| CVE-2026-12844 |
List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function |
25.06.2026 |
|
| CVE-2026-48940 |
Joomla Extension - getk2.com - Stored-XSS in K2 extension for Joomla < 2.26 |
25.06.2026 |
|
| CVE-2026-48941 |
Joomla Extension - getk2.com - Unauthenticated folder delete in K2 extension for Joomla < 2.26 |
25.06.2026 |
|
| CVE-2026-48942 |
Joomla Extension - getk2.com - Stored-XSS in K2 extension for Joomla < 2.26 |
25.06.2026 |
|
| CVE-2026-48943 |
Joomla Extension - getk2.com - Authenticated user property mass-assignment in K2 extension for Joomla < 2.26 |
25.06.2026 |
|
| CVE-2026-48944 |
Joomla Extension - getk2.com - Exposure of sensitive files via attachment copy in K2 extension for Joomla < 2.26 |
25.06.2026 |
|
| CVE-2026-48945 |
Joomla Extension - getk2.com - Privileged RCE vulnerability in K2 extension for Joomla < 2.26 |
25.06.2026 |
|
| CVE-2026-48946 |
Joomla Extension - getk2.com - Privileged RCE vulnerability in K2 extension for Joomla < 2.26 |
25.06.2026 |
|
| CVE-2026-4522 |
|
25.06.2026 |
|
| CVE-2026-54036 |
LibreChat: 2FA Re-enrollment Allows Full Account 2FA Takeover Without OTP Verification |
25.06.2026 |
5.3 |
| CVE-2026-55477 |
Authenticated Arbitrary File Write via Database Import and Xray Log Path Manipulation |
25.06.2026 |
7.2 |
| CVE-2026-55693 |
Vim: Out-of-bounds Write in Spell File Word Count |
25.06.2026 |
|
| CVE-2026-55892 |
Vim: Out-of-bounds Write in Spell File Prefix Dump |
25.06.2026 |
5.5 |
| CVE-2026-55895 |
Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename |
25.06.2026 |
|
| CVE-2026-57438 |
Nokogiri: Possible Use-After-Free in XInclude Processing |
25.06.2026 |
|
| CVE-2026-57451 |
Vim: Out-of-bounds Read in Text Property Count |
25.06.2026 |
5.3 |
| CVE-2026-57452 |
Vim: Out-of-bounds Read with libsodium-encrypted Files |
25.06.2026 |
5.5 |
| CVE-2026-57453 |
Vim: PowerShell Command Injection via Unescaped Filename in zip.vim Extraction |
25.06.2026 |
6.5 |
| CVE-2026-57454 |
Vim: Out-of-bounds Read with Text Properties |
25.06.2026 |
|
| CVE-2026-57455 |
Vim: Stack out-of-bounds write in `spell_soundfold_sofo()` via an over-length `soundfold()` argument |
25.06.2026 |
|
| CVE-2026-57456 |
Vim: Arbitrary Code Execution via Python Omni-Completion Docstrings |
25.06.2026 |
|
| CVE-2026-9650 |
|
25.06.2026 |
|
| CVE-2026-9651 |
|
25.06.2026 |
|
| CVE-2026-9716 |
|
25.06.2026 |
|
| CVE-2026-9717 |
|
25.06.2026 |
|
| CVE-2026-9718 |
|
25.06.2026 |
|
| CVE-2026-13222 |
Insufficient validation of payment status in pretix-oppwa |
25.06.2026 |
|
| CVE-2026-13223 |
Insufficient validation of payment status in pretix-computop |
25.06.2026 |
|
| CVE-2026-13225 |
Stored XSS in ticket confirmation page |
25.06.2026 |
|
| CVE-2026-13314 |
Stored XSS in pretix-digital |
25.06.2026 |
|
| CVE-2026-46735 |
|
25.06.2026 |
7.8 |
| CVE-2026-49319 |
Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack |
25.06.2026 |
6.5 |
| CVE-2026-57234 |
Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247 |
25.06.2026 |
2.6 |
| CVE-2026-57235 |
Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]` |
25.06.2026 |
|
| CVE-2026-57236 |
Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception |
25.06.2026 |
|
| CVE-2026-57434 |
Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes |
25.06.2026 |
|
| CVE-2026-57435 |
Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=` |
25.06.2026 |
|
| CVE-2026-57436 |
Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type |
25.06.2026 |
|
| CVE-2026-57437 |
Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime |
25.06.2026 |
|
| CVE-2026-57532 |
|
25.06.2026 |
|
| CVE-2026-57533 |
|
25.06.2026 |
|
| CVE-2026-57534 |
Stored XSS in pretix-pages |
25.06.2026 |
|
| CVE-2026-57535 |
|
25.06.2026 |
|
| CVE-2026-57536 |
Insufficient validation of payment status in pretix-mollie |
25.06.2026 |
|
| CVE-2026-57587 |
SQL Injection in Nessus via Reverse DNS Lookup |
25.06.2026 |
5.3 |
| CVE-2026-57588 |
SQL Injection in Nessus via Malicious Scan Result File Import |
25.06.2026 |
3.3 |
| CVE-2026-6432 |
Improper bounds validation in EmberZNet SDK |
25.06.2026 |
|
| CVE-2026-12755 |
|
25.06.2026 |
|
| CVE-2026-27366 |
WordPress MainWP Child plugin <= 6.1.1 - Broken Access Control vulnerability |
25.06.2026 |
7.5 |
| CVE-2026-2815 |
Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys |
25.06.2026 |
|
| CVE-2026-40012 |
Information about ECS zero scoped answers might leak to clients that use a specific ECS |
25.06.2026 |
5.3 |
| CVE-2026-41120 |
|
25.06.2026 |
9.8 |
| CVE-2026-42387 |
Insufficient input validation in ZoneToCache |
25.06.2026 |
5.9 |
| CVE-2026-42388 |
Missing input validation for catalog zones |
25.06.2026 |
5.9 |
| CVE-2026-42389 |
Reject more queries with invalid header values |
25.06.2026 |
5.3 |
| CVE-2026-42390 |
ZONEMD validation can be bypassed |
25.06.2026 |
5.3 |
| CVE-2026-46732 |
|
25.06.2026 |
6.7 |
| CVE-2026-46733 |
|
25.06.2026 |
7.8 |
| CVE-2026-46734 |
|
25.06.2026 |
7.3 |
| CVE-2026-47145 |
Color Control hue/saturation assertion abort in EmberZNet v9.0.2 |
25.06.2026 |
|
| CVE-2026-47146 |
Color Control color-temperature assertion abort in EmberZNet v9.0.2 |
25.06.2026 |
|
| CVE-2026-47147 |
OTA server raw parser missing per-field bounds validation in EmberZNet v9.0.2 |
25.06.2026 |
|
| CVE-2026-47148 |
Groups GetGroupMembership count/list-length mismatch in EmberZNet v9.0.2 |
25.06.2026 |
|
| CVE-2026-47149 |
