37:16 UTC

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices w...

CVE-2026-12123

Jul 10, 2026 14:35:37 UTC

The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level ac...

CVE-2026-21045

Jul 10, 2026 14:34:52 UTC

Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.

CVE-2026-57032

Jul 10, 2026 14:34:50 UTC

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service (DoS). If ...

CVE-2026-57054

Jul 10, 2026 14:34:09 UTC

A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources th...

CVE-2026-57027

Jul 10, 2026 14:33:33 UTC

A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series devices allows an unauthenticated adjacent attacker to cause a Denial-of-Service (Do...

CVE-2026-21044

Jul 10, 2026 14:33:24 UTC

Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.

CVE-2026-57026

Jul 10, 2026 14:33:07 UTC

An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS)...

CVE-2026-46413

Jul 10, 2026 14:32:39 UTC

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in ve...

CVE-2026-44918

Jul 10, 2026 14:31:59 UTC

OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization.

CVE-2026-57024

Jul 10, 2026 14:31:54 UTC

A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). ...

CVE-2026-21041

Jul 10, 2026 14:31:30 UTC

Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.

CVE-2026-57022

Jul 10, 2026 14:31:13 UTC

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-S...

CVE-2026-21040

Jul 10, 2026 14:30:55 UTC

Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs.