CVE Field Guide

Critical CVEs

CVE	Title	Updated	Score
CVE-2026-5067	Out-of-bounds read/write in HTTP WebSocket upgrade via non-null-terminated Sec-WebSocket-Key	09.06.2026	9.8
CVE-2026-27671	Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform	09.06.2026	9.8
CVE-2026-40128	Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)	09.06.2026	9
CVE-2026-44748	XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform	09.06.2026	9.9
CVE-2026-52778	YesWiki has Unsafe eval() in Formula Calculator - Remote Code Execution (RCE) & Denial of Service (DoS)	08.06.2026	9.8
CVE-2026-25555	OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header	08.06.2026	9.3
CVE-2026-39910	STACKIT IaaS API Privilege Escalation via Service Account Attachment	08.06.2026	9.3
CVE-2026-41448	AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie	08.06.2026	9.2
CVE-2026-46442	Flowise: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape	08.06.2026	9.4
CVE-2026-47430	Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews	08.06.2026	9.5
CVE-2026-11499	Tenda HG7HG9/HG10 formDOMAINBLK stack-based overflow	08.06.2026	9.3
CVE-2023-54352	WordPress Seotheme Remote Code Execution Unauthenticated	08.06.2026	9.3
CVE-2024-58348	WordPress Background Image Cropper 1.2 Remote Code Execution	08.06.2026	9.3
CVE-2024-58349	WordPress Theme Travelscape 1.0.3 Arbitrary File Upload	08.06.2026	9.3
CVE-2026-11429	Path Traversal in Altium Git Service Allows Remote Code Execution	08.06.2026	9.4
CVE-2026-11423	Path Traversal in Altium Enterprise Server Collaboration Service Allows Privilege Escalation	08.06.2026	9.4
CVE-2026-11419	Path Traversal in Altium Enterprise Server Vault UploadController Allows Arbitrary File Write	05.06.2026	9.4
CVE-2026-11420	Path Traversal in Altium Enterprise Server NIS Allows Unauthenticated Arbitrary File Write and File Read	05.06.2026	10
CVE-2026-45758	Malicious code in guardrails-ai 0.10.1 (supply chain compromise)	08.06.2026	9.6
CVE-2026-45777	Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection	05.06.2026	9.3
CVE-2026-45779	Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise	08.06.2026	9.3
CVE-2026-11414	Unauthenticated File Exfiltration in Altium Enterprise Server Vault Service via Hard-coded Cryptographic Key and Path Traversal	05.06.2026	10
CVE-2026-10580	Hippoo Mobile App for WooCommerce <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover via REST API	06.06.2026	9.8
CVE-2026-46389	UDS Identity Config has a client authentication bypass in `ClientIdAndKubernetesSecretAuthenticator`	05.06.2026	10
CVE-2026-46395	HAX CMS Vulnerable to Private Key Disclosure via Broken HMAC Implementation	05.06.2026	9.3
CVE-2026-46396	HAX CMS has a stored XSS via <iframe> that allows access to sensitive client-side data and account takeover	05.06.2026	9.3
CVE-2026-46399	Authenticated Remote Code Execution via File Overwrite	08.06.2026	9.4
CVE-2026-46496	HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft	05.06.2026	9.3
CVE-2025-71317	NetMan 204 Hard-coded Backdoor Credentials	05.06.2026	9.3
CVE-2025-71318	NetMan 204 Missing Authentication for Administrative Functions	08.06.2026	9.3
CVE-2026-45744	Termix has an OS Command Injection in File Manager resolvePath endpoint	08.06.2026	9.9
CVE-2026-45746	Termix Vulnerable to Arbitrary Command Execution via Session Hijacking	05.06.2026	9
CVE-2026-45748	Termix Vulnerable to Remote Code Execution via SSH Tunnel Forward Command Injection	08.06.2026	9.8
CVE-2026-45750	Termix Vulnerable to Arbitrary Command Execution in File Manager	08.06.2026	9
CVE-2026-49777	WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability	08.06.2026	10
