CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-10868 MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification 04.06.2026 9
CVE-2026-43986 Tautulli vulnerable to unauthenticated SSRF in /image/<hash> via attacker-seeded image hash replay 04.06.2026 9.9
CVE-2019-25727 WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download 04.06.2026 9.3
CVE-2019-25729 PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie 04.06.2026 9.3
CVE-2019-25738 WordPress Hybrid Composer 1.4.6 Unauthenticated Settings Change 04.06.2026 9.3
CVE-2019-25741 Mobatek MobaXterm 12.1 Buffer Overflow via Sessions File 04.06.2026 9.3
CVE-2026-8037 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF 04.06.2026 9.6
CVE-2026-10840 Openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to kueue and cert-manager resources 04.06.2026 9.6
CVE-2026-4104 SQLi in Akmer Informatics' TeknoPass 04.06.2026 9.8
CVE-2026-50214 Shared Secret Quota Inflation 04.06.2026 9.3
CVE-2026-50208 Permissive TrustAllCerts TLS Verification 04.06.2026 9.2
CVE-2026-50209 MDM Server Registration Overriding 04.06.2026 9.3
CVE-2026-49190 Missing Per-Instruction Authorization Checks 04.06.2026 9.4
CVE-2026-49191 Exposed Hard-coded M3WebServer Backend API Key 04.06.2026 9.3
CVE-2026-49194 SCREEN_CLICK Authentication Bypass 04.06.2026 9.4
CVE-2026-41283 04.06.2026 9.9
CVE-2026-49185 Instruction Injection via FieldX MDM 04.06.2026 10
CVE-2026-35075 Hardcoded default Password for Service Account 03.06.2026 9.3
CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232 04.06.2026 9.8
CVE-2026-4035 Environment Variable Resolution Vulnerability in mlflow/mlflow 03.06.2026 9.1
CVE-2026-32625 LibreChat Exfiltrates Server Secrets via MCP Server URL Injection 03.06.2026 9.6
CVE-2026-42849 authentik: Reflected XSS in SFE AutosubmitStage allows IDP account takeover 03.06.2026 9.3
CVE-2026-49448 authentik: SourceStage bypass via empty POST 03.06.2026 9.8
CVE-2026-5076 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation 02.06.2026 9.8
CVE-2026-0611 Spacelabs Healthcare Sentinel 10.5.x < 11.6.0 Unauthenticated RCE via .NET Remoting 02.06.2026 9.2
CVE-2026-42074 OpenClaude: Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input 02.06.2026 9.3
CVE-2026-47117 OpenMed < 1.5.2 Remote Code Execution via PII Model Loading 02.06.2026 9.3
CVE-2026-7198 CWE-284: Improper Access Control in web services in Progress Sitefinity 03.06.2026 9.8
CVE-2026-7312 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity 03.06.2026 10
CVE-2026-42684 WordPress WP Job Portal plugin <= 2.5.1 - SQL Injection vulnerability 02.06.2026 9.3
CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability 02.06.2026 9.8
CVE-2026-34906 Server-Side Template Injection (SSTI) in Wirtualna Uczelnia 02.06.2026 9.3
CVE-2026-8206 Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' 02.06.2026 9.8
CVE-2026-25879 Langroid has Prompt to SQL Injection, Leading to RCE 02.06.2026 9.8
CVE-2018-25427 Arm Whois 3.11 Buffer Overflow via SEH Overwrite 02.06.2026 9.3
CVE-2026-40965 03.06.2026 10
CVE-2026-0072 01.06.2026 10
CVE-2026-49121 AI Tensor Engine for ROCm (AITER) 0.1.14 Unauthenticated RCE via MessageQueue.recv() Pickle Deserialization 02.06.2026 9.2
CVE-2026-8644 IBM WebSphere Application Server is affected by an identity spoofing vulnerability 01.06.2026 9.1
CVE-2026-9311 IBM WebSphere Application Server is affected by remote code execution 02.06.2026 9
CVE-2026-9319 IBM WebSphere Application Server is affected by a remote code execution vulnerability 02.06.2026 9
CVE-2026-42672 WordPress WP Directory Kit plugin <= 1.5.1 - SQL Injection vulnerability 01.06.2026 9.3
CVE-2026-44211 Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability 04.06.2026 9.6