Door Lock GetUserType invalid table index in EmberZNet v9.0.2 |
25.06.2026 |
|
| CVE-2026-47150 |
IAS Zone enroll invalid table index and write in EmberZNet 9.0.2 |
25.06.2026 |
|
| CVE-2026-47151 |
Door Lock ClearWeekdaySchedule invalid table index and write in EmberZNet v9.0.2 |
25.06.2026 |
|
| CVE-2026-47152 |
Level Control Move divide-by-zero in EmberZNet v9.0.2 |
25.06.2026 |
|
| CVE-2026-47153 |
Level Control Step With On/Off divide-by-zero in EmberZNet v9.0.2 |
25.06.2026 |
|
| CVE-2026-47154 |
Simple Metering GetProfileResponse interval-bounds bug in EmberZNet v9.0.2 |
25.06.2026 |
|
| CVE-2026-49506 |
|
25.06.2026 |
7.2 |
| CVE-2026-4526 |
Global ZCL command parser missing minimum-length validation in EmberZNet v9.0.2 |
25.06.2026 |
|
| CVE-2026-52690 |
Spoofed answers can mark an authoritative non-EDNS capable |
25.06.2026 |
5.9 |
| CVE-2026-54821 |
WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability |
25.06.2026 |
7.4 |
| CVE-2026-54822 |
WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability |
25.06.2026 |
8.5 |
| CVE-2026-54823 |
WordPress Widget Options plugin <= 4.2.3 - Remote Code Execution (RCE) vulnerability |
25.06.2026 |
9.9 |
| CVE-2026-54828 |
WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability |
25.06.2026 |
7.5 |
| CVE-2026-54829 |
WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability |
25.06.2026 |
7.5 |
| CVE-2026-54830 |
WordPress Five Star Restaurant Reservations plugin <= 2.7.19 - Broken Access Control vulnerability |
25.06.2026 |
7.5 |
| CVE-2026-54836 |
WordPress Filter & Grids plugin <= 3.11.5 - SQL Injection vulnerability |
25.06.2026 |
9.3 |
| CVE-2026-54838 |
WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability |
25.06.2026 |
8.5 |
| CVE-2026-54841 |
WordPress Vitepos plugin <= 3.4.2 - Sensitive Data Exposure vulnerability |
25.06.2026 |
7.5 |
| CVE-2026-54842 |
WordPress Royal MCP plugin <= 1.4.25 - Broken Access Control vulnerability |
25.06.2026 |
8.1 |
| CVE-2026-54843 |
WordPress MDTF plugin <= 1.3.7 - SQL Injection vulnerability |
25.06.2026 |
9.3 |
| CVE-2026-54844 |
WordPress CheckView Automated Testing plugin <= 2.1.0 - Broken Access Control vulnerability |
25.06.2026 |
7.5 |
| CVE-2026-54845 |
WordPress MDTF plugin <= 1.3.8 - Local File Inclusion vulnerability |
25.06.2026 |
8.1 |
| CVE-2026-54848 |
WordPress APIExperts Square for WooCommerce plugin <= 4.7.3 - Sensitive Data Exposure vulnerability |
25.06.2026 |
8.3 |
| CVE-2026-54849 |
WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability |
25.06.2026 |
9.3 |
| CVE-2026-56005 |
WordPress WP Activity Log plugin <= 5.6.3.1 - Cross Site Scripting (XSS) vulnerability |
25.06.2026 |
7.1 |
| CVE-2026-56006 |
WordPress H5P plugin <= 1.17.6 - Reflected Cross Site Scripting (XSS) vulnerability |
25.06.2026 |
7.1 |
| CVE-2026-56013 |
WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability |
25.06.2026 |
6.5 |
| CVE-2026-56014 |
WordPress Master Slider plugin <= 3.11.2 - Cross Site Scripting (XSS) vulnerability |
25.06.2026 |
7.1 |
| CVE-2026-56023 |
WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.6.2 - Broken Access Control vulnerability |
25.06.2026 |
5.4 |
| CVE-2026-56042 |
WordPress Advanced Order Export For WooCommerce plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability |
25.06.2026 |
7.1 |
| CVE-2026-56049 |
WordPress Post Snippets plugin <= 4.0.19 - Remote Code Execution (RCE) vulnerability |
25.06.2026 |
8.5 |
| CVE-2026-56050 |
WordPress PPOM for WooCommerce plugin <= 33.0.18 - Broken Access Control vulnerability |
25.06.2026 |
6.5 |
| CVE-2026-56051 |
WordPress TablePress plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability |
25.06.2026 |
7.1 |
| CVE-2026-56053 |
WordPress EventPrime plugin <= 4.3.4.1 - PHP Object Injection vulnerability |
25.06.2026 |
8.8 |
| CVE-2026-56054 |
WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability |
25.06.2026 |
7.7 |
| CVE-2026-56071 |
WordPress Forminator plugin <= 1.53.1 - Cross Site Scripting (XSS) vulnerability |
25.06.2026 |
7.1 |
| CVE-2026-56122 |
Winstone Servlet Engine 0.9.10 Path Traversal via HTTP Request Paths |
25.06.2026 |
|
| CVE-2026-57429 |
WordPress Slim SEO plugin <= 4.6.2 - Broken Access Control vulnerability |
25.06.2026 |
6.5 |
| CVE-2026-57619 |
WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability |
25.06.2026 |
6.5 |
| CVE-2026-33612 |
ZoneToCache can poison the cache |
25.06.2026 |
7.5 |
| CVE-2026-40011 |
Prometheus denial of service via crafted DNS queries |
25.06.2026 |
3.7 |
| CVE-2026-40208 |
Denial of service via DoH3 queries |
25.06.2026 |
3.7 |
| CVE-2026-40209 |
Denial of service via IXFR queries |
25.06.2026 |
5.3 |
| CVE-2026-40210 |
Out-of-bounds read in SetMacAddrAction |
25.06.2026 |
4.8 |
| CVE-2026-40211 |
Denial of service via crafted DoH3 queries |
25.06.2026 |
5.3 |
| CVE-2026-42004 |
EDNS options smuggling |
25.06.2026 |
3.7 |
| CVE-2026-42005 |
Insufficient input validation of internal web server |
25.06.2026 |
4.3 |
| CVE-2026-41566 |
Apache Kvrocks: Improper permission for the APPLYBATCH command |
25.06.2026 |
|
| CVE-2026-45188 |
Apache Kvrocks: Replication Fullsync Path Traversal via Unvalidated Filename Handling |
25.06.2026 |
|
| CVE-2026-46751 |
Apache Kvrocks: Does not remove the unsafe loadstring function from its Lua sandbox, allowing a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of service. |
25.06.2026 |
|
| CVE-2026-46752 |
Apache Kvrocks: Stack buffer overflow in Lua bit.tohex() |
25.06.2026 |
