CVE Field Guide

Critical CVEs

CVE	Title	Updated	Score
CVE-2026-12415	Invoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' Parameter	27.06.2026	9.8
CVE-2026-31928	Daktronics Controller Firmware Use of Hard-coded Credentials	26.06.2026	9.3
CVE-2026-28701	Daktronics Controller Firmware Path Traversal	26.06.2026	9.3
CVE-2026-49869	Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`	26.06.2026	10
CVE-2026-53576	Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass	26.06.2026	10
CVE-2026-54350	Budibase: Anonymous NoSQL operator injection via published-app query templates	26.06.2026	10
CVE-2026-54352	Budibase: Arbitrary file read by workspace-builder via PWA-zip symlink upload	27.06.2026	9.6
CVE-2026-46386	OpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`	26.06.2026	9.9
CVE-2026-52780	OpenProject: Cache store poisoning leads to Remote Code Execution (RCE)	27.06.2026	9.6
CVE-2026-52782	OpenProject: IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH parameter "storages_project_storage[project_folder_id]" leads to Access to Unauthorized Resources	26.06.2026	9.9
CVE-2026-52785	OpenProject: SQL injection in timestamps functionality	26.06.2026	9.9
CVE-2026-33646	mise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)	26.06.2026	9.6
CVE-2026-45405	Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add	26.06.2026	9
CVE-2026-45406	Dokku: Host RCE via Maliciously Named OpenResty Include Files Injected Through eval	26.06.2026	9
CVE-2026-45408	Dokku: OS Command Injection via App Name in Git Pre-Receive Hook	26.06.2026	9
CVE-2026-54636	Dokku: OS Command Injection via app.json managed Cron	26.06.2026	9
CVE-2026-54820	WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-54825	WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-54827	WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-54831	WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-56027	WordPress Booster for WooCommerce plugin <= 8.0.1 - Arbitrary File Upload vulnerability	26.06.2026	9.9
CVE-2026-56028	WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability	26.06.2026	9.8
CVE-2026-56030	WordPress Paytium plugin <= 5.0.2 - Privilege Escalation vulnerability	26.06.2026	9.8
CVE-2026-56032	WordPress Buddyboss Platform plugin <= 3.0.4 - PHP Object Injection vulnerability	26.06.2026	9.8
CVE-2026-56033	WordPress Dokan Pro plugin <= 5.0.4 - Privilege Escalation vulnerability	26.06.2026	9.8
CVE-2026-56034	WordPress Library Management System plugin <= 3.5.7 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-56036	WordPress 워드프레스 결제 심플페이 plugin <= 5.5.6 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-56057	WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability	26.06.2026	9.8
CVE-2026-56058	WordPress Quform plugin <= 2.23.0 - Arbitrary File Upload vulnerability	26.06.2026	9.9
CVE-2026-56059	WordPress Travel Booking theme <= 2.2.5 - Arbitrary File Upload vulnerability	26.06.2026	9.9
CVE-2026-56062	WordPress Quotes llama plugin <= 3.1.5 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-56067	WordPress JetSmartFilters plugin <= 3.8.3 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-56068	WordPress JetEngine plugin <= 3.8.10.2 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-56070	WordPress Advance Product Search plugin <= 1.4.4 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-57658	WordPress TemplateSpare plugin <= 4.2.0 - Arbitrary File Upload vulnerability	26.06.2026	9.1
CVE-2026-57878	GV-LPC2011/LPC2211 - unauthorized buffer overflow vulnerability (thttpd)	26.06.2026	9.8
CVE-2026-57879	GV-LPC2011/LPC2211 - unauthorized buffer overflow via AuthMode/AuthValue path (ssvr)	26.06.2026	9.8
CVE-2026-57880	GV-LPC2011/LPC2211 - unauthorized buffer overflow via RTSP Digest username (ssvr)	26.06.2026	9.8
CVE-2026-57881	GV-LPC2011/LPC2211 - unauthorized stack-based buffer overflow vulnerability (vlsvr)	26.06.2026	9.8