CVE-2026-6274	Authentication Bypass in DTS Electronics' Redline WR3200	08.06.2026	9.8
CVE-2026-48907	Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5	05.06.2026	10
CVE-2026-48567	Azure HorizonDB Elevation of Privilege Vulnerability	06.06.2026	10
CVE-2026-48579	Microsoft Exchange Online Information Disclosure Vulnerability	05.06.2026	9.1
CVE-2025-71316	SQLite sqldiff remote code execution via argument injection	05.06.2026	9.2
CVE-2025-67447		04.06.2026	9.8
CVE-2026-10880	Unauthenticated SQL Injection in Osnexus Quantastor	04.06.2026	9.8
CVE-2026-25550	Seagull Software BarTender Unauthenticated RCE via .NET Remoting Service	04.06.2026	9.3
CVE-2025-67446		04.06.2026	9.8
CVE-2026-10868	MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification	04.06.2026	9
CVE-2026-43986	Tautulli vulnerable to unauthenticated SSRF in /image/<hash> via attacker-seeded image hash replay	04.06.2026	9.9
CVE-2019-25727	WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download	04.06.2026	9.3
CVE-2019-25729	PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie	04.06.2026	9.3
CVE-2019-25738	WordPress Hybrid Composer 1.4.6 Unauthenticated Settings Change	04.06.2026	9.3
CVE-2019-25741	Mobatek MobaXterm 12.1 Buffer Overflow via Sessions File	04.06.2026	9.3
CVE-2026-8037	OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF	05.06.2026	9.6
CVE-2026-10840	Openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to kueue and cert-manager resources	04.06.2026	9.6
CVE-2026-4104	SQLi in Akmer Informatics' TeknoPass	04.06.2026	9.8
CVE-2026-50214	Shared Secret Quota Inflation	04.06.2026	9.3
CVE-2026-50208	Permissive TrustAllCerts TLS Verification	04.06.2026	9.2
CVE-2026-50209	MDM Server Registration Overriding	04.06.2026	9.3
CVE-2026-49190	Missing Per-Instruction Authorization Checks	04.06.2026	9.4
CVE-2026-49191	Exposed Hard-coded M3WebServer Backend API Key	04.06.2026	9.3
CVE-2026-49194	SCREEN_CLICK Authentication Bypass	04.06.2026	9.4
CVE-2026-41283		04.06.2026	9.9
CVE-2026-49185	Instruction Injection via FieldX MDM	04.06.2026	10
CVE-2026-46244	netfilter: nft_inner: Fix IPv6 inner_thoff desync	05.06.2026	9.1
CVE-2026-46266	inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP	05.06.2026	9.1
CVE-2026-35075	Hardcoded default Password for Service Account	03.06.2026	9.3
CVE-2026-47065	Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232	04.06.2026	9.8
CVE-2026-4035	Environment Variable Resolution Vulnerability in mlflow/mlflow	03.06.2026	9.1
CVE-2026-32625	LibreChat Exfiltrates Server Secrets via MCP Server URL Injection	03.06.2026	9.6
CVE-2026-42849	authentik: Reflected XSS in SFE AutosubmitStage allows IDP account takeover	03.06.2026	9.3
CVE-2026-49448	authentik: SourceStage bypass via empty POST	03.06.2026	9.8
CVE-2026-5076	ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation	02.06.2026	9.8
CVE-2026-0611	Spacelabs Healthcare Sentinel 10.5.x < 11.6.0 Unauthenticated RCE via .NET Remoting	02.06.2026	9.2
CVE-2026-42074	OpenClaude: Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input	02.06.2026	9.3

Latest Updates

CVE	Title	Updated	Score
CVE-2025-62858	QTS, QuTS hero	09.06.2026
CVE-2026-41972		09.06.2026	5.4
CVE-2026-41973		09.06.2026	5.9
CVE-2026-41974		09.06.2026	3.6
CVE-2026-41976		09.06.2026	6.6
CVE-2026-41977		09.06.2026	5
CVE-2026-41981		09.06.2026	5.3
CVE-2026-41982		09.06.2026	6.4
CVE-2026-41983		09.06.2026	4.3
CVE-2026-41984		09.06.2026	5.2
CVE-2026-41985		09.06.2026	5.1
CVE-2026-41986		09.06.2026	2.4
CVE-2026-44083	QuMagie	09.06.2026
CVE-2026-5068	bt: l2cap le coc: remote oob write via seg counter stored in net_buf user_data	09.06.2026	7.6
