) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2026-53469 - A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer d... read CVE-2026-53469
Published: June 10, 2026; 11:16:41 AM -0400V3.1: 8.1 HIGH
-
CVE-2026-10846 - NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither... read CVE-2026-10846
Published: June 10, 2026; 3:16:24 AM -0400V3.1: 7.5 HIGH
-
CVE-2026-48907 - A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.
Published: June 05, 2026; 4:16:30 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2026-12328 - Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have ... read CVE-2026-12328
Published: June 16, 2026; 9:16:33 AM -0400 -
CVE-2026-12329 - Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.
Published: June 16, 2026; 9:16:33 AM -0400 -
CVE-2026-12330 - Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12.
Published: June 16, 2026; 9:16:33 AM -0400 -
CVE-2026-10635 - On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_domain_list, of active memory domains using a list node embedded inside the caller-owned struct k_mem_d... read CVE-2026-10635
Published: June 16, 2026; 2:16:57 AM -0400V3.1: 6.3 MEDIUM
-
CVE-2026-11414 - A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid... read CVE-2026-11414
Published: June 05, 2026; 4:17:29 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2026-11419 - A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path ... read CVE-2026-11419
Published: June 05, 2026; 4:17:29 PM -0400V3.1: 8.8 HIGH
-
CVE-2026-11420 - Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archi... read CVE-2026-11420
Published: June 05, 2026; 4:17:29 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2026-12313 - Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
Published: June 16, 2026; 9:16:31 AM -0400 -
CVE-2026-12311 - Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
Published: June 16, 2026; 9:16:31 AM -0400 -
CVE-2026-12303 - Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Published: June 16, 2026; 9:16:30 AM -0400 -
CVE-2026-12323 - Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Published: June 16, 2026; 9:16:33 AM -0400 -
CVE-2026-12322 - Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Published: June 16, 2026; 9:16:32 AM -0400 -
CVE-2026-12321 - JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Published: June 16, 2026; 9:16:32 AM -0400 -
CVE-2026-12320 - Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Published: June 16, 2026; 9:16:32 AM -0400 -
CVE-2026-12319 - Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Published: June 16, 2026; 9:16:32 AM -0400 -
CVE-2026-24228 - NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and informatio... read CVE-2026-24228
Published: June 16, 2026; 1:16:39 PM -0400 -
CVE-2026-24155 - NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Published: June 16, 2026; 1:16:39 PM -0400