CVE-2026-9222	Setracker2 Children's Smartwatch Ecosystem Use of password hash instead of password for authentication	26.06.2026	9.2
CVE-2025-71327	Flowise - Authentication Bypass via Unprotected Registration Endpoint	26.06.2026	9.3
CVE-2025-71333	Flowise - Arbitrary File Upload via Unauthenticated /api/v1/attachments Endpoint	27.06.2026	9.3
CVE-2025-71334	Flowise - Arbitrary File Access via Missing Chat Flow ID Validation	26.06.2026	9.3
CVE-2025-71336	Flowise - Unsandboxed Remote Code Execution via Custom MCP	25.06.2026	9.3
CVE-2025-71338	Flowise - Arbitrary File Write to Remote Code Execution via document-store API	26.06.2026	10
CVE-2026-40702	EVoke Systems EVoke CSMS Missing Authentication for Critical Function	26.06.2026	9.3
CVE-2026-50548	Cursor Desktop sandbox escape via agent-controlled working directory	25.06.2026	9.3
CVE-2026-50549	Cursor Desktop sandbox escape via symlink and failed path canonicalization	25.06.2026	9.3
CVE-2026-54088	File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)	25.06.2026	9.3
CVE-2026-54089	File Browser: Authentication Bypass via Proxy Auth Header Forgery	25.06.2026	9.1
CVE-2026-56786	RTKLIB 2.4.3 - Out-of-bounds Write in decode_type1033 via Crafted RTCM3 Message	25.06.2026	9.3
CVE-2026-57700	WordPress OMGF Pro plugin <= 5.2.6 - Arbitrary File Upload vulnerability	25.06.2026	10
CVE-2026-55413	ToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution	25.06.2026	9.4
CVE-2026-56123	socat 1.8.0.0 - 1.8.1.1 Heap Buffer Overflow via SOCKS5 Reply Parser	26.06.2026	9.2
CVE-2026-41120		26.06.2026	9.8
CVE-2026-54823	WordPress Widget Options plugin <= 4.2.3 - Remote Code Execution (RCE) vulnerability	25.06.2026	9.9
CVE-2026-54836	WordPress Filter & Grids plugin <= 3.11.5 - SQL Injection vulnerability	25.06.2026	9.3
CVE-2026-54843	WordPress MDTF plugin <= 1.3.7 - SQL Injection vulnerability	25.06.2026	9.3
CVE-2026-54849	WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability	25.06.2026	9.3
CVE-2026-41566	Apache Kvrocks: Improper permission for the APPLYBATCH command	25.06.2026	9.4
CVE-2026-46752	Apache Kvrocks: Stack buffer overflow in Lua bit.tohex()	25.06.2026	10
CVE-2026-39948	Cacti has SQL Injection via rfilter parameter in RLIKE clauses	26.06.2026	9.3
CVE-2026-39955	Cacti has Pre-Authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php	26.06.2026	9.8
CVE-2026-39938	Cacti: Unauthenticated RCE on Graph Image	26.06.2026	9.8
CVE-2026-39893	Cacti: Pre-authentication SQL injection via rfilter RLIKE clause in graph_view.php	26.06.2026	9.8
CVE-2026-50551	SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content	25.06.2026	9.9
CVE-2026-54067	SiYuan: Stored XSS to RCE via CSS-snippet <style> breakout in renderSnippet()	25.06.2026	9.9
CVE-2026-54069	SiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist	25.06.2026	9.2
CVE-2026-54158	SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()	25.06.2026	9.9
CVE-2026-55454	Appsmith: Caddy admin API exposed without authentication	25.06.2026	9.9
CVE-2026-55570	SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375's patch)	25.06.2026	9
CVE-2026-55666	Rocket.Chat: Email Parameter Fallback Leads To Account Takeover Within Apple OAuth	26.06.2026	9.3
CVE-2026-33543	FOSSBilling: Authentication bypass allows unauthenticated administrator creation	25.06.2026	9.3
CVE-2026-45688	Rocket.Chat: Pre-Auth NoSQL Injection in CAS Login Handler leading to Arbitrary CAS/SAML User Session Hijack	26.06.2026	9.1
CVE-2026-45689	Rocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATO	26.06.2026	9.1
CVE-2026-46423	Rocket.Chat: SAML signature validation skipped when IdP certificate field is empty	26.06.2026	9.3
CVE-2026-52811	Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym	26.06.2026	9
CVE-2026-52813	Gogs: Path Traversal in organization name results in RCE through Git hooks	26.06.2026	10