CVE-2026-45131 CloudPirates Open Source Helm Charts: GitHub Actions pull_request_target workflow allows secret exfiltration via fork pull requests 01.06.2026 10
CVE-2026-45132 CloudPirates Open Source Helm Charts: GitHub Actions workflow leaks PAT and SSH signing key via unsafe credential handling 01.06.2026 10
CVE-2026-0826 Poly Voice – Possible Remote Control of Certain Poly Devices 01.06.2026 9.2
CVE-2026-42680 WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability 01.06.2026 9.8
CVE-2026-42682 WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability 01.06.2026 9.1
CVE-2026-48866 WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability 01.06.2026 9.6
CVE-2026-48879 WordPress AIWU plugin <= 1.4.17 - Privilege Escalation vulnerability 01.06.2026 9.8
CVE-2026-8931 Critical RCE vulnerability in Disig Web Signer 01.06.2026 9.4
CVE-2026-7858 Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x 01.06.2026 9.8
CVE-2026-48188 SQL Injection via MySQL Quote Method 01.06.2026 9.1
CVE-2026-10187 Totolink N300RH Web Management wireless.so setWiFiBasicConfig stack-based overflow 02.06.2026 9.3
CVE-2018-25412 Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php 02.06.2026 9.3
CVE-2026-45372 cpp-httplib: HTTP header value percent-decoding in server-side `parse_header` enables CRLF injection 01.06.2026 9.9
CVE-2026-45697 Formie: Pre-authenticated server-side template injection in Hidden fields 01.06.2026 9.8
CVE-2026-44649 SillyTavern: Authentication Bypass via SSO Header Injection 02.06.2026 9.8
CVE-2026-44650 SillyTavern: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 29.05.2026 9.1
CVE-2026-47744 Shopper: Authorization bypass and RBAC privilege escalation in team settings 29.05.2026 9.9
CVE-2026-9051 Authentication Bypass Vulnerability in NI SystemLink Enterprise 29.05.2026 9.3
CVE-2026-45625 Arcane: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs 01.06.2026 9.9
CVE-2026-45628 Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline 29.05.2026 9.6
CVE-2026-45629 Dokploy: Authenticated Remote Code Execution via Command Injection in /listen-deployment WebSocket Endpoint 02.06.2026 9.9
CVE-2026-45630 Dokploy: Authenticated Remote Code Execution via Command Injection in updateTraefikConfig Echo Statement 01.06.2026 9
CVE-2026-45631 Dokploy: Pre-Auth Admin Takeover via Hardcoded Authentication Secret 01.06.2026 10
CVE-2026-45632 Dokploy: Schedule Authorization Bypass Enables Host/Server Command Execution 02.06.2026 9.9
CVE-2026-45633 Dokploy: Command Injection in /docker-container-logs Endpoint 29.05.2026 9.9
CVE-2026-45661 Dokploy: Remote Code Execution through Path Traversal 02.06.2026 9.9
CVE-2026-45668 Trilium Notes : Note Import to RCE via #docName Path Traversal (Safe Import Enabled) 29.05.2026 9.3
CVE-2026-5386 KMW CCTV Security Cameras Unverified Password Change 29.05.2026 9.1
CVE-2026-7786 Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials 29.05.2026 9.8
CVE-2026-44962 29.05.2026 10
CVE-2026-45663 Dokploy: Remote Code Execution via destinationPath in Container File Upload 29.05.2026 9.9
CVE-2026-10042 manga-image-translator RCE via Unsafe Pickle Deserialization in Share Model 29.05.2026 9.2
CVE-2026-4290 WP Travel Pro <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators 29.05.2026 9.1
CVE-2026-46376 FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface 29.05.2026 9.3
CVE-2026-10071 Interinfo|DreamMaker - Arbitrary File Upload 29.05.2026 9.3
CVE-2026-45043 RustFS: ImportIam Allows Creation of Backdoor Service Accounts Under Any Parent Including Root 02.06.2026 9.3
CVE-2026-45312 RAGFlow: Server-Side Template Injection in Prompt Generator leads to Remote Code Execution 02.06.2026 9.9