|
| CVE-2026-53131 |
netfilter: require Ethernet MAC header before using eth_hdr() |
25.06.2026 |
|
| CVE-2026-53132 |
vsock/virtio: fix potential unbounded skb queue |
25.06.2026 |
|
| CVE-2026-53133 |
RDMA/umem: Fix truncation for block sizes >= 4G |
25.06.2026 |
|
| CVE-2026-53134 |
netfilter: nft_fib: fix stale stack leak via the OIFNAME register |
25.06.2026 |
|
| CVE-2026-53135 |
drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs |
25.06.2026 |
|
| CVE-2026-53136 |
drm/amd/display: Clamp VBIOS HDMI retimer register count to array size |
25.06.2026 |
|
| CVE-2026-53137 |
drm/amd/display: Clamp HDMI HDCP2 rx_id_list read to buffer size |
25.06.2026 |
|
| CVE-2026-53138 |
drm/amd/display: Bound VBIOS record-chain walk loops |
25.06.2026 |
|
| CVE-2026-53139 |
drm/v3d: Skip CSD when it has zeroed workgroups |
25.06.2026 |
|
| CVE-2026-53140 |
drm/v3d: Fix vaddr leak when indirect CSD has zeroed workgroups |
25.06.2026 |
|
| CVE-2026-53141 |
drm/v3d: Fix global performance monitor reference counting |
25.06.2026 |
|
| CVE-2026-53142 |
drm/xe/display: fix oops in suspend/shutdown without display |
25.06.2026 |
|
| CVE-2026-53143 |
drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 |
25.06.2026 |
|
| CVE-2026-53144 |
drm/amdkfd: fix NULL dereference in get_queue_ids() |
25.06.2026 |
|
| CVE-2026-53145 |
drm/gem: Try to fix change_handle ioctl, attempt 4 |
25.06.2026 |
|
| CVE-2026-53146 |
thunderbolt: Limit XDomain response copy to actual frame size |
25.06.2026 |
|
| CVE-2026-53147 |
thunderbolt: Validate XDomain request packet size before type cast |
25.06.2026 |
|
| CVE-2026-53148 |
thunderbolt: Clamp XDomain response data copy to allocation size |
25.06.2026 |
|
| CVE-2026-53149 |
thunderbolt: Bound root directory content to block size |
25.06.2026 |
|
| CVE-2026-53150 |
thunderbolt: Reject zero-length property entries in validator |
25.06.2026 |
|
| CVE-2026-53151 |
rxrpc: Fix the ACK parser to extract the SACK table for parsing |
25.06.2026 |
|
| CVE-2026-53152 |
mmc: dw_mmc-rockchip: Add missing private data for very old controllers |
25.06.2026 |
|
| CVE-2026-53153 |
mm/list_lru: drain before clearing xarray entry on reparent |
25.06.2026 |
|
| CVE-2026-53154 |
mm/hugetlb: restore reservation on error in hugetlb folio copy paths |
25.06.2026 |
|
| CVE-2026-53155 |
mm/huge_memory: use correct flags for device private PMD entry |
25.06.2026 |
|
| CVE-2026-53156 |
nvmem: core: fix use-after-free bugs in error paths |
25.06.2026 |
|
| CVE-2026-53157 |
net: phonet: free phonet_device after RCU grace period |
25.06.2026 |
|
| CVE-2026-53158 |
misc: fastrpc: Fix NULL pointer dereference in rpmsg callback |
25.06.2026 |
|
| CVE-2026-53159 |
misc: fastrpc: fix DMA address corruption due to find_vma misuse |
25.06.2026 |
|
| CVE-2026-53160 |
misc: fastrpc: fix use-after-free race in fastrpc_map_create |
25.06.2026 |
|
| CVE-2026-53161 |
misc: fastrpc: fix use-after-free of fastrpc_user in workqueue context |
25.06.2026 |
|
| CVE-2026-53162 |
memcg: use round-robin victim selection in refill_stock |
25.06.2026 |
|
| CVE-2026-53163 |
locking/rtmutex: Skip remove_waiter() when waiter is not enqueued |
25.06.2026 |
|
| CVE-2026-53164 |
iommu/dma: Do not try to iommu_map a 0 length region in swiotlb |
25.06.2026 |
|
| CVE-2026-53165 |
iomap: avoid potential null folio->mapping deref during error reporting |
25.06.2026 |
|
| CVE-2026-53166 |
futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock |
25.06.2026 |
|
| CVE-2026-53167 |
fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios |
25.06.2026 |
|
| CVE-2026-53168 |
fuse: reject fuse_notify() pagecache ops on directories |
25.06.2026 |
|
| CVE-2026-53169 |
accel/ethosu: reject NPU_OP_RESIZE commands from userspace |
25.06.2026 |
|
| CVE-2026-53170 |
accel/ethosu: reject DMA commands with uninitialized length |
25.06.2026 |
|
| CVE-2026-53171 |
accel/ethosu: fix arithmetic issues in dma_length() |
25.06.2026 |
|
| CVE-2026-53172 |
accel/ethosu: fix IFM region index out-of-bounds in command stream parser |
25.06.2026 |
|
| CVE-2026-53173 |
accel/ethosu: fix OOB write in ethosu_gem_cmdstream_copy_and_validate() |
25.06.2026 |
|
| CVE-2026-53174 |
ovl: keep err zero after successful ovl_cache_get() |
25.06.2026 |
|
| CVE-2026-53175 |
inet: frags: fix use-after-free caused by the fqdir_pre_exit() flush |
25.06.2026 |
|
| CVE-2026-53176 |
IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN |
25.06.2026 |
|
| CVE-2026-53177 |
bnxt_en: Fix NULL pointer dereference |
25.06.2026 |
|
| CVE-2026-53178 |
staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction |
25.06.2026 |
|
| CVE-2026-53179 |
staging: rtl8723bs: fix buffer over-read in rtw_update_protection |
25.06.2026 |
|
| CVE-2026-53180 |
timers/migration: Fix livelock in tmigr_handle_remote_up() |
25.06.2026 |
|
| CVE-2026-53181 |
vsock/vmci: fix sk_ack_backlog leak on failed handshake |
25.06.2026 |
|
| CVE-2026-53182 |
wifi: nl80211: reject oversized EMA RNR lists |
25.06.2026 |
|
| CVE-2026-53183 |
mptcp: allow subflow rcv wnd to shrink |
25.06.2026 |
|
| CVE-2026-53184 |
udp: clear skb->dev before running a sockmap verdict |
25.06.2026 |
|
| CVE-2026-53185 |
zram: fix use-after-free in zram_bvec_write_partial() |
25.06.2026 |
|
| CVE-2026-53186 |
RDMA/srp: bound SRP_RSP sense copy by the received length |
25.06.2026 |
|
| CVE-2026-53187 |
RDMA/core: Validate cpu_id against nr_cpu_ids in DMAH alloc |
25.06.2026 |
|
| CVE-2026-53188 |
