CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-5067 Out-of-bounds read/write in HTTP WebSocket upgrade via non-null-terminated Sec-WebSocket-Key 09.06.2026 9.8
CVE-2026-27671 Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform 09.06.2026 9.8
CVE-2026-40128 Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container) 09.06.2026 9
CVE-2026-44748 XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform 09.06.2026 9.9
CVE-2026-52778 YesWiki has Unsafe eval() in Formula Calculator - Remote Code Execution (RCE) & Denial of Service (DoS) 08.06.2026 9.8
CVE-2026-25555 OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header 08.06.2026 9.3
CVE-2026-39910 STACKIT IaaS API Privilege Escalation via Service Account Attachment 08.06.2026 9.3
CVE-2026-41448 AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie 08.06.2026 9.2
CVE-2026-46442 Flowise: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape 08.06.2026 9.4
CVE-2026-47430 Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews 08.06.2026 9.5
CVE-2026-11499 Tenda HG7HG9/HG10 formDOMAINBLK stack-based overflow 08.06.2026 9.3
CVE-2023-54352 WordPress Seotheme Remote Code Execution Unauthenticated 08.06.2026 9.3
CVE-2024-58348 WordPress Background Image Cropper 1.2 Remote Code Execution 08.06.2026 9.3
CVE-2024-58349 WordPress Theme Travelscape 1.0.3 Arbitrary File Upload 08.06.2026 9.3
CVE-2026-11429 Path Traversal in Altium Git Service Allows Remote Code Execution 08.06.2026 9.4
CVE-2026-11423 Path Traversal in Altium Enterprise Server Collaboration Service Allows Privilege Escalation 08.06.2026 9.4
CVE-2026-11419 Path Traversal in Altium Enterprise Server Vault UploadController Allows Arbitrary File Write 05.06.2026 9.4
CVE-2026-11420 Path Traversal in Altium Enterprise Server NIS Allows Unauthenticated Arbitrary File Write and File Read 05.06.2026 10
CVE-2026-45758 Malicious code in guardrails-ai 0.10.1 (supply chain compromise) 08.06.2026 9.6
CVE-2026-45777 Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection 05.06.2026 9.3
CVE-2026-45779 Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise 08.06.2026 9.3
CVE-2026-11414 Unauthenticated File Exfiltration in Altium Enterprise Server Vault Service via Hard-coded Cryptographic Key and Path Traversal 05.06.2026 10
CVE-2026-10580 Hippoo Mobile App for WooCommerce <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover via REST API 06.06.2026 9.8
CVE-2026-46389 UDS Identity Config has a client authentication bypass in `ClientIdAndKubernetesSecretAuthenticator` 05.06.2026 10
CVE-2026-46395 HAX CMS Vulnerable to Private Key Disclosure via Broken HMAC Implementation 05.06.2026 9.3
CVE-2026-46396 HAX CMS has a stored XSS via <iframe> that allows access to sensitive client-side data and account takeover 05.06.2026 9.3
CVE-2026-46399 Authenticated Remote Code Execution via File Overwrite 08.06.2026 9.4
CVE-2026-46496 HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft 05.06.2026 9.3
CVE-2025-71317 NetMan 204 Hard-coded Backdoor Credentials 05.06.2026 9.3
CVE-2025-71318 NetMan 204 Missing Authentication for Administrative Functions 08.06.2026 9.3
CVE-2026-45744 Termix has an OS Command Injection in File Manager resolvePath endpoint 08.06.2026 9.9
CVE-2026-45746 Termix Vulnerable to Arbitrary Command Execution via Session Hijacking 05.06.2026 9
CVE-2026-45748 Termix Vulnerable to Remote Code Execution via SSH Tunnel Forward Command Injection 08.06.2026 9.8
CVE-2026-45750 Termix Vulnerable to Arbitrary Command Execution in File Manager 08.06.2026 9
CVE-2026-49777 WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability 08.06.2026 10