CVE-2026-8326 Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE 29.05.2026 10
CVE-2026-9508 Incorrect Permission Assignment for Critical Resource vulnerability in Suprema's BioStar 29.05.2026 10
CVE-2025-41269 29.05.2026 9.3
CVE-2025-41270 29.05.2026 9.3
CVE-2025-41272 29.05.2026 9.3
CVE-2025-41273 29.05.2026 9.3
CVE-2025-41274 29.05.2026 9.3
CVE-2025-41275 29.05.2026 9.3
CVE-2025-41276 29.05.2026 9.3
CVE-2025-41277 29.05.2026 9.3
CVE-2026-9559 29.05.2026 9.9
CVE-2026-49201 Acer Wave 7 router: Hardcoded Cryptographic Key 29.05.2026 10
CVE-2026-9558 29.05.2026 9.9
CVE-2026-49197 Predator Connect W6x: Improper Authentication 29.05.2026 10
CVE-2026-49199 Predator Connect W6x: RCE via MQTT 29.05.2026 10
CVE-2026-49200 Acer Wave 7 router: Broken Access Control 29.05.2026 10
CVE-2026-3655 OTP Login With Phone Number, OTP Verification <= 1.8.60 - Unauthenticated Authentication Bypass via Firebase OTP Verification 29.05.2026 9.8
CVE-2026-8732 WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action 29.05.2026 9.8
CVE-2026-8809 Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter 29.05.2026 9.8
CVE-2026-44848 Portainer: Missing authorization on Docker plugin endpoints allows host RCE 01.06.2026 9.4
CVE-2026-44849 Portainer: Endpoint security bypass via Swarm service create/update 29.05.2026 9.4
CVE-2026-34311 29.05.2026 9.8
CVE-2026-45288 Marten has an SQL injection vulnerability in its full-text search regConfig parameter 30.05.2026 9.8
CVE-2026-46775 29.05.2026 9.9
CVE-2026-46817 29.05.2026 9.8
CVE-2026-46819 29.05.2026 9.1
CVE-2026-46822 29.05.2026 9.9
CVE-2026-46824 29.05.2026 9.9
CVE-2026-46833 29.05.2026 9
CVE-2026-46839 29.05.2026 9.9
CVE-2026-46840 29.05.2026 10
CVE-2026-9645 ScadaBR Authenticated Remote Code Execution 29.05.2026 9.9
CVE-2026-9037 Download of code without integrity check in XCharge C6 29.05.2026 9.3
CVE-2026-45039 RustFS: Internode RPC HMAC secret falls back to public default credential, enabling peer impersonation 30.05.2026 9.8
CVE-2026-43898 SandboxJS: Sandbox escape via Function.caller leakage of internal call op 28.05.2026 10
CVE-2026-45058 electerm: Import unsafe bookmark data could lead to unsafe operation when click local type bookmark 30.05.2026 9.4
CVE-2026-45311 CodeWhale: run_tests Tool Enables RCE via Malicious Repository Without Approval 01.06.2026 9.6
CVE-2026-45353 electerm: Local code through electerm's single-instance socket 28.05.2026 9.3
CVE-2026-45374 CodeWhale: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files 30.05.2026 9.6

Latest Updates

CVE Title Updated Score
CVE-2026-10813 LMCache KV Cache utils.py hex_hash_to_int16 weak hash 04.06.2026
CVE-2026-10814 milvus-io milvus Grantee ID Hash kv_catalog.go weak hash 04.06.2026
CVE-2026-10815 LakshayD02 Hostel-Management-System-PHP Admin Dashboard index.php authorization 04.06.2026
CVE-2026-10868 MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification 04.06.2026
CVE-2026-36182 04.06.2026
CVE-2026-38570 04.06.2026
CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body 04.06.2026 5.4
CVE-2026-41178 OpenTelemetry-Go's baggage parsing no longer caps raw header length 04.06.2026 5.3
CVE-2026-43984 Tautulli has stored XSS in logFile via guest-controlled log_js_errors input 04.06.2026 8.9
CVE-2026-43985 Taultulli has CSRF in /configUpdate via missing anti-CSRF and method restriction that allows admin credential takeover 04.06.2026 8.8
CVE-2026-43986 Tautulli vulnerable to unauthenticated SSRF in /image/<hash> via attacker-seeded image hash replay 04.06.2026 9.9
CVE-2026-44393 04.06.2026
CVE-2026-45287 OpenTelemetry-Go's Schema ParseFile leaks file descriptors on each parse 04.06.2026