RDMA/core: Validate the passed in fops for ib_get_ucaps() |
25.06.2026 |
|
| CVE-2026-53189 |
mm/huge_memory: update file PMD counter before folio_put() |
25.06.2026 |
|
| CVE-2026-53190 |
drm/virtio: fix dma_fence refcount leak on error in virtio_gpu_dma_fence_wait() |
25.06.2026 |
|
| CVE-2026-53191 |
io_uring/net: inherit IORING_CQE_F_BUF_MORE across bundle recv retries |
25.06.2026 |
|
| CVE-2026-53192 |
ALSA: timer: Fix UAF at snd_timer_user_params() |
25.06.2026 |
|
| CVE-2026-53193 |
ALSA: timer: Forcibly close timer instances at closing |
25.06.2026 |
|
| CVE-2026-53194 |
USB: serial: kl5kusb105: fix bulk-out buffer overflow |
25.06.2026 |
|
| CVE-2026-53195 |
USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr() |
25.06.2026 |
|
| CVE-2026-53196 |
USB: serial: io_ti: fix heap overflow in get_manuf_info() |
25.06.2026 |
|
| CVE-2026-53197 |
xfrm: iptfs: fix ABBA deadlock in iptfs_destroy_state() |
25.06.2026 |
|
| CVE-2026-53198 |
ksmbd: fix use-after-free of a deferred file_lock on double SMB2_CANCEL |
25.06.2026 |
|
| CVE-2026-53199 |
hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf |
25.06.2026 |
|
| CVE-2026-53200 |
KVM: arm64: nv: Fix handling of XN[0] when !FEAT_XNX |
25.06.2026 |
|
| CVE-2026-53201 |
Revert "drm/xe: Skip exec queue schedule toggle if queue is idle during suspend" |
25.06.2026 |
|
| CVE-2026-53202 |
accel/ivpu: Fix signed integer truncation in IPC receive |
25.06.2026 |
|
| CVE-2026-53203 |
accel/ivpu: Add buffer overflow check in MS get_info_ioctl |
25.06.2026 |
|
| CVE-2026-53204 |
firmware: stratix10-rsu: Fix NULL deref on rsu_send_msg() timeout in probe |
25.06.2026 |
|
| CVE-2026-53205 |
accel/ivpu: Add bounds checks for firmware log indices |
25.06.2026 |
|
| CVE-2026-53206 |
accel/ivpu: Add bounds check for firmware runtime memory |
25.06.2026 |
|
| CVE-2026-53207 |
mm/memory-failure: fix hugetlb_lock AA deadlock in get_huge_page_for_hwpoison |
25.06.2026 |
|
| CVE-2026-53208 |
Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig |
25.06.2026 |
|
| CVE-2026-53209 |
Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend |
25.06.2026 |
|
| CVE-2026-53210 |
tee: shm: fix shm leak in register_shm_helper() |
25.06.2026 |
|
| CVE-2026-53211 |
netfilter: nft_meta_bridge: fix stale stack leak via IIFHWADDR register |
25.06.2026 |
|
| CVE-2026-53212 |
netfilter: nft_tunnel: fix use-after-free on object destroy |
25.06.2026 |
|
| CVE-2026-53213 |
drm/vc4: fix krealloc() memory leak |
25.06.2026 |
|
| CVE-2026-53214 |
ipv6: Fix a potential NPD in cleanup_prefix_route() |
25.06.2026 |
|
| CVE-2026-53215 |
net: mvpp2: refill RX buffers before XDP or skb use |
25.06.2026 |
|
| CVE-2026-53216 |
net: mvpp2: limit XDP frame size to the RX buffer |
25.06.2026 |
|
| CVE-2026-53217 |
net: mvpp2: sync RX data at the hardware packet offset |
25.06.2026 |
|
| CVE-2026-53218 |
netfilter: nft_exthdr: fix register tracking for F_PRESENT flag |
25.06.2026 |
|
| CVE-2026-53219 |
netfilter: x_tables: avoid leaking percpu counter pointers |
25.06.2026 |
|
| CVE-2026-53220 |
netfilter: revalidate bridge ports |
25.06.2026 |
|
| CVE-2026-53221 |
ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() |
25.06.2026 |
|
| CVE-2026-53222 |
ptp: ocp: fix resource freeing order |
25.06.2026 |
|
| CVE-2026-53223 |
net: guard timestamp cmsgs to real error queue skbs |
25.06.2026 |
|
| CVE-2026-53224 |
sctp: validate embedded INIT chunk and address list lengths in cookie |
25.06.2026 |
|
| CVE-2026-53225 |
sctp: fix uninit-value in __sctp_rcv_asconf_lookup() |
25.06.2026 |
|
| CVE-2026-53226 |
gpio: rockchip: fix generic IRQ chip leak on remove |
25.06.2026 |
|
| CVE-2026-53227 |
net: openvswitch: fix possible kfree_skb of ERR_PTR |
25.06.2026 |
|
| CVE-2026-53228 |
ipv6: sit: reload inner IPv6 header after GSO offloads |
25.06.2026 |
|
| CVE-2026-53229 |
net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure |
25.06.2026 |
|
| CVE-2026-53230 |
net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list |
25.06.2026 |
|
| CVE-2026-53231 |
net: phy: don't try to setup PHY-driven SFP cages when using genphy |
25.06.2026 |
|
| CVE-2026-53232 |
net: phy: clean the sfp upstream if phy probing fails |
25.06.2026 |
|
| CVE-2026-53233 |
netdev: fix double-free in netdev_nl_bind_rx_doit() |
25.06.2026 |
|
| CVE-2026-53234 |
net: ibm: emac: Fix use-after-free during device removal |
25.06.2026 |
|
| CVE-2026-53235 |
net: add pskb_may_pull() to skb_gro_receive_list() |
25.06.2026 |
|
| CVE-2026-53236 |
tcp: restrict SO_ATTACH_FILTER to priv users |
25.06.2026 |
|
| CVE-2026-53237 |
gpio: mvebu: fix NULL pointer dereference in suspend/resume |
25.06.2026 |
|
| CVE-2026-53238 |
netlabel: validate unlabeled address and mask attribute lengths |
25.06.2026 |
|
| CVE-2026-53239 |
xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx() |
25.06.2026 |
|
| CVE-2026-53240 |
xfrm: iptfs: fix use-after-free on first_skb in __input_process_payload |
25.06.2026 |
|
| CVE-2026-53241 |
ALSA: seq: dummy: fix UMP event stack overread |
25.06.2026 |
|
| CVE-2026-53242 |
ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams |
25.06.2026 |
|
| CVE-2026-53243 |
rseq: Fix using an uninitialized stack variable in rseq_exit_user_update() |
25.06.2026 |
|
| CVE-2026-53244 |
VFS: fix possible failure to unlock in nfsd4_create_file() |
25.06.2026 |
|
| CVE-2026-53245 |
net/802/mrp: fix vector attribute parsing in mrp_pdu_parse_vecattr |
25.06.2026 |
|
| CVE-2026-53246 |