CVE-2026-6274 Authentication Bypass in DTS Electronics' Redline WR3200 08.06.2026 9.8
CVE-2026-48907 Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5 05.06.2026 10
CVE-2026-48567 Azure HorizonDB Elevation of Privilege Vulnerability 06.06.2026 10
CVE-2026-48579 Microsoft Exchange Online Information Disclosure Vulnerability 05.06.2026 9.1
CVE-2025-71316 SQLite sqldiff remote code execution via argument injection 05.06.2026 9.2
CVE-2025-67447 04.06.2026 9.8
CVE-2026-10880 Unauthenticated SQL Injection in Osnexus Quantastor 04.06.2026 9.8
CVE-2026-25550 Seagull Software BarTender Unauthenticated RCE via .NET Remoting Service 04.06.2026 9.3
CVE-2025-67446 04.06.2026 9.8
CVE-2026-10868 MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification 04.06.2026 9
CVE-2026-43986 Tautulli vulnerable to unauthenticated SSRF in /image/<hash> via attacker-seeded image hash replay 04.06.2026 9.9
CVE-2019-25727 WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download 04.06.2026 9.3
CVE-2019-25729 PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie 04.06.2026 9.3
CVE-2019-25738 WordPress Hybrid Composer 1.4.6 Unauthenticated Settings Change 04.06.2026 9.3
CVE-2019-25741 Mobatek MobaXterm 12.1 Buffer Overflow via Sessions File 04.06.2026 9.3
CVE-2026-8037 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF 05.06.2026 9.6
CVE-2026-10840 Openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to kueue and cert-manager resources 04.06.2026 9.6
CVE-2026-4104 SQLi in Akmer Informatics' TeknoPass 04.06.2026 9.8
CVE-2026-50214 Shared Secret Quota Inflation 04.06.2026 9.3
CVE-2026-50208 Permissive TrustAllCerts TLS Verification 04.06.2026 9.2
CVE-2026-50209 MDM Server Registration Overriding 04.06.2026 9.3
CVE-2026-49190 Missing Per-Instruction Authorization Checks 04.06.2026 9.4
CVE-2026-49191 Exposed Hard-coded M3WebServer Backend API Key 04.06.2026 9.3
CVE-2026-49194 SCREEN_CLICK Authentication Bypass 04.06.2026 9.4
CVE-2026-41283 04.06.2026 9.9
CVE-2026-49185 Instruction Injection via FieldX MDM 04.06.2026 10
CVE-2026-46244 netfilter: nft_inner: Fix IPv6 inner_thoff desync 05.06.2026 9.1
CVE-2026-46266 inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP 05.06.2026 9.1
CVE-2026-35075 Hardcoded default Password for Service Account 03.06.2026 9.3
CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232 04.06.2026 9.8
CVE-2026-4035 Environment Variable Resolution Vulnerability in mlflow/mlflow 03.06.2026 9.1
CVE-2026-32625 LibreChat Exfiltrates Server Secrets via MCP Server URL Injection 03.06.2026 9.6
CVE-2026-42849 authentik: Reflected XSS in SFE AutosubmitStage allows IDP account takeover 03.06.2026 9.3
CVE-2026-49448 authentik: SourceStage bypass via empty POST 03.06.2026 9.8
CVE-2026-5076 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation 02.06.2026 9.8
CVE-2026-0611 Spacelabs Healthcare Sentinel 10.5.x < 11.6.0 Unauthenticated RCE via .NET Remoting 02.06.2026 9.2
CVE-2026-42074 OpenClaude: Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input 02.06.2026 9.3

Latest Updates

CVE Title Updated Score
CVE-2025-62858 QTS, QuTS hero 09.06.2026
CVE-2026-41972 09.06.2026 5.4
CVE-2026-41973 09.06.2026 5.9
CVE-2026-41974 09.06.2026 3.6
CVE-2026-41976 09.06.2026 6.6
CVE-2026-41977 09.06.2026 5
CVE-2026-41981 09.06.2026 5.3
CVE-2026-41982 09.06.2026 6.4
CVE-2026-41983 09.06.2026 4.3
CVE-2026-41984 09.06.2026 5.2
CVE-2026-41985 09.06.2026 5.1
CVE-2026-41986 09.06.2026 2.4
CVE-2026-44083 QuMagie 09.06.2026
CVE-2026-5068 bt: l2cap le coc: remote oob write via seg counter stored in net_buf user_data 09.06.2026 7.6