CVE-2026-52806	Gogs: RCE via git rebase --exec argument injection in pull request merge	26.06.2026	9.9
CVE-2026-49980	Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix	27.06.2026	9.8
CVE-2026-53943	Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header	24.06.2026	9.6
CVE-2026-56121	Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization	26.06.2026	9.3
CVE-2026-12537	Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows	24.06.2026	10
CVE-2026-56223	Capgo - Account Takeover via Cross-Domain SSO Email Assertion in provision-user	24.06.2026	9.3
CVE-2026-56237	Capgo - Unauthenticated API Key Generation via Client-Side Parameter Manipulation	24.06.2026	9.3
CVE-2026-12416	Invoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter	25.06.2026	9.8
CVE-2026-12417	SignUp & SignIn <= 1.0.0 - Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account Takeover	24.06.2026	9.8
CVE-2026-12485	GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command	24.06.2026	10
CVE-2026-12486	GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability	24.06.2026	9.1
CVE-2026-12846	GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command	24.06.2026	10
CVE-2026-12847	GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command	24.06.2026	10
CVE-2026-12848	GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command	24.06.2026	10
CVE-2026-12849	GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability	24.06.2026	9.1
CVE-2026-12850	GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability	24.06.2026	9.1
CVE-2026-12851	GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability	24.06.2026	9.1
CVE-2026-54588	Poweradmin has Host Header Injection in OIDC redirect_uri, SAML ACS/SLO URL, and Logout Redirect Construction.	24.06.2026	9.6
CVE-2026-11807	Eda-server: websocket missing authorization allows credential theft via activation_id spoofing	27.06.2026	9.6
CVE-2026-53753	Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API	23.06.2026	9.8
CVE-2026-53662	immich: One-click account takeover via XSS in login page continue redirect	23.06.2026	9.6
CVE-2026-54157	LobeHub: Unauthenticated SSRF in `/webapi/proxy`	23.06.2026	9
CVE-2026-54257	Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow	23.06.2026	9.3
CVE-2026-44789	n8n: HTTP Request Node Pagination Prototype Pollution to RCE	24.06.2026	9.4
CVE-2026-44790	n8n: Arbitrary File Read via Git Node	23.06.2026	9.4
CVE-2026-44791	n8n: XML Node Prototype Pollution Patch Bypass	23.06.2026	9.4
CVE-2026-48519	Langflow: Unauthenticated RCE in Shareable Playgrounds	24.06.2026	9.6
CVE-2026-55255	Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow	24.06.2026	9.9
CVE-2026-55447	Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit	24.06.2026	9.6
CVE-2026-55450	Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak	23.06.2026	9.3
CVE-2026-27604	FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions	23.06.2026	10
CVE-2026-28496	FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE	23.06.2026	9.4
CVE-2026-35019	NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass	23.06.2026	9.2
CVE-2026-44089	Buffer Overflow in Totolink EX1200L router	23.06.2026	9.4
CVE-2026-56258	Crawl4AI - Arbitrary File Write via output_path Symlink and TOCTOU	23.06.2026	9.2
CVE-2026-56315	picklescan - Remote Code Execution via Unblocked Standard Library Modules	23.06.2026	9.3
CVE-2026-11374	Account Takeover via Predictable SSO Ticket Generation	24.06.2026	9
CVE-2026-12866		27.06.2026	9.2
CVE-2026-48746	vLLM: OpenAI auth bypass	23.06.2026	9.1
CVE-2026-56266	Crawl4AI - Server-Side Request Forgery via Direct Crawl Endpoints	23.06.2026	9.2
CVE-2026-44727	Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP	23.06.2026	9.3
CVE-2026-45034	PhpSpreadsheet: File::prohibitWrappers bypass	23.06.2026	9.2
CVE-2026-49468	LiteLLM: Authentication Bypass via Host Header Injection	24.06.2026	9.5