CVE-2026-9698	DBI versions before 1.648 for Perl saved errors in a limited-sized buffer	09.06.2026
CVE-2026-11572		09.06.2026	8.8
CVE-2026-41539	QTS, QuTS hero	09.06.2026
CVE-2026-4986	WPForms Lite < 1.10.0.5 – Unauthenticated PayPal Webhook Forgery	09.06.2026
CVE-2026-5067	Out-of-bounds read/write in HTTP WebSocket upgrade via non-null-terminated Sec-WebSocket-Key	09.06.2026	9.8
CVE-2026-8981	Lazy Blocks < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML	09.06.2026
CVE-2026-10024	TinyMCE shortcode Addon <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute	09.06.2026	6.4
CVE-2026-10553	jQuery Hover Footnotes <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update	09.06.2026	4.3
CVE-2026-10738	jQuery Hover Footnotes <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax)	09.06.2026	6.4
CVE-2026-11603	Product Filter Widget for Elementor <= 1.0.6 - Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter	09.06.2026	6.1
CVE-2026-11623	tmux image.c image_free use after free	09.06.2026
CVE-2026-26236	QuMagie	09.06.2026
CVE-2026-40983	Micrometer gRPC server instrumentation DoS vulnerability	09.06.2026	7.5
CVE-2026-40984	Micrometer HTTP server instrumentations DoS vulnerability	09.06.2026	7.5
CVE-2026-41006	Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration	09.06.2026	7.5
CVE-2026-41007	Spring HATEOAS heap exhaustion through unbounded internal caching	09.06.2026	7.5
CVE-2026-41710	Cache Exhaustion in Stateful Retries leads to Denial of Service	09.06.2026	5.9
CVE-2026-41715	Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect	09.06.2026	6.1
CVE-2026-41720	Authentication Bypass with Empty Password in Spring LDAP	09.06.2026	7.4
CVE-2026-41838	Spring Framework Predictable Session ID in WebSocket Module	09.06.2026	4.8
CVE-2026-41839	Spring Framework Escalation via Session Fixation in WebFlux	09.06.2026	4.2
CVE-2026-41840	Spring Framework Denial of Service via Multipart Requests in WebFlux	09.06.2026	5.9
CVE-2026-41841	Spring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux	09.06.2026	5.9
CVE-2026-41842	Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux	09.06.2026	7.5
CVE-2026-41843	Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux	09.06.2026	5.9
CVE-2026-41844	Spring Framework Open Redirect in Spring MVC and WebFlux	09.06.2026	4.2
CVE-2026-41845	Spring Framework Cross-site Scripting via JavaScriptUtils	09.06.2026	7.1
CVE-2026-41846	Spring Framework Cross-site Scripting via JSP Form Tags	09.06.2026	5.9
CVE-2026-41847	Spring Framework Security Filter Bypass in WebFlux Kotlin Router DSL	09.06.2026	4.8
CVE-2026-41848	Spring Framework Denial of Service via AntPathMatcher	09.06.2026	3.7
CVE-2026-41849	Spring Framework Denial of Service via Integer Overflow in SpEL Expressions	09.06.2026	7.5
CVE-2026-41850	Spring Framework Algorithmic Denial of Service via SpEL Expressions	09.06.2026	7.5
CVE-2026-41851	Spring Framework Denial of Service via Unbounded Cache in SpEL	09.06.2026	5.3
CVE-2026-41852	Spring Framework Arbitrary Method Invocation in SpEL Expressions	09.06.2026	3.7
CVE-2026-41853	Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux	09.06.2026	5.3
CVE-2026-41854	Spring Framework Server-Side Request Forgery via UriComponentsBuilder	09.06.2026	4.2
CVE-2026-41855	Spring Framework Unsafe Deserialization via Jackson JMS Converters	09.06.2026	8.1
CVE-2026-41975		09.06.2026	6.3
CVE-2026-41978		09.06.2026	4.4
CVE-2026-41979		09.06.2026	5.5
CVE-2026-41980		09.06.2026	5.5
CVE-2026-7662	ePaperFlip Publisher <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'publicationid' Shortcode Attribute	09.06.2026	6.4
