Total
11427 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26702 | 1 Zte | 1 Goldendb | 2026-06-17 | N/A | 4.9 MEDIUM |
| Improper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. | |||||
| CVE-2025-26647 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-06-17 | N/A | 8.8 HIGH |
| Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-26489 | 1 Nokia | 2 Infinera Mtc-9, Infinera Mtc-9 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | |||||
| CVE-2025-26488 | 1 Nokia | 2 Infinera Mtc-9, Infinera Mtc-9 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | |||||
| CVE-2025-26477 | 1 Dell | 2 Elastic Cloud Storage, Objectscale | 2026-06-17 | N/A | 4.3 MEDIUM |
| Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | |||||
| CVE-2025-26474 | 1 Openatom | 1 Openharmony | 2026-06-17 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios. | |||||
| CVE-2025-26429 | 1 Google | 1 Android | 2026-06-17 | N/A | 5.5 MEDIUM |
| In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26426 | 1 Google | 1 Android | 2026-06-17 | N/A | 5.1 MEDIUM |
| In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26413 | 1 Apache | 1 Kvrocks | 2026-06-17 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index isĀ out of range. This issue affects Apache Kvrocks: through 2.11.1. Users are recommended to upgrade to version 2.12.0, which fixes the issue. | |||||
| CVE-2025-26358 | 1 Q-free | 1 Maxtime | 2026-06-17 | N/A | 5.5 MEDIUM |
| A CWE-15 "External Control of System or Configuration Setting" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests. | |||||
| CVE-2025-25216 | 2026-06-17 | N/A | 3.3 LOW | ||
| Improper input validation in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-25212 | 1 Openatom | 1 Openharmony | 2026-06-17 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. | |||||
| CVE-2025-25210 | 2026-06-17 | N/A | 8.2 HIGH | ||
| Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-25005 | 1 Microsoft | 2 Exchange Server, Exchange Server Subscription Edition | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. | |||||
| CVE-2025-24970 | 2 Netapp, Netty | 3 Active Iq Unified Manager, Oncommand Insight, Netty | 2026-06-17 | N/A | 7.5 HIGH |
| Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually. | |||||
| CVE-2025-24882 | 2026-06-17 | N/A | 5.2 MEDIUM | ||
| regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1. | |||||
| CVE-2025-24847 | 1 Intel | 1 Computing Improvement Program | 2026-06-17 | N/A | 4.5 MEDIUM |
| Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may potentially occur via network access when attack requirements are present without special internal knowledge and requires passive user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-24785 | 1 Combodo | 1 Itop | 2026-06-17 | N/A | 4.3 MEDIUM |
| iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layout_class before saving the dashboard. | |||||
| CVE-2025-24514 | 2026-06-17 | N/A | 8.8 HIGH | ||
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | |||||
| CVE-2025-24513 | 2026-06-17 | N/A | 4.8 MEDIUM | ||
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster. | |||||