{"source":"cve","note":"Free 5-item preview. The full feed is $0.05/call at GET /v1/cve/changes.","question":"Which new CVE vulnerabilities were published since T, and how severe (CVSS) are they?","sample":[{"source":"cve","entityId":"cve:CVE-2026-10270","type":"cve_published","title":"CVE-2026-10270 (CVSS 7.4 HIGH)","summary":"A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.","significance":7,"detectedAt":"2026-07-14T22:21:12.704Z","effectiveDate":"2026-06-01T17:16:43.280","sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-10270","detail":{"cvss":7.4,"severity":"HIGH","status":"Analyzed","published":"2026-06-01T17:16:43.280"}},{"source":"cve","entityId":"cve:CVE-2026-10269","type":"cve_published","title":"CVE-2026-10269 (CVSS 5.3 MEDIUM)","summary":"A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be carried out remotely. Upgrading to version 0.4.1 is capable of addressing this issue. The identifier of the patch is 428e2c045cb9c0eb8080e8b580471a9c2eaa95ca. Upgrading the affected component is recommended.","significance":5,"detectedAt":"2026-07-14T22:21:12.704Z","effectiveDate":"2026-06-01T17:16:43.097","sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-10269","detail":{"cvss":5.3,"severity":"MEDIUM","status":"Deferred","published":"2026-06-01T17:16:43.097"}},{"source":"cve","entityId":"cve:CVE-2026-10268","type":"cve_published","title":"CVE-2026-10268 (CVSS 1.9 LOW)","summary":"A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshal_one_fiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d9b1d711ea1fde52ac73a82088b512a3e17bad0d. A patch should be applied to remediate this issue.","significance":2,"detectedAt":"2026-07-14T22:21:12.704Z","effectiveDate":"2026-06-01T17:16:42.897","sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-10268","detail":{"cvss":1.9,"severity":"LOW","status":"Deferred","published":"2026-06-01T17:16:42.897"}},{"source":"cve","entityId":"cve:CVE-2026-10118","type":"cve_published","title":"CVE-2026-10118 (CVSS 7.8 HIGH)","summary":"A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.","significance":8,"detectedAt":"2026-07-14T22:21:12.704Z","effectiveDate":"2026-06-01T17:16:39.500","sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-10118","detail":{"cvss":7.8,"severity":"HIGH","status":"Awaiting Analysis","published":"2026-06-01T17:16:39.500"}},{"source":"cve","entityId":"cve:CVE-2022-4991","type":"cve_published","title":"CVE-2022-4991 (CVSS 7.4 HIGH)","summary":"Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.","significance":7,"detectedAt":"2026-07-14T22:21:12.704Z","effectiveDate":"2026-06-01T17:16:23.143","sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-4991","detail":{"cvss":7.4,"severity":"HIGH","status":"Awaiting Analysis","published":"2026-06-01T17:16:23.143"}}]}