CVE-2026-8499	Helpfulcrowd Product Reviews <= 1.2.9 - Inccorect Authorization via Type Juggling in 'token' Parameter to Arbitrary Settings Update	09.06.2026	5.3
CVE-2026-8841	Extra Settings for RocketChat <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	09.06.2026	6.4
CVE-2026-8880	RomanCart Ecommerce <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	09.06.2026	6.4
CVE-2026-8882	WP ApplicantStack Jobs Display <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	09.06.2026	6.4
CVE-2026-8883	Global Body Mass Index Calculator <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	09.06.2026	6.4
CVE-2026-8895	kk blog card <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	09.06.2026	6.4
CVE-2026-8902	AJAX Report Comments <= 2.0.4 - Cross-Site Request Forgery to Settings Update	09.06.2026	4.3
CVE-2026-8904	FastPicker, an order picker and order management system (oms) for WooCommerce on steroids <= 1.0.2 - Cross-Site Request Forgery via Settings Save	09.06.2026	4.3
CVE-2026-8907	WP-Ultimate-Map <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'zoom-level' Parameter	09.06.2026	6.1
CVE-2026-8909	WpMobi <= 0.0.3 - Cross-Site Request Forgery via save_general_settings Action	09.06.2026	4.3
CVE-2026-8910	WP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' Parameter	09.06.2026	6.1
CVE-2026-8940	WP Meta Sort Posts <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update	09.06.2026	4.3
CVE-2026-8977	WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action	09.06.2026	6.4
CVE-2026-9185	6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter	09.06.2026	7.5
CVE-2026-9662	Recover Exit For WooCommerce <= 1.0.3 - Unauthenticated Local File Inclusion via 'tpf' Parameter	09.06.2026	8.1
CVE-2026-11618	DTStack Taier Source Connection Test Endpoint LoginInterceptor.java preHandle improper authentication	09.06.2026
CVE-2026-11619	Dolibarr ERP CRM Legacy Filemanager config.inc.php improper authorization	09.06.2026
CVE-2026-11620	TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation	09.06.2026
CVE-2026-11621	Dcat-Admin User Setting upload editorMDUpload unrestricted upload	09.06.2026
CVE-2026-5714	Enable Media Replace <= 4.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'location_dir' Parameter	09.06.2026	6.4
CVE-2026-7556	FV Flowplayer Video Player <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting via Comment Text	09.06.2026	7.2
CVE-2026-10862	Accordions <= 2.3.23 - Authenticated (Custom+) Stored Cross-Site Scripting via Accordion Body Field	09.06.2026	6.4
CVE-2026-24315	Path Traversal Vulnerability in SAP Fiori (launchpad)	09.06.2026	4.2
CVE-2026-27671	Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform	09.06.2026	9.8
CVE-2026-40128	Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)	09.06.2026	9
CVE-2026-44743	Security Misconfiguration vulnerability in SAP Business Objects	09.06.2026	3.7
CVE-2026-44744	SQL Injection vulnerability in SAP S/4HANA	09.06.2026	6.5
CVE-2026-44746	Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Servlet)	09.06.2026	6.1
CVE-2026-44748	XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform	09.06.2026	9.9
CVE-2026-44750	Missing Authorization check in SAP MDG (Review Match Groups Application)	09.06.2026	4.3
CVE-2026-44751	Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform	09.06.2026	7.1
CVE-2026-44754	Missing caller identification check-in for ODP Data Replication APIs	09.06.2026	6.6
CVE-2026-44755	Email Spoofing vulnerability in SAP Business Objects Business Intelligence Platform	09.06.2026	4.3
CVE-2026-44757	Cross-Site Scripting (XSS) vulnerability in SAP Wily Introscope Enterprise Manager	09.06.2026	4.7
CVE-2026-8795		09.06.2026	7.8
CVE-2026-11628		09.06.2026