sctp: validate cached peer INIT chunk length in COOKIE_ECHO processing |
25.06.2026 |
|
| CVE-2026-53247 |
net: ethernet: mtk_eth_soc: Fix use-after-free in metadata dst teardown |
25.06.2026 |
|
| CVE-2026-53248 |
net: airoha: Fix use-after-free in metadata dst teardown |
25.06.2026 |
|
| CVE-2026-53249 |
ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options |
25.06.2026 |
|
| CVE-2026-53250 |
xsk: cache csum_start/csum_offset to fix TOCTOU in xsk_skb_metadata() |
25.06.2026 |
|
| CVE-2026-53251 |
Bluetooth: ISO: Fix not releasing hdev reference on iso_conn_big_sync |
25.06.2026 |
|
| CVE-2026-53252 |
Bluetooth: fix memory leak in error path of hci_alloc_dev() |
25.06.2026 |
|
| CVE-2026-53253 |
Bluetooth: bnep: reject short frames before parsing |
25.06.2026 |
|
| CVE-2026-53254 |
Bluetooth: RFCOMM: validate skb length in MCC handlers |
25.06.2026 |
|
| CVE-2026-53255 |
Bluetooth: MGMT: validate advertising TLV before type checks |
25.06.2026 |
|
| CVE-2026-53256 |
Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind() |
25.06.2026 |
|
| CVE-2026-53257 |
wifi: cfg80211: enforce HE/EHT cap/oper consistency |
25.06.2026 |
|
| CVE-2026-53258 |
wifi: fix leak if split 6 GHz scanning fails |
25.06.2026 |
|
| CVE-2026-53259 |
ipv6: anycast: insert aca into global hash under idev->lock |
25.06.2026 |
|
| CVE-2026-53260 |
tcp: Add preempt_{disable,enable}_nested() in reqsk_queue_hash_req(). |
25.06.2026 |
|
| CVE-2026-53261 |
devlink: Release nested relation on devlink free |
25.06.2026 |
|
| CVE-2026-53262 |
l2tp: pppol2tp: hold reference to session in pppol2tp_ioctl() |
25.06.2026 |
|
| CVE-2026-53263 |
6lowpan: fix off-by-one in multicast context address compression |
25.06.2026 |
|
| CVE-2026-53264 |
net/sched: act_api: use RCU with deferred freeing for action lifecycle |
25.06.2026 |
|
| CVE-2026-53265 |
dm cache policy smq: check allocation under invalidate lock |
25.06.2026 |
|
| CVE-2026-53266 |
netfilter: bridge: make ebt_snat ARP rewrite writable |
25.06.2026 |
|
| CVE-2026-53267 |
netfilter: nft_ct: bail out on template ct in get eval |
25.06.2026 |
|
| CVE-2026-53268 |
netfilter: conntrack_irc: fix possible out-of-bounds read |
25.06.2026 |
|
| CVE-2026-53269 |
netfilter: synproxy: add mutex to guard hook reference counting |
25.06.2026 |
|
| CVE-2026-53270 |
ipvs: clear the svc scheduler ptr early on edit |
25.06.2026 |
|
| CVE-2026-53271 |
ksmbd: fix NULL-deref of opinfo->conn in oplock/lease break notifiers |
25.06.2026 |
|
| CVE-2026-53272 |
erofs: fix use-after-free on sbi->sync_decompress |
25.06.2026 |
|
| CVE-2026-53273 |
tee: optee: prevent use-after-free when the client exits before the supplicant |
25.06.2026 |
|
| CVE-2026-53274 |
net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS |
25.06.2026 |
|
| CVE-2026-53275 |
ipv6: mcast: Fix use-after-free when processing MLD queries |
25.06.2026 |
|
| CVE-2026-53276 |
Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer |
25.06.2026 |
|
| CVE-2026-53277 |
KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation |
25.06.2026 |
|
| CVE-2026-54226 |
Apache Kvrocks: RESTORE IntSet Integer Overflow Leads to Remote DoS |
25.06.2026 |
|
| CVE-2026-56091 |
Apache Shiro: Authentication bypass in Guice-Web integration |
25.06.2026 |
|
| CVE-2026-56130 |
Apache Shiro: Remember-me cookie isn't checked for expiry on the server |
25.06.2026 |
|
| CVE-2026-12937 |
Tourfic <= 2.22.7 - Unauthenticated SQL Injection via 'post_id' Parameter |
25.06.2026 |
7.5 |
| CVE-2026-56129 |
|
25.06.2026 |
5.5 |
| CVE-2026-10824 |
Masteriyo LMS < 2.2.1 - Unauthenticated Course Progress Disclosure and Deletion |
25.06.2026 |
|
| CVE-2026-12244 |
Heap overflow and crash with crafted SVCB RR |
25.06.2026 |
|
| CVE-2026-12245 |
Denial of DNS over TLS service by any DoT client |
25.06.2026 |
|
| CVE-2026-12246 |
Out of bounds stack write with crafted APL RR |
25.06.2026 |
|
| CVE-2026-12490 |
Bypass of client certificate verification with transfer over TLS |
25.06.2026 |
|
| CVE-2026-5305 |
Email Address Encoder (Free < 1.0.25, Premium < 0.3.12) - Unauthenticated Stored XSS |
25.06.2026 |
|
| CVE-2026-9702 |
InPost PL < 1.9.1 - Unauthenticated WooCommerce Order Parcel-Locker Hijacking |
25.06.2026 |
|
| CVE-2026-0934 |
Incorrect Authorization in GitLab |
25.06.2026 |
3.8 |
| CVE-2026-10086 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
25.06.2026 |
8.7 |
| CVE-2026-10712 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
25.06.2026 |
8 |
| CVE-2026-11379 |
Incorrect Authorization in GitLab |
25.06.2026 |
5.3 |
| CVE-2026-12053 |
Insertion of Sensitive Information into Log File in GitLab |
25.06.2026 |
8.6 |
| CVE-2026-12635 |
Reliance on Reverse DNS Resolution for a Security-Critical Action in GitLab |
25.06.2026 |
0 |
| CVE-2026-13311 |
shell-quote parse() is quadratic in token count, enabling denial of service |
25.06.2026 |
|
| CVE-2026-1606 |
Improper Control of Generation of Code ('Code Injection') in GitLab |
25.06.2026 |
4.3 |
| CVE-2026-2238 |
Missing Authorization in GitLab |
25.06.2026 |
5.3 |
| CVE-2026-3176 |
Missing Authorization in GitLab |
25.06.2026 |
3.1 |
| CVE-2026-5309 |
Authorization Bypass Through User-Controlled Key in GitLab |
25.06.2026 |
5.4 |
| CVE-2026-5796 |
Incorrect Authorization in GitLab |
25.06.2026 |
4.3 |
| CVE-2026-5952 |
Incorrect Authorization in GitLab |
25.06.2026 |
4.3 |
| CVE-2026-8330 |
Insertion of Sensitive Information into Log File in GitLab |