CVE-2026-9698 DBI versions before 1.648 for Perl saved errors in a limited-sized buffer 09.06.2026
CVE-2026-11572 09.06.2026 8.8
CVE-2026-41539 QTS, QuTS hero 09.06.2026
CVE-2026-4986 WPForms Lite < 1.10.0.5 – Unauthenticated PayPal Webhook Forgery 09.06.2026
CVE-2026-5067 Out-of-bounds read/write in HTTP WebSocket upgrade via non-null-terminated Sec-WebSocket-Key 09.06.2026 9.8
CVE-2026-8981 Lazy Blocks < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML 09.06.2026
CVE-2026-10024 TinyMCE shortcode Addon <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute 09.06.2026 6.4
CVE-2026-10553 jQuery Hover Footnotes <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update 09.06.2026 4.3
CVE-2026-10738 jQuery Hover Footnotes <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax) 09.06.2026 6.4
CVE-2026-11603 Product Filter Widget for Elementor <= 1.0.6 - Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter 09.06.2026 6.1
CVE-2026-11623 tmux image.c image_free use after free 09.06.2026
CVE-2026-26236 QuMagie 09.06.2026
CVE-2026-40983 Micrometer gRPC server instrumentation DoS vulnerability 09.06.2026 7.5
CVE-2026-40984 Micrometer HTTP server instrumentations DoS vulnerability 09.06.2026 7.5
CVE-2026-41006 Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration 09.06.2026 7.5
CVE-2026-41007 Spring HATEOAS heap exhaustion through unbounded internal caching 09.06.2026 7.5
CVE-2026-41710 Cache Exhaustion in Stateful Retries leads to Denial of Service 09.06.2026 5.9
CVE-2026-41715 Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect 09.06.2026 6.1
CVE-2026-41720 Authentication Bypass with Empty Password in Spring LDAP 09.06.2026 7.4
CVE-2026-41838 Spring Framework Predictable Session ID in WebSocket Module 09.06.2026 4.8
CVE-2026-41839 Spring Framework Escalation via Session Fixation in WebFlux 09.06.2026 4.2
CVE-2026-41840 Spring Framework Denial of Service via Multipart Requests in WebFlux 09.06.2026 5.9
CVE-2026-41841 Spring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux 09.06.2026 5.9
CVE-2026-41842 Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux 09.06.2026 7.5
CVE-2026-41843 Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux 09.06.2026 5.9
CVE-2026-41844 Spring Framework Open Redirect in Spring MVC and WebFlux 09.06.2026 4.2
CVE-2026-41845 Spring Framework Cross-site Scripting via JavaScriptUtils 09.06.2026 7.1
CVE-2026-41846 Spring Framework Cross-site Scripting via JSP Form Tags 09.06.2026 5.9
CVE-2026-41847 Spring Framework Security Filter Bypass in WebFlux Kotlin Router DSL 09.06.2026 4.8
CVE-2026-41848 Spring Framework Denial of Service via AntPathMatcher 09.06.2026 3.7
CVE-2026-41849 Spring Framework Denial of Service via Integer Overflow in SpEL Expressions 09.06.2026 7.5
CVE-2026-41850 Spring Framework Algorithmic Denial of Service via SpEL Expressions 09.06.2026 7.5
CVE-2026-41851 Spring Framework Denial of Service via Unbounded Cache in SpEL 09.06.2026 5.3
CVE-2026-41852 Spring Framework Arbitrary Method Invocation in SpEL Expressions 09.06.2026 3.7
CVE-2026-41853 Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux 09.06.2026 5.3
CVE-2026-41854 Spring Framework Server-Side Request Forgery via UriComponentsBuilder 09.06.2026 4.2
CVE-2026-41855 Spring Framework Unsafe Deserialization via Jackson JMS Converters 09.06.2026 8.1
CVE-2026-41975 09.06.2026 6.3
CVE-2026-41978 09.06.2026 4.4
CVE-2026-41979 09.06.2026 5.5
CVE-2026-41980 09.06.2026 5.5
CVE-2026-7662 ePaperFlip Publisher <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'publicationid' Shortcode Attribute 09.06.2026 6.4