CVE-2026-5228 Improper Access Control in Kurt Software Studio's WriteUp Mobile App 04.06.2026 8.8
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory 04.06.2026
CVE-2026-10811 itsourcecode Fees Management System receipt.php sql injection 04.06.2026
CVE-2026-10812 zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash 04.06.2026
CVE-2026-10860 MISP CRUDComponent delete validation bypass via operator precedence error 04.06.2026
CVE-2026-10863 MISP User-controlled order parameter in correlations over-correlation endpoint 04.06.2026
CVE-2026-10864 MISP Dashboard widget field selection may expose restricted user and organisation data 04.06.2026
CVE-2026-28318 SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability 04.06.2026 7.5
CVE-2026-35904 04.06.2026
CVE-2026-35905 04.06.2026
CVE-2026-35906 04.06.2026
CVE-2026-36174 04.06.2026
CVE-2026-36175 04.06.2026
CVE-2026-36176 04.06.2026
CVE-2026-36178 04.06.2026
CVE-2026-36180 04.06.2026
CVE-2026-41065 Tautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template Directory 04.06.2026
CVE-2026-45739 Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs 04.06.2026 3.1
CVE-2026-47706 Strawberry GraphQL has a Circular Fragment Reference DOS 04.06.2026 5.3
CVE-2026-47707 Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification 04.06.2026 5.3
CVE-2019-25726 All in One Video Downloader 1.2 SQL Injection via admin page-edit 04.06.2026
CVE-2019-25727 WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download 04.06.2026
CVE-2019-25728 Care2x 2.7 Hospital Information System SQL Injection via ck_config 04.06.2026
CVE-2019-25729 PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie 04.06.2026
CVE-2019-25730 Listing Hub CMS 1.0 SQL Injection via pages.php id 04.06.2026
CVE-2019-25731 Zuz Music 2.1 Persistent Cross-site Scripting via zuzconsole Contact 04.06.2026
CVE-2019-25732 PHP EI-Tube Script 3 SQL Injection via search parameter 04.06.2026
CVE-2019-25733 NetShareWatcher 1.5.8.0 SEH Buffer Overflow 04.06.2026
CVE-2019-25734 Contact Form by WD 1.13.1 CSRF to Local File Inclusion 04.06.2026
CVE-2019-25735 AllPlayer 7.4 Local Buffer Overflow via SEH Unicode 04.06.2026
CVE-2019-25736 LabF nfsAxe 3.7 Ping Client Buffer Overflow 04.06.2026
CVE-2019-25737 Live Chat Unlimited 2.8.3 Stored Cross-Site Scripting 04.06.2026
CVE-2019-25738 WordPress Hybrid Composer 1.4.6 Unauthenticated Settings Change 04.06.2026
CVE-2019-25739 GigToDo Freelance Marketplace Script 1.3 Persistent XSS 04.06.2026
CVE-2019-25740 Joomla com_jsjobs 1.2.6 Arbitrary File Deletion 04.06.2026
CVE-2019-25741 Mobatek MobaXterm 12.1 Buffer Overflow via Sessions File 04.06.2026
CVE-2019-25742 WordPress Theme Zoner Real Estate 4.1.1 Persistent XSS 04.06.2026
CVE-2019-25743 WordPress Soliloquy Lite 2.5.6 Persistent Cross-Site Scripting 04.06.2026
CVE-2019-25744 WordPress Popup Builder 3.49 Persistent Cross-Site Scripting 04.06.2026
CVE-2019-25745 WordPress Plugin Google Review Slider 6.1 SQL Injection via tid 04.06.2026
CVE-2025-46638 04.06.2026 7.5
CVE-2025-59874 HCL Hive Telco Observability is affected by  a Required directives missing from the CSP . 04.06.2026 8.1
CVE-2025-62338 The HCL BigFix Cloud Lifecycle Management is affected by Lack of Input Validation. 04.06.2026 3.3
CVE-2026-10806 mjperpinosa stumasy add_post.php unrestricted upload 04.06.2026
CVE-2026-10807 mjperpinosa stumasy change_profile_image.php unrestricted upload 04.06.2026
CVE-2026-10808 itsourcecode Fees Management System manage_student.php sql injection 04.06.2026
CVE-2026-10809 itsourcecode Fees Management System manage_user.php sql injection 04.06.2026
CVE-2026-10810 itsourcecode Fees Management System navbar.php cross site scripting 04.06.2026