25.06.2026 |
4.4 |
| CVE-2026-10833 |
Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'configurablePrefix' Block Attribute |
25.06.2026 |
6.4 |
| CVE-2026-12077 |
Dokan Pro <= 5.0.4 - Unauthenticated SQL Injection via 'latitude' and 'longitude' Parameters |
25.06.2026 |
7.5 |
| CVE-2026-12079 |
Dokan Pro <= 5.0.4 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter |
25.06.2026 |
6.5 |
| CVE-2026-2508 |
Gravity Forms Booking <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection via 'staff_id' |
25.06.2026 |
6.5 |
| CVE-2026-8658 |
OS Command Injection in Rapid7 InsightConnect Tcpdump Plugin |
25.06.2026 |
6 |
| CVE-2026-8662 |
Path Traversal in Rapid7 InsightConnect Compression Plugin |
25.06.2026 |
3.3 |
| CVE-2026-8592 |
OS Command Injection in Rapid7 InsightConnect AWK Plugin |
25.06.2026 |
7.7 |
| CVE-2026-8660 |
OS Command Injection in Rapid7 InsightConnect Ping Plugin |
25.06.2026 |
7.7 |
| CVE-2026-8664 |
OS Command Injection in Rapid7 InsightConnect Finger Plugin |
25.06.2026 |
6 |
| CVE-2026-8665 |
OS Command Injection in Rapid7 InsightConnect Translate Plugin |
25.06.2026 |
7.7 |
| CVE-2026-8666 |
OS Command Injection in Rapid7 InsightConnect Traceroute Plugin |
25.06.2026 |
7.7 |
| CVE-2026-57589 |
|
25.06.2026 |
7.4 |
| CVE-2026-9153 |
Arbitrary File Read in Rapid7 InsightConnect Sed Plugin |
25.06.2026 |
6.5 |
| CVE-2026-9154 |
Arbitrary File Write in Rapid7 InsightConnect Sed Plugin |
25.06.2026 |
7.1 |
| CVE-2026-9155 |
OS Command Injection in Rapid7 InsightConnect Sed Plugin via expression parameter. |
25.06.2026 |
8.8 |
| CVE-2026-8659 |
OS Command Injection in Rapid7 InsightConnect SQLmap Plugin |
25.06.2026 |
6 |
| CVE-2026-8663 |
OS Command Injection in Rapid7 InsightConnect RPM Plugin |
25.06.2026 |
6 |
| CVE-2025-60466 |
|
25.06.2026 |
|
| CVE-2025-60473 |
|
25.06.2026 |
|
| CVE-2026-39951 |
Cacti: Stored SQL Injection via graph_name_regexp in Reports feature |
24.06.2026 |
7.6 |
| CVE-2026-40079 |
Cacti: Command Injection via escape_command() no-op in RRDtool execution |
24.06.2026 |
|
| CVE-2026-7569 |
Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability |
25.06.2026 |
|
| CVE-2026-7570 |
Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability |
25.06.2026 |
|
| CVE-2026-9780 |
Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability |
25.06.2026 |
|
| CVE-2026-9781 |
Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability |
25.06.2026 |
|
| CVE-2026-9782 |
Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability |
25.06.2026 |
|
| CVE-2026-9783 |
Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability |
25.06.2026 |
|
| CVE-2026-9784 |
Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability |
25.06.2026 |
|
| CVE-2026-9785 |
Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability |
25.06.2026 |
|
| CVE-2026-9786 |
Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability |
25.06.2026 |
|
| CVE-2026-9787 |
Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability |
25.06.2026 |
|
| CVE-2025-60467 |
|
25.06.2026 |
|
| CVE-2025-60474 |
|
25.06.2026 |
|
| CVE-2026-39948 |
Cacti has SQL Injection via rfilter parameter in RLIKE clauses |
25.06.2026 |
|
| CVE-2026-39955 |
Cacti has Pre-Authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php |
25.06.2026 |
9.8 |
| CVE-2025-8106 |
|
24.06.2026 |
|
| CVE-2026-39899 |
Cacti: Path Traversal via filename parameter in package_import.php |
24.06.2026 |
|
| CVE-2026-39900 |
Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context |
25.06.2026 |
|
| CVE-2026-39938 |
Cacti: Unauthenticated RCE on Graph Image |
25.06.2026 |
9.8 |
| CVE-2025-60468 |
|
25.06.2026 |
|
| CVE-2026-2050 |
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
25.06.2026 |
|
| CVE-2026-39893 |
Cacti: Pre-authentication SQL injection via rfilter RLIKE clause in graph_view.php |
25.06.2026 |
9.8 |
| CVE-2026-39894 |
Cacti: RRDtool metric shift via LC_NUMERIC locale comma decimal formatting |
25.06.2026 |
2.9 |
| CVE-2026-39897 |
Cacti has a Reflected XSS Vulnerability via html_auth_footer |
25.06.2026 |
|
| CVE-2026-49979 |
Appsmith: SSRF via `POST /api/v1/admin/send-test-email` — JavaMail Bypasses WebClient IP Filter |
24.06.2026 |
|
| CVE-2026-10043 |
MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability |
25.06.2026 |
|
| CVE-2026-10642 |
Unbounded TX busy-loop DoS in Zephyr PL011 UART driver under CTS hardware flow control |
25.06.2026 |
6.5 |
| CVE-2026-47093 |
|
24.06.2026 |
|
| CVE-2026-47110 |
Tiptap for PHP < 2.1.1 DoS via Malformed href Attribute |
24.06.2026 |
|
| CVE-2026-50189 |
Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route |
25.06.2026 |
|
| CVE-2026-50551 |
SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content |
25.06.2026 |
9.9 |
| CVE-2026-52794 |
Sentry: Inefficient Regular Expression Complexity in sentry |
25.06.2026 |
7.5 |
| CVE-2026-53765 |
chrome-devtools-mcp: daemon.pid write follows symlinks in /tmp fallback runtime directory |
24.06.2026 |
6.1 |
| CVE-2026-53766 |
chrome-devtools-mcp: validatePath() does not canonicalize symlinks before enforcing roots |
24.06.2026 |
6.1 |
| CVE-2026-54066 |
SiYuan: Path Traversal via Double URL Encoding in /assets/*path (publish mode arbitrary file─read) |
25.06.2026 |
7.5 |
| CVE-2026-54067 |
SiYuan: Stored XSS to RCE via CSS-snippet <style> breakout in renderSnippet() |
25.06.2026 |
9.9 |
| CVE-2026-54068 |
SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon |
25.06.2026 |
5.9 |
| CVE-2026-54069 |
SiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist |
25.06.2026 |
|
| CVE-2026-54070 |
SiYuan: Stored XSS in Bazaar marketplace via package README event handlers |
24.06.2026 |
7.1 |
| CVE-2026-54158 |
SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML() |
24.06.2026 |
9.9 |
| CVE-2026-54759 |
SiYuan: Lute HTML sanitizer allows `<iframe>` tags in Bazaar package README, leading to arbitrary command execution via SiYuan Electron client |
25.06.2026 |
|
| CVE-2026-55454 |
Appsmith: Caddy admin API exposed without authentication |
25.06.2026 |
9.9 |
| CVE-2026-55455 |
Appsmith: SSRF in REST API / GraphQL datasource plugins via insufficient host denylist |
25.06.2026 |
|
| CVE-2026-55570 |
SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375's patch) |
25.06.2026 |
9 |
| CVE-2026-55666 |
Rocket.Chat: Email Parameter Fallback Leads To Account Takeover Within Apple OAuth |
24.06.2026 |
|
| CVE-2026-55759 |
Rocket.Chat: Apple Sign-In skips JWT claims validation, allowing expired and cross-audience token replay |
24.06.2026 |
7.4 |
| CVE-2026-55762 |
Rocket.Chat: Any Authenticated User Can Permanently Deregister Workspace from Rocket.Chat Cloud via Unprotected `/api/v1/fingerprint` Endpoint |
25.06.2026 |
8.1 |
| CVE-2026-9772 |
Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability |
25.06.2026 |
|
| CVE-2026-9773 |
Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability |
25.06.2026 |
|
| CVE-2026-9774 |
ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability |
25.06.2026 |
|
| CVE-2026-9775 |
ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability |
25.06.2026 |
|
| CVE-2026-9776 |
ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability |
25.06.2026 |
|
| CVE-2026-9777 |
ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability |
25.06.2026 |
|
| CVE-2026-9778 |
ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability |
25.06.2026 |
|
| CVE-2026-9779 |
ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability |
25.06.2026 |
|
| CVE-2026-11998 |
AngularJS XSS via SCE resource URL sanitization bypass |
25.06.2026 |
7.6 |
| CVE-2026-13201 |
Kubevirt: virt-handler-rhel9: kubevirt: safepath openatnofollow symlink following via /proc/self/fd allows host file metadata modification |
24.06.2026 |
|
| CVE-2026-13208 |
Kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts vmi identity from unauthenticated grpc request body |
25.06.2026 |
|
| CVE-2026-31978 |
motionEye: Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint |
24.06.2026 |
6.5 |
| CVE-2026-32315 |
motionEye: World-Readable Configuration File Exposes Admin Password Hash |
25.06.2026 |
5.5 |
| CVE-2026-33235 |
AutoGPT: Denial of Service (DoS) via Resource Exhaustion in text templating features |
24.06.2026 |
7.7 |
| CVE-2026-33543 |
FOSSBilling: Authentication bypass allows unauthenticated administrator creation |
25.06.2026 |
|
| CVE-2026-45677 |
Rocket.Chat: Lack of SAML Signature Check During Logout Could Lead To DoS |
25.06.2026 |
|
| CVE-2026-45687 |
Rocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessage |
24.06.2026 |
8.5 |
| CVE-2026-45688 |
Rocket.Chat: Pre-Auth NoSQL Injection in CAS Login Handler leading to Arbitrary CAS/SAML User Session Hijack |
24.06.2026 |
9.1 |
| CVE-2026-45689 |
Rocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATO |
25.06.2026 |
9.1 |
| CVE-2026-45757 |
Rocket.Chat: users.deactivateIdle` deactivates accounts without revoking existing login tokens |
25.06.2026 |
|
| CVE-2026-46423 |
Rocket.Chat: SAML signature validation skipped when IdP certificate field is empty |
25.06.2026 |
|
| CVE-2026-47733 |
Rocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown images |
25.06.2026 |
4.4 |
| CVE-2026-49277 |
Rocket.Chat: OAuth access and refresh tokens remain valid after account deactivation |
24.06.2026 |
|
| CVE-2026-49278 |
Rocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor Impersonation |
24.06.2026 |
6.7 |
| CVE-2026-52797 |
Gogs: Overwriting critical files results in a denial of service |
25.06.2026 |
8.5 |
| CVE-2026-52808 |
Gogs: Write-level collaborators can mutate admin-only repository settings via API |
25.06.2026 |
7.1 |
| CVE-2026-52809 |
Gogs: Password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES |
25.06.2026 |
6.8 |
| CVE-2026-52810 |
Gogs: Write to readonly repositories using receive-pack + service=git-upload-pack confusion |
25.06.2026 |
|
| CVE-2026-52811 |
Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym |
24.06.2026 |
|
| CVE-2026-52812 |
Gogs: LFS dedupe path leaks private repo content across tenants |
24.06.2026 |
|
| CVE-2026-52813 |
Gogs: Path Traversal in organization name results in RCE through Git hooks |
25.06.2026 |
10 |
| CVE-2025-64719 |
Gogs: Denial of Service in repository/wiki file listing web pages |
24.06.2026 |
4.9 |
| CVE-2026-1840 |
Missing authentication for critical function in Hubbell Aclara Metrum Cellular Web Interface |
25.06.2026 |
|
| CVE-2026-25119 |
Gogs: Authentication Bypass via Unvalidated Reverse Proxy Headers |
24.06.2026 |
|
| CVE-2026-47267 |
Gogs: SSRF in webhook deliveries |
25.06.2026 |
8.3 |
| CVE-2026-50128 |
Mastodon: Spoofing of attribution domains |
25.06.2026 |
5.3 |
| CVE-2026-50129 |
Mastodon: Persistent anonymous DoS via unhandled NoMethodError in MATH_TRANSFORMER |
25.06.2026 |
7.5 |
| CVE-2026-52795 |
Gogs: Authorization Bypass in Watch API allows any user to monitor private repository activity |
