) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2026-48917 - Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.
Published: May 27, 2026; 11:16:31 AM -0400 -
CVE-2026-48916 - Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.
Published: May 27, 2026; 11:16:31 AM -0400 -
CVE-2026-3091 - An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files and conduct denial-of-service during installation by placing a malicious DLL in advance in the same d... read CVE-2026-3091
Published: February 23, 2026; 10:16:03 PM -0500V3.1: 7.3 HIGH
-
CVE-2025-66593 - An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.
Published: May 27, 2026; 5:16:27 AM -0400V3.1: 5.6 MEDIUM
-
CVE-2025-66592 - An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.
Published: May 27, 2026; 5:16:27 AM -0400V3.1: 5.6 MEDIUM
-
CVE-2025-13593 - Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.
Published: May 27, 2026; 5:16:26 AM -0400V3.1: 5.6 MEDIUM
-
CVE-2026-34072 - Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie... read CVE-2026-34072
Published: April 01, 2026; 2:16:29 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2026-5516 - IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window.
Published: May 27, 2026; 10:17:34 AM -0400V3.1: 5.9 MEDIUM
-
CVE-2026-0061 - In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. Use... read CVE-2026-0061
Published: June 01, 2026; 6:16:21 PM -0400 -
CVE-2026-0070 - In multiple functions of DevicePolicyManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User i... read CVE-2026-0070
Published: June 01, 2026; 6:16:21 PM -0400 -
CVE-2026-0074 - In getPreferredSize of LauncherProcessImageListener.kt, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed fo... read CVE-2026-0074
Published: June 01, 2026; 6:16:21 PM -0400 -
CVE-2026-0077 - In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch (bal) due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User ... read CVE-2026-0077
Published: June 01, 2026; 6:16:21 PM -0400 -
CVE-2026-7254 - IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users.
Published: May 27, 2026; 10:17:35 AM -0400 -
CVE-2026-7365 - IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentic... read CVE-2026-7365
Published: May 27, 2026; 10:17:35 AM -0400V3.1: 7.8 HIGH
-
CVE-2025-59610 - Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
Published: June 01, 2026; 7:16:16 PM -0400V3.1: 6.4 MEDIUM
-
CVE-2025-59611 - Memory corruption in diagnostic services due to absence of input validation
Published: June 01, 2026; 7:16:16 PM -0400V3.1: 6.7 MEDIUM
-
CVE-2025-59612 - Memory corruption in windows drivers while sending incorrect trusted application request
Published: June 01, 2026; 7:16:16 PM -0400V3.1: 6.7 MEDIUM
-
CVE-2025-59613 - Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.
Published: June 01, 2026; 7:16:16 PM -0400V3.1: 6.7 MEDIUM
-
CVE-2025-59614 - Memory Corruption when sending random number generator command with insufficient output buffer size.
Published: June 01, 2026; 7:16:16 PM -0400V3.1: 6.7 MEDIUM
-
CVE-2026-24085 - Memory Corruption when processing display command line information due to improper initialization of a variable.
Published: June 01, 2026; 7:16:19 PM -0400V3.1: 7.2 HIGH