CVE-2026-10789	MCP Extension Code Injection Vulnerability in Autodesk Fusion Desktop	23.06.2026	9.6
CVE-2026-12249	Canonical ADSys Trust Store Poisoning via Plaintext HTTP Certificate Auto-Enrollment	22.06.2026	9
CVE-2026-12628	Hardcoded credential in the IBM Storage Protect Snapshot For Windows leads to unauthorized access to system	25.06.2026	9.1
CVE-2026-7664	Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS	23.06.2026	9.8
CVE-2026-10561	Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection	23.06.2026	10
CVE-2026-28381	Local File Read/Write to Potential Privilege Escalation via Snowflake GET/PUT	24.06.2026	9.6
CVE-2026-56423	MISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpoints	23.06.2026	9.4
CVE-2026-56425	MISP AAD authentication plugin - Improper OAuth State Handling, Missing Session Rotation, Insecure Redirect URI Validation, and Log Injection	23.06.2026	9.3
CVE-2026-56447	MISP remote code execution via arbitrary rdkafka configuration path	22.06.2026	9.3
CVE-2026-7165	Multiple vulnerabilities in the Assassin game by Gaudire	22.06.2026	9.4
CVE-2026-7166	Multiple vulnerabilities in the Assassin game by Gaudire	22.06.2026	9.2
CVE-2026-56422	MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields	23.06.2026	9.4
CVE-2026-11746		22.06.2026	9.4
CVE-2026-56265	Crawl4AI - Authentication Bypass via Hardcoded JWT Signing Key	22.06.2026	9.3
CVE-2026-56395	SiYuan - Remote Code Execution via Malicious Bazaar Package Metadata and README	22.06.2026	9.4
CVE-2026-56397	SiYuan - Remote Code Execution via Malicious Bazaar Package Metadata and README	24.06.2026	9.4
CVE-2026-56345	AVideo - Arbitrary User Session Hijacking via Meet Plugin uploadRecordedVideo Endpoint	23.06.2026	9.2

Latest Updates

CVE	Title	Updated	Score
CVE-2026-49414	ASLR bypass for setuid executables via procctl(2)	27.06.2026
CVE-2026-49416	Integer overflow in vt(4) CONS_HISTORY ioctl	27.06.2026
CVE-2026-45258	Multiple vulnerabilities in the sound(4) mmap path	27.06.2026
CVE-2026-45259	sigqueue(2) missing capability mode restriction	27.06.2026
CVE-2026-49412	Use-after-free bug in the IPV6_MSFILTER socket option handler	27.06.2026
CVE-2026-49413	Flaw in Linuxulator execution of setugid binaries	27.06.2026
CVE-2026-49417	Multiple vulnerabilities in the sound(4) mmap path	27.06.2026
CVE-2026-11364	Product Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX Actions	27.06.2026	4.3
CVE-2026-11597	Surbma \| Infusionsoft Shortcode <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	27.06.2026	6.4
CVE-2026-11773	Masteriyo LMS <= 2.2.1 - Missing Authorization to Authenticated (Student+) Arbitrary Course Announcement Modification	27.06.2026	4.3
CVE-2026-11783	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting via Product SKU	27.06.2026	6.4
CVE-2026-11987	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' Parameter	27.06.2026	4.3
CVE-2026-12399	Gutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' Parameter	27.06.2026	4.4
CVE-2026-12432	Stripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' Parameter	27.06.2026	5.3
CVE-2026-12471	Spexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation	27.06.2026	4.3
CVE-2026-13295	Page Builder by SiteOrigin <= 2.34.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via panels_data Parameter	27.06.2026	6.4
CVE-2026-3462	Frisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification	27.06.2026	6.5
CVE-2026-9233	Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action	27.06.2026	4.3
CVE-2026-9242	RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request	27.06.2026	5.3
CVE-2026-10820	ProfilePress < 4.16.17 - Subscriber+ Subscription Cancellation via IDOR	27.06.2026
CVE-2026-12404	NEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport Class	27.06.2026	5.3
CVE-2026-13245	MaxButtons <= 9.8.5 - Reflected Cross-Site Scripting via 'view' Parameter	27.06.2026	6.1