CVE-2026-8499 Helpfulcrowd Product Reviews <= 1.2.9 - Inccorect Authorization via Type Juggling in 'token' Parameter to Arbitrary Settings Update 09.06.2026 5.3
CVE-2026-8841 Extra Settings for RocketChat <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes 09.06.2026 6.4
CVE-2026-8880 RomanCart Ecommerce <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes 09.06.2026 6.4
CVE-2026-8882 WP ApplicantStack Jobs Display <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes 09.06.2026 6.4
CVE-2026-8883 Global Body Mass Index Calculator <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes 09.06.2026 6.4
CVE-2026-8895 kk blog card <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes 09.06.2026 6.4
CVE-2026-8902 AJAX Report Comments <= 2.0.4 - Cross-Site Request Forgery to Settings Update 09.06.2026 4.3
CVE-2026-8904 FastPicker, an order picker and order management system (oms) for WooCommerce on steroids <= 1.0.2 - Cross-Site Request Forgery via Settings Save 09.06.2026 4.3
CVE-2026-8907 WP-Ultimate-Map <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'zoom-level' Parameter 09.06.2026 6.1
CVE-2026-8909 WpMobi <= 0.0.3 - Cross-Site Request Forgery via save_general_settings Action 09.06.2026 4.3
CVE-2026-8910 WP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' Parameter 09.06.2026 6.1
CVE-2026-8940 WP Meta Sort Posts <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update 09.06.2026 4.3
CVE-2026-8977 WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action 09.06.2026 6.4
CVE-2026-9185 6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter 09.06.2026 7.5
CVE-2026-9662 Recover Exit For WooCommerce <= 1.0.3 - Unauthenticated Local File Inclusion via 'tpf' Parameter 09.06.2026 8.1
CVE-2026-11618 DTStack Taier Source Connection Test Endpoint LoginInterceptor.java preHandle improper authentication 09.06.2026
CVE-2026-11619 Dolibarr ERP CRM Legacy Filemanager config.inc.php improper authorization 09.06.2026
CVE-2026-11620 TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation 09.06.2026
CVE-2026-11621 Dcat-Admin User Setting upload editorMDUpload unrestricted upload 09.06.2026
CVE-2026-5714 Enable Media Replace <= 4.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'location_dir' Parameter 09.06.2026 6.4
CVE-2026-7556 FV Flowplayer Video Player <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting via Comment Text 09.06.2026 7.2
CVE-2026-10862 Accordions <= 2.3.23 - Authenticated (Custom+) Stored Cross-Site Scripting via Accordion Body Field 09.06.2026 6.4
CVE-2026-24315 Path Traversal Vulnerability in SAP Fiori (launchpad) 09.06.2026 4.2
CVE-2026-27671 Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform 09.06.2026 9.8
CVE-2026-40128 Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container) 09.06.2026 9
CVE-2026-44743 Security Misconfiguration vulnerability in SAP Business Objects 09.06.2026 3.7
CVE-2026-44744 SQL Injection vulnerability in SAP S/4HANA 09.06.2026 6.5
CVE-2026-44746 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Servlet) 09.06.2026 6.1
CVE-2026-44748 XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform 09.06.2026 9.9
CVE-2026-44750 Missing Authorization check in SAP MDG (Review Match Groups Application) 09.06.2026 4.3
CVE-2026-44751 Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform 09.06.2026 7.1
CVE-2026-44754 Missing caller identification check-in for ODP Data Replication APIs 09.06.2026 6.6
CVE-2026-44755 Email Spoofing vulnerability in SAP Business Objects Business Intelligence Platform 09.06.2026 4.3
CVE-2026-44757 Cross-Site Scripting (XSS) vulnerability in SAP Wily Introscope Enterprise Manager 09.06.2026 4.7