CVE-2026-11629		08.06.2026
CVE-2026-11630		08.06.2026
CVE-2026-11631		08.06.2026
CVE-2026-11632		09.06.2026
CVE-2026-11633		09.06.2026
CVE-2026-11634		09.06.2026
CVE-2026-11635		09.06.2026
CVE-2026-11636		08.06.2026
CVE-2026-11637		09.06.2026
CVE-2026-11638		09.06.2026
CVE-2026-11639		09.06.2026
CVE-2026-11640		08.06.2026
CVE-2026-11641		09.06.2026
CVE-2026-11642		09.06.2026
CVE-2026-11643		09.06.2026
CVE-2026-11644		09.06.2026
CVE-2026-11645		09.06.2026
CVE-2026-11646		09.06.2026
CVE-2026-11647		09.06.2026
CVE-2026-11648		08.06.2026
CVE-2026-11649		09.06.2026
CVE-2026-11650		09.06.2026
CVE-2026-11651		09.06.2026
CVE-2026-11652		09.06.2026
CVE-2026-11653		08.06.2026
CVE-2026-11654		08.06.2026
CVE-2026-11655		08.06.2026
CVE-2026-11656		09.06.2026
CVE-2026-11657		09.06.2026
CVE-2026-11658		08.06.2026
CVE-2026-11659		08.06.2026
CVE-2026-11660		08.06.2026
CVE-2026-11661		08.06.2026
CVE-2026-11662		09.06.2026
CVE-2026-11663		09.06.2026
CVE-2026-11664		08.06.2026
CVE-2026-11665		09.06.2026
CVE-2026-11666		08.06.2026
CVE-2026-11667		08.06.2026
CVE-2026-11668		09.06.2026
CVE-2026-11669		09.06.2026
CVE-2026-11670		09.06.2026
CVE-2026-11671		09.06.2026
CVE-2026-11672		08.06.2026
CVE-2026-11673		09.06.2026
CVE-2026-11674		09.06.2026
CVE-2026-11675		09.06.2026
CVE-2026-11676		08.06.2026
CVE-2026-11677		08.06.2026
CVE-2026-11678		09.06.2026
CVE-2026-11679		09.06.2026
CVE-2026-11680		09.06.2026
CVE-2026-11681		08.06.2026
CVE-2026-11682		08.06.2026
CVE-2026-11683		09.06.2026
CVE-2026-11684		09.06.2026
CVE-2026-11685		09.06.2026
CVE-2026-11686		09.06.2026
CVE-2026-11687		09.06.2026
CVE-2026-11688		09.06.2026
CVE-2026-11689		08.06.2026
CVE-2026-11690		09.06.2026
CVE-2026-11691		09.06.2026
CVE-2026-11692		09.06.2026
CVE-2026-11693		08.06.2026
CVE-2026-11694		09.06.2026
CVE-2026-11695		09.06.2026
CVE-2026-11696		09.06.2026
CVE-2026-11697		08.06.2026
CVE-2026-11698		09.06.2026
CVE-2026-11699		09.06.2026
CVE-2026-11700		09.06.2026
CVE-2026-11701		08.06.2026
CVE-2026-9669	bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow	08.06.2026
CVE-2026-11585	CodeAstro Student Attendance Management System createClassArms.php sql injection	08.06.2026
CVE-2026-40215		08.06.2026
CVE-2026-44541	Fides: DOM-based XSS vulnerability in fides.js via fides_description override	08.06.2026
CVE-2026-11582	CodeAstro Student Attendance Management System index.php sql injection	08.06.2026
CVE-2026-11583	CodeAstro Student Attendance Management System createClass.php sql injection	08.06.2026
CVE-2026-11584	CodeAstro Student Attendance Management System createClass.php edit sql injection	08.06.2026
CVE-2026-35058		08.06.2026
CVE-2026-40519	Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins()	08.06.2026
CVE-2026-46484	Headplane: Path Traversal + RBAC Bypass in renameNode allows authenticated OIDC users to expire or rename any node/user	08.06.2026	8.1
CVE-2026-47344	TYPO3 HTML Sanitizer allows Cross-Site Scripting	08.06.2026
CVE-2026-47345	TYPO3 HTML Sanitizer allows Cross-Site Scripting	08.06.2026
CVE-2026-49141	WACRM Authorization Bypass via Automation Engine Endpoint	08.06.2026
CVE-2026-10544		08.06.2026
CVE-2026-10786		08.06.2026
CVE-2026-10787		08.06.2026
CVE-2026-11393	Code injection via improper triple-quote escaping in AgentCore CLI Bedrock Agent import	08.06.2026	9
CVE-2026-11557	Tenda F451 Web Management Natlimit fromNatlimit stack-based overflow	08.06.2026
CVE-2026-11558	CodeAstro Payroll System home_salary.php sql injection	08.06.2026
CVE-2026-11559	CodeAstro Payroll System view_account.php sql injection	08.06.2026
CVE-2026-46486	Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing	08.06.2026
