Common Vulnerabilities and Exposures (CVE)

CVE-2026-45955

Jun 5, 2026 06:06:10 UTC

In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout When llbitmap_suspend_timeout() times out waiting for percpu_ref to become zero, it returns -ETIMEDOUT w...

CVE-2026-21825

Jun 5, 2026 06:03:11 UTC

HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center.  An attacker could execute arbitrary JavaScript in the victim's browser.

CVE-2026-21826

Jun 5, 2026 05:58:31 UTC

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An attacker can manipulate the Host header and cause the application to behave in unexpected ways.

CVE-2026-21837

Jun 5, 2026 05:50:58 UTC

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API.  An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application...

CVE-2026-10732

Jun 5, 2026 05:00:02 UTC

All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and t...

CVE-2025-62338

Jun 5, 2026 04:44:15 UTC

HCL BigFix Cloud Lifecycle Management is affected by lack of input validation.  This low-level flaw allows unauthorized access and may lead to information exposure.

CVE-2025-71316

Jun 5, 2026 03:55:52 UTC

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string...

CVE-2026-3820

Jun 5, 2026 03:55:50 UTC

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR.  An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the under...

CVE-2026-8037

Jun 5, 2026 03:55:49 UTC

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpo...

CVE-2026-50592

Jun 5, 2026 02:22:54 UTC

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog (aka the communication log administration view).

CVE-2026-50591

Jun 5, 2026 02:21:03 UTC

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences.

CVE-2026-50593

Jun 5, 2026 02:20:17 UTC

Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.

CVE-2026-37700

Jun 5, 2026 02:05:36 UTC

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page

CVE-2026-36603

Jun 5, 2026 02:04:20 UTC

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface...

CVE-2026-36602

Jun 5, 2026 02:03:28 UTC

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 discloses kernel memory layout via the UPnP GetStatusInfo action. An unauthenticated attacker on the adjacent network can obtain a raw MIPS KSEG0 kernel pointer, revealing kern...