CVE-2026-8795 09.06.2026 7.8
CVE-2026-11628 09.06.2026
CVE-2026-11629 08.06.2026
CVE-2026-11630 08.06.2026
CVE-2026-11631 08.06.2026
CVE-2026-11632 09.06.2026
CVE-2026-11633 09.06.2026
CVE-2026-11634 09.06.2026
CVE-2026-11635 09.06.2026
CVE-2026-11636 08.06.2026
CVE-2026-11637 09.06.2026
CVE-2026-11638 09.06.2026
CVE-2026-11639 09.06.2026
CVE-2026-11640 08.06.2026
CVE-2026-11641 09.06.2026
CVE-2026-11642 09.06.2026
CVE-2026-11643 09.06.2026
CVE-2026-11644 09.06.2026
CVE-2026-11645 09.06.2026
CVE-2026-11646 09.06.2026
CVE-2026-11647 09.06.2026
CVE-2026-11648 08.06.2026
CVE-2026-11649 09.06.2026
CVE-2026-11650 09.06.2026
CVE-2026-11651 09.06.2026
CVE-2026-11652 09.06.2026
CVE-2026-11653 08.06.2026
CVE-2026-11654 08.06.2026
CVE-2026-11655 08.06.2026
CVE-2026-11656 09.06.2026
CVE-2026-11657 09.06.2026
CVE-2026-11658 08.06.2026
CVE-2026-11659 08.06.2026
CVE-2026-11660 08.06.2026
CVE-2026-11661 08.06.2026
CVE-2026-11662 09.06.2026
CVE-2026-11663 09.06.2026
CVE-2026-11664 08.06.2026
CVE-2026-11665 09.06.2026
CVE-2026-11666 08.06.2026
CVE-2026-11667 08.06.2026
CVE-2026-11668 09.06.2026
CVE-2026-11669 09.06.2026
CVE-2026-11670 09.06.2026
CVE-2026-11671 09.06.2026
CVE-2026-11672 08.06.2026
CVE-2026-11673 09.06.2026
CVE-2026-11674 09.06.2026
CVE-2026-11675 09.06.2026
CVE-2026-11676 08.06.2026
CVE-2026-11677 08.06.2026
CVE-2026-11678 09.06.2026
CVE-2026-11679 09.06.2026
CVE-2026-11680 09.06.2026
CVE-2026-11681 08.06.2026
CVE-2026-11682 08.06.2026
CVE-2026-11683 09.06.2026
CVE-2026-11684 09.06.2026
CVE-2026-11685 09.06.2026
CVE-2026-11686 09.06.2026
CVE-2026-11687 09.06.2026
CVE-2026-11688 09.06.2026
CVE-2026-11689 08.06.2026
CVE-2026-11690 09.06.2026
CVE-2026-11691 09.06.2026
CVE-2026-11692 09.06.2026
CVE-2026-11693 08.06.2026
CVE-2026-11694 09.06.2026
CVE-2026-11695 09.06.2026
CVE-2026-11696 09.06.2026
CVE-2026-11697 08.06.2026
CVE-2026-11698 09.06.2026
CVE-2026-11699 09.06.2026
CVE-2026-11700 09.06.2026
CVE-2026-11701 08.06.2026
CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow 08.06.2026
CVE-2026-11585 CodeAstro Student Attendance Management System createClassArms.php sql injection 08.06.2026
CVE-2026-40215 08.06.2026
CVE-2026-44541 Fides: DOM-based XSS vulnerability in fides.js via fides_description override 08.06.2026
CVE-2026-11582 CodeAstro Student Attendance Management System index.php sql injection 08.06.2026
CVE-2026-11583 CodeAstro Student Attendance Management System createClass.php sql injection 08.06.2026
CVE-2026-11584 CodeAstro Student Attendance Management System createClass.php edit sql injection 08.06.2026
CVE-2026-35058 08.06.2026
CVE-2026-40519 Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins() 08.06.2026
CVE-2026-46484 Headplane: Path Traversal + RBAC Bypass in renameNode allows authenticated OIDC users to expire or rename any node/user 08.06.2026 8.1
CVE-2026-47344 TYPO3 HTML Sanitizer allows Cross-Site Scripting 08.06.2026
CVE-2026-47345 TYPO3 HTML Sanitizer allows Cross-Site Scripting 08.06.2026
CVE-2026-49141 WACRM Authorization Bypass via Automation Engine Endpoint 08.06.2026
CVE-2026-10544 08.06.2026
CVE-2026-10786 08.06.2026
CVE-2026-10787 08.06.2026
CVE-2026-11393 Code injection via improper triple-quote escaping in AgentCore CLI Bedrock Agent import 08.06.2026 9
CVE-2026-11557 Tenda F451 Web Management Natlimit fromNatlimit stack-based overflow 08.06.2026
CVE-2026-11558 CodeAstro Payroll System home_salary.php sql injection 08.06.2026
CVE-2026-11559 CodeAstro Payroll System view_account.php sql injection 08.06.2026
CVE-2026-46486 Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing 08.06.2026