CVE-2026-10854 Unauthorized exposure of private galaxies in MISP event template creation 04.06.2026
CVE-2026-10855 MISP Event template importer authorization bypass 04.06.2026
CVE-2026-10856 Open redirect in MISP dashboard button widget URL handling 04.06.2026
CVE-2026-10861 MISP post-login open redirect via pre_login_requested_url 04.06.2026
CVE-2026-40605 Tautulli Vulnerable to Authenticated Path Traversal in Cache Deletion API 04.06.2026
CVE-2026-43926 FOSSBilling's password reset confirmation endpoint lacks rate limiting 04.06.2026
CVE-2026-45433 Hardcoded Cryptographic Key Vulnerability in GX Earth ONT Models 04.06.2026
CVE-2026-8037 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF 04.06.2026 9.6
CVE-2026-8762 04.06.2026
CVE-2025-12694 Local Privilege Escalation in VPN Client 04.06.2026
CVE-2025-52606 HCL iControl was affected by Weak Input Validation vulnerability. . 04.06.2026 4.3
CVE-2025-52608 HCL iControl was affected by Missing Cookie Attributes vulnerability. 04.06.2026 3.1
CVE-2025-52609 HCL iControl was affected by Missing Security Headers vulnerability. 04.06.2026 3.7
CVE-2025-52611 HCL iControl was affected by Unhandled Exception - Stack Trace Disclosure vulnerability 04.06.2026 3.1
CVE-2025-52612 HCL iControl was affected by Export CSV - CSV Injection vulnerability. 04.06.2026 7.1
CVE-2026-10802 keystonejs keystone GraphQL API Endpoint output-field.ts resource consumption 04.06.2026
CVE-2026-10803 MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash 04.06.2026
CVE-2026-10804 Streamlit Palette hashing.py weak hash 04.06.2026
CVE-2026-10840 Openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to kueue and cert-manager resources 04.06.2026
CVE-2026-10843 Cloud-credential-operator: cco mint-mode credentialsrequest manifests grant account-wide iam access beyond cluster scope on aws 04.06.2026
CVE-2026-45431 Command Injection Vulnerability in GX Earth ONT Models 04.06.2026
CVE-2026-45432 Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models 04.06.2026
CVE-2026-4104 SQLi in Akmer Informatics' TeknoPass 04.06.2026 9.8
CVE-2026-10801 modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash 04.06.2026
CVE-2026-49077 WordPress WP eMember plugin <= v10.2.2 - Sensitive Data Exposure vulnerability 04.06.2026 5.3
CVE-2026-10305 04.06.2026 6.1
CVE-2026-10800 PaddlePaddle FastDeploy MultimodalHasher hasher.py hash_features weak hash 04.06.2026
CVE-2026-47306 04.06.2026 6.1
CVE-2026-47318 04.06.2026 6.1
CVE-2026-47319 04.06.2026 6.1
CVE-2026-47320 04.06.2026 6.1
CVE-2026-49510 04.06.2026 6.1
CVE-2026-49771 WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability 04.06.2026 7.6
CVE-2026-4881 04.06.2026
CVE-2026-50214 Shared Secret Quota Inflation 04.06.2026
CVE-2026-50224 Unauthenticated IPv6 WAN Management Exposure 04.06.2026
CVE-2026-50225 Account Creation Exhaustion 04.06.2026
CVE-2026-50226 Firmware Theft & IMEI Spoofing via Connect-OTA 04.06.2026
CVE-2026-8916 04.06.2026 6.1
CVE-2026-3820 Supermicro BMC's SMTP service contains a command injection vulnerability 04.06.2026 7.2
CVE-2026-50207 Local Modem Manipulation via Binder Interfaces 04.06.2026
CVE-2026-50208 Permissive TrustAllCerts TLS Verification 04.06.2026
CVE-2026-50209 MDM Server Registration Overriding 04.06.2026
CVE-2026-50210 Weak Static Cryptographic Initialization Vectors 04.06.2026
CVE-2026-50211 Exposed Factory Testing App Boundaries 04.06.2026
CVE-2026-50212 Arbitrary Remote Device Unbinding 04.06.2026
CVE-2026-50213 Bulk User Private Data Harvesting 04.06.2026
CVE-2026-49190 Missing Per-Instruction Authorization Checks 04.06.2026
CVE-2026-49191 Exposed Hard-coded M3WebServer Backend API Key 04.06.2026
CVE-2026-49192 Summary Service Insecure Direct Object Reference 04.06.2026