25.06.2026 |
4.3 |
| CVE-2026-52796 |
Gogs: DoS in rendering issue index pattern |
24.06.2026 |
3.5 |
| CVE-2026-52798 |
Gogs: Stored XSS in `.ipynb` Preview |
24.06.2026 |
8.9 |
| CVE-2026-52799 |
Gogs: Missing Authorization in Attachment Download |
25.06.2026 |
7.5 |
| CVE-2026-52800 |
Gogs: CSRF Leading to Organization Owner Takeover |
25.06.2026 |
8.8 |
| CVE-2026-52801 |
Gogs: Ability to import local repositories via Mirror Settings |
25.06.2026 |
8.1 |
| CVE-2026-52802 |
Gogs: Open Redirect via redirect_to in Gogs |
24.06.2026 |
5.4 |
| CVE-2026-52804 |
Gogs: Privilege Escalation via Collaboration Access Mode Validation |
24.06.2026 |
|
| CVE-2026-52805 |
Gogs: Migration Redirect Bypass Leads to Internal Repository Theft |
24.06.2026 |
8.7 |
| CVE-2026-52806 |
Gogs: RCE via git rebase --exec argument injection in pull request merge |
25.06.2026 |
9.9 |
| CVE-2026-52807 |
Gogs: DOM-based XSS via Milestone Name on New Issue Page |
25.06.2026 |
|
| CVE-2026-52814 |
Gogs: Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion) |
25.06.2026 |
|
| CVE-2026-52815 |
Gogs: Unauthenticated Organization Teams Information Disclosure via API |
25.06.2026 |
|
| CVE-2026-52816 |
Gogs: Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS |
24.06.2026 |
|
| CVE-2026-7539 |
HP Dock Accessory WMI Provider Installer Security Update |
25.06.2026 |
|
| CVE-2026-23879 |
py7zr: Arbitrary File Write Vulnerability |
24.06.2026 |
8 |
| CVE-2026-27708 |
FOSSBilling: IDOR in Servicecustom Client API allows cross-client data access |
24.06.2026 |
|
| CVE-2026-46348 |
Mastodon: SSRF Bypass via IPv6 Unspecified Address (::) |
24.06.2026 |
|
| CVE-2026-46349 |
Mastodon: LD-Signature Bypass via JSON-LD Named-Graph Restructuring |
25.06.2026 |
5.3 |
| CVE-2026-47389 |
Mastodon: SSRF protection bypass on older Ruby versions |
24.06.2026 |
8.6 |
| CVE-2026-48028 |
Mastodon: Removal of integrity-protected JSON entries from signed activities |
25.06.2026 |
6.5 |
| CVE-2026-55583 |
Twenty: Cross-workspace IDOR in AgentTurnResolver |
24.06.2026 |
7.6 |
| CVE-2025-60471 |
|
24.06.2026 |
|
| CVE-2026-13021 |
|
24.06.2026 |
|
| CVE-2026-13022 |
|
24.06.2026 |
|
| CVE-2026-13023 |
|
24.06.2026 |
|
| CVE-2026-13024 |
|
24.06.2026 |
|
| CVE-2026-13025 |
|
25.06.2026 |
|
| CVE-2026-13026 |
|
25.06.2026 |
|
| CVE-2026-13027 |
|
25.06.2026 |
|
| CVE-2026-13028 |
|
25.06.2026 |
|
| CVE-2026-13029 |
|
25.06.2026 |
|
| CVE-2026-13030 |
|
24.06.2026 |
|
| CVE-2026-13031 |
|
25.06.2026 |
|
| CVE-2026-13032 |
|
25.06.2026 |
|
| CVE-2026-13033 |
|
25.06.2026 |
|
| CVE-2026-13034 |
|
24.06.2026 |
|
| CVE-2026-13035 |
|
24.06.2026 |
|
| CVE-2026-13036 |
|
25.06.2026 |
|
| CVE-2026-13037 |
|
25.06.2026 |
|
| CVE-2026-13038 |
|
25.06.2026 |
|
| CVE-2026-12760 |
Denial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo C200 |
24.06.2026 |
|
| CVE-2026-48793 |
Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path |
24.06.2026 |
8.8 |
| CVE-2026-49220 |
Jellyfin: Potential XSS in user management |
24.06.2026 |
5.7 |
| CVE-2026-49246 |
Jellyfin: Potential MKV attachment filename path traversal to RCE |
24.06.2026 |
|
| CVE-2026-49247 |
Jellyfin: Potential Authenticated path traversal in /ClientLog/Document |
24.06.2026 |
8.8 |
| CVE-2026-49980 |
Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix |
25.06.2026 |
9.8 |
| CVE-2026-53943 |
Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header |
24.06.2026 |
9.6 |
| CVE-2026-53944 |
Ghost: Private IP filtering bypass to make server-side requests to internal services |
24.06.2026 |
5.8 |
| CVE-2026-53945 |
Ghost: Server-side request forgery via DNS rebinding in external request handling |
25.06.2026 |
4 |
| CVE-2026-53946 |
Ghost: Mobiledoc image-size fetch SSRF |
24.06.2026 |
5.4 |
| CVE-2026-53947 |
Ghost: Member existence leak via magic link sign-in response |
24.06.2026 |
5.3 |
| CVE-2026-53948 |
Ghost: File Upload Content-Type Spoofing |
25.06.2026 |
5.4 |
| CVE-2026-53949 |
Ghost Content API filter bypass reveals private fields |
24.06.2026 |
5.3 |
| CVE-2026-53950 |
@tryghost/activitypub: XSS in Ghost's ActivityPub client |
24.06.2026 |
7.5 |
| CVE-2026-44016 |
Docling: Unsafe Playwright-based HTML Rendering |
24.06.2026 |
8.2 |
| CVE-2026-44017 |
Docling: Unsafe Zip Extraction in EasyOCR Model Download |
24.06.2026 |
7.5 |
| CVE-2026-44020 |
Docling: Unsafe XML Entity Expansion in USPTO Patent Backend |
24.06.2026 |
7.5 |
| CVE-2026-44022 |
Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands |
25.06.2026 |
5.5 |
| CVE-2026-48703 |
Warp: Command Injection via Warp code search tool arguments |
24.06.2026 |
7.8 |
| CVE-2026-48704 |
Warp Markdown notebook links may open executable local files |
24.06.2026 |
8.8 |
| CVE-2026-48719 |
Warp branch selector command injection via Git branch names |
24.06.2026 |
8 |
| CVE-2026-48720 |
Warp: SSH remote output can lead to local file overwrite and persistence |
24.06.2026 |
8.8 |
| CVE-2026-48721 |
Warp: Env-var prefixes can lead to denylisted command autoexecution |
24.06.2026 |
8.6 |
| CVE-2026-48731 |
Warp: Linux external editor command injection |
24.06.2026 |
7.8 |
| CVE-2026-48732 |
Warp: Remote SSH cwd can lead to unauthorized remote command execution |
24.06.2026 |
8.8 |
| CVE-2026-54686 |
Warp: DCS lifecycle hook spoofing can alter terminal session metadata |
24.06.2026 |
4.3 |
| CVE-2026-54699 |
Warp: OS command injection when opening terminal links from WSL |
25.06.2026 |
7.7 |