CVE-2026-46490	samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions	08.06.2026
CVE-2026-52778	YesWiki has Unsafe eval() in Formula Calculator - Remote Code Execution (RCE) & Denial of Service (DoS)	08.06.2026	9.8
CVE-2026-11552	SourceCodester Onlne Examination & Learning Management System import_users.php hard-coded password	08.06.2026
CVE-2026-11553	Tenda HG7HG9/HG10 formPPPEdit stack-based overflow	08.06.2026
CVE-2026-11554	TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation	08.06.2026
CVE-2026-11555	D-Link DGS-1100-08PD Web boa.conf least privilege violation	08.06.2026
CVE-2026-11556	Tenda F451 Web Management WriteFacMac formWriteFacMac os command injection	08.06.2026
CVE-2026-8913	Command Injection in TP-Link's Archer MR600 WireGuard Client Configuration	09.06.2026
CVE-2026-11530	imvks786 student_management_system Login index.ph sql injection	08.06.2026
CVE-2026-11531	imvks786 student_management_system Administrator Login Endpoint admin_login.php sql injection	08.06.2026
CVE-2026-11532	imvks786 student_management_system Student Record add.php access control	08.06.2026
CVE-2026-11533	imvks786 student_management_system Student Deletion Endpoint see.php improper authorization	08.06.2026
CVE-2026-11534	imvks786 student_management_system add.php cross site scripting	08.06.2026
CVE-2026-11611	389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions	08.06.2026
CVE-2026-25555	OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header	08.06.2026
CVE-2026-25559	OpenBullet2 0.3.2 Path Traversal via Wordlist Endpoint	08.06.2026
CVE-2026-25855	OpenBullet2 0.3.2 Authenticated RCE via FileProxySource Script Upload	08.06.2026
CVE-2026-25856	OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface	08.06.2026
CVE-2026-39908	OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source	08.06.2026
CVE-2026-39910	STACKIT IaaS API Privilege Escalation via Service Account Attachment	08.06.2026
CVE-2026-41448	AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie	08.06.2026
CVE-2026-43966	HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2	09.06.2026
CVE-2026-45581	fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode	08.06.2026	5.5
CVE-2026-46276	drm/amdgpu: fix zero-size GDS range init on RDNA4	08.06.2026
CVE-2026-46277	mm/zone_device: do not touch device folio after calling ->folio_free()	08.06.2026
CVE-2026-46278	drm/imagination: Fix segfault when updating ftrace mask	08.06.2026
CVE-2026-46279	mm/alloc_tag: clear codetag for pages allocated before page_ext initialization	08.06.2026
CVE-2026-46280	lib: test_hmm: evict device pages on file close to avoid use-after-free	08.06.2026
CVE-2026-46281	vmalloc: fix buffer overflow in vrealloc_node_align()	08.06.2026
CVE-2026-46282	iio: frequency: admv1013: fix NULL pointer dereference on str	08.06.2026
CVE-2026-46283	tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()	08.06.2026
CVE-2026-46284	mm/hugetlb: fix early boot crash on parameters without '=' separator	08.06.2026
CVE-2026-46285	mtd: docg3: fix use-after-free in docg3_release()	08.06.2026
CVE-2026-46286	leds: qcom-lpg: Check for array overflow when selecting the high resolution	08.06.2026
CVE-2026-46287	net: txgbe: fix RTNL assertion warning when remove module	08.06.2026
CVE-2026-46288	of: unittest: fix use-after-free in of_unittest_changeset()	08.06.2026
CVE-2026-46289	lib/scatterlist: fix length calculations in extract_kvec_to_sg	08.06.2026
CVE-2026-46290	x86/efi: Fix graceful fault handling after FPU softirq changes	08.06.2026
CVE-2026-46291	crypto: caam - guard HMAC key hex dumps in hash_digest_key	08.06.2026