CVE-2026-49193 Publicly Readable AWS S3 Telemetry Buckets 04.06.2026
CVE-2026-49194 SCREEN_CLICK Authentication Bypass 04.06.2026
CVE-2026-49202 Unverified Meeting Recording Endpoints & Permissive CORS 04.06.2026
CVE-2026-49203 Unauthenticated eSIM Configuration Manipulation 04.06.2026
CVE-2026-49204 Hard-coded AWS Cognito Testing Accounts 04.06.2026
CVE-2026-50205 Plaintext Log Credential Leakage 04.06.2026
CVE-2026-50206 VPN Command Injection Vulnerability 04.06.2026
CVE-2026-10805 Networkmanager: networkmanager: local privilege escalation via malformed mud urls in dhclient backend 04.06.2026
CVE-2026-49187 Hard-coded APK Resource Credentials & Scepters 04.06.2026
CVE-2026-49188 Elevated Root Command Execution via ai_cmd Sockets 04.06.2026
CVE-2026-49189 Broadcast Receiver Privilege Escalation 04.06.2026
CVE-2026-50219 04.06.2026 4.9
CVE-2026-41010 04.06.2026
CVE-2026-41283 04.06.2026 9.9
CVE-2026-44917 04.06.2026 4.9
CVE-2026-48681 04.06.2026 5.9
CVE-2026-49185 Instruction Injection via FieldX MDM 04.06.2026
CVE-2026-49186 Lack of MQTT Broker Topic Access Control Lists 04.06.2026
CVE-2026-10597 ITPison|OMICARD EDM - Insecure Direct Object Reference 04.06.2026
CVE-2026-41011 04.06.2026
CVE-2026-41858 04.06.2026 6.5
CVE-2026-41859 04.06.2026
CVE-2026-41860 04.06.2026
CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities 04.06.2026
CVE-2026-10737 SP Project & Document Manager <= 4.71 - Missing Authorization to Unauthenticated Arbitrary File Information Disclosure via view_file() Function 04.06.2026 7.5
CVE-2026-7764 Out-of-bounds read in morse.ko Vendor IE processing 04.06.2026
CVE-2026-8653 MasterStudy LMS Pro Plus <= 4.8.20 - Authenticated (Instructor+) SQL Injection via 'columns' Parameter 04.06.2026 6.5
CVE-2026-8722 Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections 03.06.2026
CVE-2026-10783 gradio-app gradio Audio Cache Key save_audio_to_cache weak hash 04.06.2026
CVE-2026-10775 sgl-project SGLang Cache data_hash denial of service 04.06.2026
CVE-2026-10777 ealpha072 Student-Management-System Administrative Backend config.php improper authentication 04.06.2026
CVE-2026-2596 03.06.2026
CVE-2026-10771 crmeb crmeb_java base64 Qrcode Endpoint RestTemplateUtil.java RestTemplate.getForEntity server-side request forgery 04.06.2026
CVE-2026-22054 04.06.2026
CVE-2026-22055 04.06.2026
CVE-2026-46447 04.06.2026 5.8
CVE-2026-10766 mlrun DataFrame Hash helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash 04.06.2026
CVE-2026-26824 04.06.2026
CVE-2026-26825 03.06.2026
CVE-2026-37700 03.06.2026
CVE-2026-40495 FOSSBilling version exposed via asset cache buster 04.06.2026
CVE-2026-42061 04.06.2026
CVE-2026-43924 FOSSBilling has an open redirect via administrator-configured redirect targets 04.06.2026
CVE-2026-44609 04.06.2026
CVE-2026-44682 04.06.2026
CVE-2026-50033 04.06.2026
CVE-2026-26378 04.06.2026
CVE-2026-26379 04.06.2026
CVE-2026-42839 ERPNext 16.16.0 - Stored XSS in POS cart item rendering 03.06.2026
CVE-2026-42840 ERPNext 16.16.0 - Stored XSS in POS customer section via unescaped template literals 03.06.2026
CVE-2026-45614 OP-TEE vulnerable to ECDH private key recovery 03.06.2026 4.7
CVE-2026-45702 OP-TEE has FF-A type confusion in SPMC tmem path that causes S-EL1 kernel panic 04.06.2026 4.4
CVE-2026-7888 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction. 03.06.2026
CVE-2026-8874 CVE-2026-8874 04.06.2026
CVE-2026-8876 CVE-2026-8876 04.06.2026
CVE-2026-8878 CVE-2026-8878 04.06.2026
CVE-2026-8879 CVE-2026-8879 04.06.2026
CVE-2026-8881 CVE-2026-8881 03.06.2026
CVE-2026-8888 CVE-2026-8888 03.06.2026
CVE-2026-8889 CVE-2026-8889 03.06.2026
CVE-2026-36460 03.06.2026
CVE-2026-39107 03.06.2026