CVE-2026-46490 samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions 08.06.2026
CVE-2026-52778 YesWiki has Unsafe eval() in Formula Calculator - Remote Code Execution (RCE) & Denial of Service (DoS) 08.06.2026 9.8
CVE-2026-11552 SourceCodester Onlne Examination & Learning Management System import_users.php hard-coded password 08.06.2026
CVE-2026-11553 Tenda HG7HG9/HG10 formPPPEdit stack-based overflow 08.06.2026
CVE-2026-11554 TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation 08.06.2026
CVE-2026-11555 D-Link DGS-1100-08PD Web boa.conf least privilege violation 08.06.2026
CVE-2026-11556 Tenda F451 Web Management WriteFacMac formWriteFacMac os command injection 08.06.2026
CVE-2026-8913 Command Injection in TP-Link's Archer MR600 WireGuard Client Configuration 09.06.2026
CVE-2026-11530 imvks786 student_management_system Login index.ph sql injection 08.06.2026
CVE-2026-11531 imvks786 student_management_system Administrator Login Endpoint admin_login.php sql injection 08.06.2026
CVE-2026-11532 imvks786 student_management_system Student Record add.php access control 08.06.2026
CVE-2026-11533 imvks786 student_management_system Student Deletion Endpoint see.php improper authorization 08.06.2026
CVE-2026-11534 imvks786 student_management_system add.php cross site scripting 08.06.2026
CVE-2026-11611 389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions 08.06.2026
CVE-2026-25555 OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header 08.06.2026
CVE-2026-25559 OpenBullet2 0.3.2 Path Traversal via Wordlist Endpoint 08.06.2026
CVE-2026-25855 OpenBullet2 0.3.2 Authenticated RCE via FileProxySource Script Upload 08.06.2026
CVE-2026-25856 OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface 08.06.2026
CVE-2026-39908 OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source 08.06.2026
CVE-2026-39910 STACKIT IaaS API Privilege Escalation via Service Account Attachment 08.06.2026
CVE-2026-41448 AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie 08.06.2026
CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2 09.06.2026
CVE-2026-45581 fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode 08.06.2026 5.5
CVE-2026-46276 drm/amdgpu: fix zero-size GDS range init on RDNA4 08.06.2026
CVE-2026-46277 mm/zone_device: do not touch device folio after calling ->folio_free() 08.06.2026
CVE-2026-46278 drm/imagination: Fix segfault when updating ftrace mask 08.06.2026
CVE-2026-46279 mm/alloc_tag: clear codetag for pages allocated before page_ext initialization 08.06.2026
CVE-2026-46280 lib: test_hmm: evict device pages on file close to avoid use-after-free 08.06.2026
CVE-2026-46281 vmalloc: fix buffer overflow in vrealloc_node_align() 08.06.2026
CVE-2026-46282 iio: frequency: admv1013: fix NULL pointer dereference on str 08.06.2026
CVE-2026-46283 tpm: Use kfree_sensitive() to free auth session in tpm_dev_release() 08.06.2026
CVE-2026-46284 mm/hugetlb: fix early boot crash on parameters without '=' separator 08.06.2026
CVE-2026-46285 mtd: docg3: fix use-after-free in docg3_release() 08.06.2026
CVE-2026-46286 leds: qcom-lpg: Check for array overflow when selecting the high resolution 08.06.2026
CVE-2026-46287 net: txgbe: fix RTNL assertion warning when remove module 08.06.2026
CVE-2026-46288 of: unittest: fix use-after-free in of_unittest_changeset() 08.06.2026
CVE-2026-46289 lib/scatterlist: fix length calculations in extract_kvec_to_sg 08.06.2026
CVE-2026-46290 x86/efi: Fix graceful fault handling after FPU softirq changes 08.06.2026
CVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_key 08.06.2026
CVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpd 08.06.2026
CVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registration 08.06.2026
CVE-2026-46294 dm: fix a buffer overflow in ioctl processing 08.06.2026
CVE-2026-46295 KVM: x86: Do IRR scan in __kvm_apic_update_irr even if PIR is empty 08.06.2026
CVE-2026-46296 spi: s3c64xx: fix NULL-deref on driver unbind 08.06.2026
CVE-2026-46297 net: libwx: use request_irq for VF misc interrupt 08.06.2026
CVE-2026-46298 pseries/papr-hvpipe: Fix race with interrupt handler 08.06.2026
CVE-2026-46299 hfsplus: fix held lock freed on hfsplus_fill_super() 08.06.2026
CVE-2026-46301 spi: topcliff-pch: fix use-after-free on unbind 08.06.2026
CVE-2026-46302 selinux: allow multiple opens of /sys/fs/selinux/policy 08.06.2026
CVE-2026-46303 isofs: validate Rock Ridge CE continuation extent against volume size 08.06.2026
CVE-2026-46304 nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free 08.06.2026
CVE-2026-46305 staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc 08.06.2026
CVE-2026-46306 flow_dissector: do not dissect PPPoE PFC frames 08.06.2026
CVE-2026-46307 wifi: ath5k: do not access array OOB 08.06.2026
CVE-2026-46308 pmdomain: mediatek: fix use-after-free in scpsys_get_bus_protection_legacy() 08.06.2026
CVE-2026-46309 drm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise 08.06.2026
CVE-2026-46310 media: renesas: vsp1: Fix NULL pointer deref on module unload 08.06.2026
CVE-2026-46311 drm/amdgpu/userq: fix access to stale wptr mapping 08.06.2026
CVE-2026-46312 media: videobuf2: Set vma_flags in vb2_dma_sg_mmap 08.06.2026
CVE-2026-46313 media: intel/ipu6: fix error pointer dereference 08.06.2026
CVE-2026-46314 drm/v3d: Reject empty multisync extension to prevent infinite loop 08.06.2026
CVE-2026-46481 OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users 08.06.2026 8.3
CVE-2026-48507 Snipe-IT: Bulk editing users allowed `ldap_import` and `activated_in` bulk editing users 08.06.2026 7.1
CVE-2026-11529 designcomputer mysql-mcp-server mysql URI server.py read_resource sql injection 08.06.2026
CVE-2026-42861 Flowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource Reassignment 08.06.2026
CVE-2026-42862 Flowise: Mass Assignment in Tool Update Endpoint Allows Cross-Workspace Resource Reassignment 08.06.2026
CVE-2026-42863 Flowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow Reassignment 08.06.2026
CVE-2026-46440 Flowise: Basic Auth Credentials Exposed via API 08.06.2026
CVE-2026-46441 Flowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource Reassignment 08.06.2026
CVE-2026-46442 Flowise: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape 08.06.2026
CVE-2026-46443 Flowise: Credential Data Leak 08.06.2026
CVE-2026-46444 Flowise: Vector Store No Permission Checks 08.06.2026
CVE-2026-46475 Flowise: Assistant create+update mass-assignment allows cross-workspace assistant takeover 08.06.2026
CVE-2026-46476 Flowise: CustomTemplate create+update mass-assignment allows cross-workspace template takeover 08.06.2026
CVE-2026-46477 Flowise: Dataset create+update mass-assignment allows cross-workspace dataset takeover 08.06.2026
CVE-2026-46478 Flowise: DatasetRow create+update mass-assignment allows cross-workspace row takeover 08.06.2026
CVE-2026-46479 Flowise: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover 08.06.2026
CVE-2026-46480 Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover 08.06.2026
CVE-2026-48913 Apache HTTP Server: mod_http2 memory corruption when file handles exhausted 08.06.2026
CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service 08.06.2026