CVE-2026-46292	pmdomain: core: Fix detach procedure for virtual devices in genpd	08.06.2026
CVE-2026-46293	clk: microchip: mpfs-ccc: fix out of bounds access during output registration	08.06.2026
CVE-2026-46294	dm: fix a buffer overflow in ioctl processing	08.06.2026
CVE-2026-46295	KVM: x86: Do IRR scan in __kvm_apic_update_irr even if PIR is empty	08.06.2026
CVE-2026-46296	spi: s3c64xx: fix NULL-deref on driver unbind	08.06.2026
CVE-2026-46297	net: libwx: use request_irq for VF misc interrupt	08.06.2026
CVE-2026-46298	pseries/papr-hvpipe: Fix race with interrupt handler	08.06.2026
CVE-2026-46299	hfsplus: fix held lock freed on hfsplus_fill_super()	08.06.2026
CVE-2026-46301	spi: topcliff-pch: fix use-after-free on unbind	08.06.2026
CVE-2026-46302	selinux: allow multiple opens of /sys/fs/selinux/policy	08.06.2026
CVE-2026-46303	isofs: validate Rock Ridge CE continuation extent against volume size	08.06.2026
CVE-2026-46304	nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free	08.06.2026
CVE-2026-46305	staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc	08.06.2026
CVE-2026-46306	flow_dissector: do not dissect PPPoE PFC frames	08.06.2026
CVE-2026-46307	wifi: ath5k: do not access array OOB	08.06.2026
CVE-2026-46308	pmdomain: mediatek: fix use-after-free in scpsys_get_bus_protection_legacy()	08.06.2026
CVE-2026-46309	drm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise	08.06.2026
CVE-2026-46310	media: renesas: vsp1: Fix NULL pointer deref on module unload	08.06.2026
CVE-2026-46311	drm/amdgpu/userq: fix access to stale wptr mapping	08.06.2026
CVE-2026-46312	media: videobuf2: Set vma_flags in vb2_dma_sg_mmap	08.06.2026
CVE-2026-46313	media: intel/ipu6: fix error pointer dereference	08.06.2026
CVE-2026-46314	drm/v3d: Reject empty multisync extension to prevent infinite loop	08.06.2026
CVE-2026-46481	OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users	08.06.2026	8.3
CVE-2026-48507	Snipe-IT: Bulk editing users allowed `ldap_import` and `activated_in` bulk editing users	08.06.2026	7.1
CVE-2026-11529	designcomputer mysql-mcp-server mysql URI server.py read_resource sql injection	08.06.2026
CVE-2026-42861	Flowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource Reassignment	08.06.2026
CVE-2026-42862	Flowise: Mass Assignment in Tool Update Endpoint Allows Cross-Workspace Resource Reassignment	08.06.2026
CVE-2026-42863	Flowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow Reassignment	08.06.2026
CVE-2026-46440	Flowise: Basic Auth Credentials Exposed via API	08.06.2026
CVE-2026-46441	Flowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource Reassignment	08.06.2026
CVE-2026-46442	Flowise: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape	08.06.2026
CVE-2026-46443	Flowise: Credential Data Leak	08.06.2026
CVE-2026-46444	Flowise: Vector Store No Permission Checks	08.06.2026
CVE-2026-46475	Flowise: Assistant create+update mass-assignment allows cross-workspace assistant takeover	08.06.2026
CVE-2026-46476	Flowise: CustomTemplate create+update mass-assignment allows cross-workspace template takeover	08.06.2026
CVE-2026-46477	Flowise: Dataset create+update mass-assignment allows cross-workspace dataset takeover	08.06.2026
CVE-2026-46478	Flowise: DatasetRow create+update mass-assignment allows cross-workspace row takeover	08.06.2026
CVE-2026-46479	Flowise: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover	08.06.2026
CVE-2026-46480	Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover	08.06.2026
CVE-2026-48913	Apache HTTP Server: mod_http2 memory corruption when file handles exhausted	08.06.2026
CVE-2026-49975	Apache HTTP Server: mod_http2 denial of service	08.06.2026