CVE-2026-9677	Shariff for WordPress <= 1.0.11 - Admin+ Stored Cross-Site Scripting	27.06.2026
CVE-2026-12415	Invoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' Parameter	27.06.2026	9.8
CVE-2023-37524	HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service	27.06.2026	7.7
CVE-2025-59868	HCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposure	27.06.2026	5.5
CVE-2026-11356	Ivory Search <= 5.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_color' Settings	27.06.2026	4.4
CVE-2026-13331	Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter	27.06.2026	6.5
CVE-2026-13333	Groundhogg <= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via 'query[select]' Parameter	27.06.2026	6.5
CVE-2026-13335	CodePeople Post Map for Google Maps <= 1.2.6 - Authenticated (Contributor +) Stored Cross-Site Scripting via 'cpm_point' Post Meta	27.06.2026	6.4
CVE-2026-13422	HD Quiz 2.2.0 - 2.2.1 - Cross-Site Request Forgery via Multiple AJAX Handlers	27.06.2026	4.3
CVE-2026-31928	Daktronics Controller Firmware Use of Hard-coded Credentials	26.06.2026	8.1
CVE-2026-33560	Daktronics Controller Firmware Unrestricted Upload of File with Dangerous Type	26.06.2026	7.1
CVE-2026-55975	H.VIEW HV-500S6 IP Camera OS Command Injection	26.06.2026	7.2
CVE-2026-56414	H.VIEW HV-500S6 IP Camera Unrestricted Upload of File with Dangerous Type	26.06.2026	7.2
CVE-2026-28701	Daktronics Controller Firmware Path Traversal	26.06.2026	9.8
CVE-2026-36907		26.06.2026
CVE-2026-36908		26.06.2026
CVE-2026-50765		26.06.2026
CVE-2026-50766		26.06.2026
CVE-2026-50767		26.06.2026
CVE-2026-36478		26.06.2026
CVE-2026-38571		26.06.2026
CVE-2026-45807	Kestra: Path traversal via URL-encoded "%2E%2E" in execution and namespace file endpoints allows arbitrary file read	26.06.2026	7.7
CVE-2026-49869	Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`	26.06.2026	10
CVE-2026-49984	Kestra: Path traversal in `LocalStorage` allows any authenticated user to read arbitrary server files via the execution file-download API (`\..\` bypasses the `..` guard)	26.06.2026	7.7
CVE-2026-53576	Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass	26.06.2026	10
CVE-2026-53577	Kestra: Cross-Execution File Read via Preview Endpoint (IDOR)	27.06.2026	6.5
CVE-2026-55069	Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack	26.06.2026	8.7
CVE-2024-23581	HCL Traveler for Microsoft Outlook (HTMO) is susceptible to an application modification vulnerability	26.06.2026	6.7
CVE-2026-38639		26.06.2026
CVE-2026-38641		26.06.2026
CVE-2026-39031		26.06.2026
CVE-2026-46604	Panic decoding image with out-of-bounds strip offset in x/image/tiff in golang.org/x/image	26.06.2026
CVE-2026-46710	Notepad++: Privilege Escalation in the Installer via Uncontrolled Executable Search Path	26.06.2026
CVE-2026-48770	Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash	26.06.2026	5
CVE-2026-48778	Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter	26.06.2026	7.8
CVE-2026-48800	Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection	26.06.2026	7.8
CVE-2026-50132	Budibase: Chat Identity Link Hijacking via Missing Consent & CSRF — Account Impersonation in Budibase	26.06.2026	7.3
CVE-2026-50136	Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials	27.06.2026	7.4
CVE-2026-50137	Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials	26.06.2026
CVE-2026-52884	Notepad++: CVE-2026-48800 Bypass	26.06.2026	7.8
CVE-2026-52885	Notepad++ TOCTOU: HMAC Checks Disk, Executes from Memory	26.06.2026
CVE-2026-54350	Budibase: Anonymous NoSQL operator injection via published-app query templates	26.06.2026	10
CVE-2026-54351	Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override	26.06.2026	8.2
CVE-2026-54352	Budibase: Arbitrary file read by workspace-builder via PWA-zip symlink upload	27.06.2026	9.6
CVE-2026-54353	Budibase: Potential SSRF DNS rebinding bypass in outbound fetch validation	26.06.2026	8.5
CVE-2026-29509	Patool < 4.0.5 Path Traversal via safe_extract() Function	27.06.2026
CVE-2026-32833	Cudy LT300 3.0 OS Command Injection via NTP Configuration	26.06.2026
CVE-2026-44696	OpenProject: Stored CSS injection via Sanitize::Config::RELAXED[:css] enables phishing overlays and data exfiltration	27.06.2026	5.7
CVE-2026-44731	OpenProject: Improper Access Control on OpenProject through /projects/[projectName]/meetings via "invited_user_id" in GET parameter "filters" leads to user names disclosure	26.06.2026	4.3
CVE-2026-44732	OpenProject: IDOR on OpenProject through /api/v3/documents/{id} via PATCH parameter "project_id" leads to Unauthorized Modification of Resources	26.06.2026	4.3
CVE-2026-44733	OpenProject: Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass password requirements	26.06.2026	5.9
CVE-2026-44734	OpenProject: Improper Access Control on OpenProject through the POST request to /projects/[PROJECT_NAME]/cost_reports/[REPORT_ID]/rename	27.06.2026	6.5
CVE-2026-44735	OpenProject: Shares API Information Disclosure	26.06.2026	6.5
CVE-2026-44736	OpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package Subjects	27.06.2026	6.5
CVE-2026-46386	OpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`	26.06.2026	9.9
CVE-2026-49355	OpenProject: Private work package data disclosure through single meeting agenda item API	26.06.2026	4.3
CVE-2026-49991	RustFS Snowball Auto-Extract: Path Traversal allows cross-bucket object injection	26.06.2026	8.6
CVE-2026-53278	arm_mpam: Check whether the config array is allocated before destroying it	26.06.2026
CVE-2026-53279	drm/gma500/oaktrail_lvds: fix hang on init failure	26.06.2026
CVE-2026-53280	iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()	26.06.2026
CVE-2026-53281	iommu/vt-d: Avoid NULL pointer dereference or refcount corruption	26.06.2026
CVE-2026-53282	x86/kexec: Push kjump return address even for non-kjump kexec	26.06.2026
CVE-2026-53283	iommu/amd: Bounds-check devid in __rlookup_amd_iommu()	26.06.2026
CVE-2026-53284	btrfs: only release the dirty pages io tree after successful writes	26.06.2026
CVE-2026-53285	drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED	26.06.2026
CVE-2026-53286	idpf: fix double free and use-after-free in aux device error paths	26.06.2026
CVE-2026-53287	audit: fix incorrect inheritable capability in CAPSET records	26.06.2026
CVE-2026-53288	arm64: Reserve an extra page for early kernel mapping	26.06.2026
CVE-2026-53289	ice: fix NULL pointer dereference in ice_reset_all_vfs()	26.06.2026
CVE-2026-53290	drm/xe/eustall: Fix drm_dev_put called before stream disable in close	26.06.2026
CVE-2026-53291	ALSA: hda/conexant: Fix missing error check for jack detection	26.06.2026
CVE-2026-53292	net: phonet: do not BUG_ON() in pn_socket_autobind() on failed bind	26.06.2026
CVE-2026-53293	drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG	26.06.2026
CVE-2026-53294	mailbox: mailbox-test: don't free the reused channel	26.06.2026
CVE-2026-53295	mailbox: add sanity check for channel array	26.06.2026
CVE-2026-53296	mailbox: mailbox-test: free channels on probe error	26.06.2026
CVE-2026-53297	net: mana: Guard mana_remove against double invocation	26.06.2026
CVE-2026-53298	net: airoha: Move ndesc initialization at end of airoha_qdma_init_rx_queue()	26.06.2026
CVE-2026-53299	net: airoha: Move ndesc initialization at end of airoha_qdma_init_tx()	26.06.2026
CVE-2026-53300	net: enetc: fix NTMP DMA use-after-free issue	26.06.2026
CVE-2026-53301	reset: amlogic: t7: Fix null reset ops	26.06.2026
CVE-2026-53302	crypto: eip93 - fix hmac setkey algo selection	26.06.2026
CVE-2026-53303	f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()	26.06.2026
CVE-2026-53304	scsi: sg: Resolve soft lockup issue when opening /dev/sgX	26.06.2026
CVE-2026-53305	usb: typec: ps883x: Fix Oops at unbind	26.06.2026
CVE-2026-53306	tty: hvc_iucv: fix off-by-one in number of supported devices	26.06.2026
CVE-2026-53307	pinctrl: pinconf-generic: Fully validate 'pinmux' property	26.06.2026
CVE-2026-53308	power: supply: max77705: Free allocated workqueue and fix removal order	26.06.2026
CVE-2026-53309	ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison	26.06.2026
CVE-2026-53310	soc/tegra: cbb: Fix cross-fabric target timeout lookup	26.06.2026
CVE-2026-53311	fuse: fix uninit-value in fuse_dentry_revalidate()	26.06.2026
CVE-2026-53312	iommu/riscv: Remove overflows on the invalidation path	26.06.2026
CVE-2026-53313	drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths	26.06.2026
CVE-2026-53314	padata: Put CPU offline callback in ONLINE section to allow failure	26.06.2026
CVE-2026-53315	drm/amd/ras: Fix NULL deref in ras_core_get_utc_second_timestamp()	26.06.2026
CVE-2026-53316	drm/amd/ras: Fix NULL deref in ras_core_ras_interrupt_detected()	26.06.2026
CVE-2026-53317	wifi: mt76: mt7921: Place upper limit on station AID	26.06.2026
CVE-2026-53318	wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr()	26.06.2026
CVE-2026-53319	blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default()	26.06.2026
CVE-2026-53320	nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()	26.06.2026
CVE-2026-53321	io_uring/napi: cap busy_poll_to 10 msec	26.06.2026
CVE-2026-53322	vfio/pci: Clean up DMABUFs before disabling function	26.06.2026
CVE-2026-53323	net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops	26.06.2026
CVE-2026-53324	net: mana: Use pci_name() for debugfs directory naming	26.06.2026
CVE-2026-55188	RustFS: ListRemoteTargetHandler authorization bypass leaks replication target credentials	27.06.2026	8.2
CVE-2026-55189	RustFS: FTP frontend skips IAM authorization on object reads	26.06.2026	7.7
CVE-2026-55838	RustFS: Missing admin authorization on /rustfs/admin/v3/metrics allows any authenticated user to read server metrics	27.06.2026	4.3
CVE-2026-47193	OpenProject: Journal diff endpoint bypasses object, journal, and field visibility checks	26.06.2026	7.5
CVE-2026-52779	OpenProject: Cross-project authorization bypass allows deleting public Calendar and Team Planner queries from unauthorized projects	26.06.2026	5.4
CVE-2026-52780	OpenProject: Cache store poisoning leads to Remote Code Execution (RCE)	27.06.2026	9.6
CVE-2026-52781	OpenProject: Stored XSS on openproject.example.com through /api/v3/projects/{project}/work_packages via POST parameter "description"	26.06.2026	6.4
CVE-2026-52782	OpenProject: IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH parameter "storages_project_storage[project_folder_id]" leads to Access to Unauthorized Resources	26.06.2026	9.9
CVE-2026-52783	OpenProject: Information Disclosure (cleartext storage of data) on localhost through memcached via Others "storage.<id>.httpx_access_token" leads to Sensitive Data Exposure	26.06.2026	8.2
CVE-2026-52784	OpenProject: CSRF on TARGET through /users/:id via POST parameter "user[admin]"	26.06.2026	8.8
CVE-2026-52785	OpenProject: SQL injection in timestamps functionality	26.06.2026	9.9
CVE-2026-13372		26.06.2026
CVE-2026-47205	Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides	27.06.2026	5.9
CVE-2026-47220	Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format	26.06.2026	7.5
CVE-2026-48090	Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)	26.06.2026	5.9
CVE-2026-54753	Nx: `nx graph` dev server permissive CORS policy	26.06.2026	5.9
CVE-2026-47204	Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes	26.06.2026	6.5
CVE-2026-47207	Envoy crashes if multiple unexpected ext_proc responses are packed into one gRPC message	26.06.2026	6.5
CVE-2026-47692	Envoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream	26.06.2026	4.8
CVE-2026-48706	Envoy Heap Buffer Overflow in TcpStatsdSink	26.06.2026	5.9