| CVE-2024-47477 |
|
17.06.2026 |
6.5 |
| CVE-2026-10850 |
Plane 1.3.1 - Stored XSS in intake issue description_html |
17.06.2026 |
|
| CVE-2026-11311 |
NGINX Gateway Fabric vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-12528 |
389-ds-base: 389-ds-base: heap-buffer-overflows in __aclp__normalize_acltxt() |
17.06.2026 |
|
| CVE-2026-22283 |
|
17.06.2026 |
7.5 |
| CVE-2026-32804 |
|
17.06.2026 |
8.1 |
| CVE-2026-35065 |
|
17.06.2026 |
8.8 |
| CVE-2026-35066 |
|
17.06.2026 |
7.1 |
| CVE-2026-35067 |
|
17.06.2026 |
5.7 |
| CVE-2026-35162 |
|
17.06.2026 |
4.3 |
| CVE-2026-40641 |
|
17.06.2026 |
4.8 |
| CVE-2026-42055 |
NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-42530 |
NGINX Open-Source ngx_http_v3_module vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-47103 |
Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection |
17.06.2026 |
|
| CVE-2026-48117 |
DroneAware's Improper Account Activation in Registration and SSO Flows Leads to Account Takeover |
17.06.2026 |
6.8 |
| CVE-2026-48142 |
NGINX ngx_http_charset_module vulnerability |
17.06.2026 |
4.8 |
| CVE-2026-49502 |
|
17.06.2026 |
7.4 |
| CVE-2026-54415 |
Broken Access Control in Azuriom CMS Server Routes Allows Account Takeover |
17.06.2026 |
8.1 |
| CVE-2026-54810 |
WordPress Nexi XPay plugin <= 8.3.1 - Broken Access Control vulnerability |
17.06.2026 |
7.5 |
| CVE-2026-54812 |
WordPress Motors plugin <= 1.4.109 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-55743 |
OpenHuman desktop agent shell tool sandbox bypass leads to arbitrary command execution |
17.06.2026 |
9.6 |
| CVE-2026-55748 |
|
17.06.2026 |
6 |
| CVE-2025-15657 |
WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability |
17.06.2026 |
5.3 |
| CVE-2025-59554 |
WordPress Advanced Ads – Tracking plugin < 3.0.7 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2025-60229 |
WordPress Lagom theme <= 2.0 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2025-60230 |
WordPress The Barber Shop theme <= 1.9 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2025-60231 |
WordPress The Hospital theme <= 1.8.1 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2025-60236 |
WordPress Creatify theme <= 1.5 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2025-66391 |
|
17.06.2026 |
|
| CVE-2025-68524 |
WordPress Avante theme < 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2025-69106 |
WordPress Imba theme <= 1.5.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69111 |
WordPress Reisen theme <= 1.4.1 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2025-69115 |
WordPress LuxMed | Medicine & Healthcare Doctor WordPress Theme theme <= 1.2.2 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69120 |
WordPress Dazzle theme <= 1.0.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69123 |
WordPress Snow Club theme <= 1.1 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69126 |
WordPress Fortius theme <= 2.3.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69127 |
WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2025-69128 |
WordPress JobCareer theme <= 7.3 - Arbitrary File Deletion vulnerability |
17.06.2026 |
8.6 |
| CVE-2025-69130 |
WordPress Entrepreneur - Booking for Small Businesses WordPress Theme theme <= 3.1.3 - PHP Object Injection vulnerability |
17.06.2026 |
8.8 |
| CVE-2025-69140 |
WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2025-69144 |
WordPress Preservation theme <= 1.10 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69157 |
WordPress Gamic theme <= 1.15 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69158 |
WordPress Granola theme <= 1.13 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69164 |
WordPress Skyward theme <= 1.10 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69166 |
WordPress Gunslinger theme <= 1.7 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69170 |
WordPress Eventicity theme <= 1.5 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69174 |
WordPress Etude theme <= 1.6 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69175 |
WordPress Line Agency theme <= 1.3.1 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69189 |
WordPress JobBank plugin <= 1.2.3 - Broken Access Control vulnerability |
17.06.2026 |
7.3 |
| CVE-2026-10641 |
Out-of-bounds write in Bluetooth HFP Hands-Free CIND indicator parsing (cind_handle_values) |
17.06.2026 |
7.1 |
| CVE-2026-39442 |
WordPress PressMart theme <= 1.2.26 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39445 |
WordPress Alukas theme < 3.0.0 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39523 |
WordPress Solene Core plugin <= 2.3.2 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39556 |
WordPress Konsept theme <= 1.9 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39559 |
WordPress Uppercase theme < 1.2.2 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39560 |
WordPress Hiroshi theme <= 1.5.1 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39576 |
WordPress SingleMalt theme <= 1.5 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39590 |
WordPress Atomlab theme <= 2.4.5 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-40720 |
WordPress Royal Elementor Addons Pro plugin < 1.7.1041 - Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2026-40733 |
WordPress ShiftUp theme <= 1.3 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-40738 |
WordPress Eldon theme <= 1.4.1 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-40752 |
WordPress Manufaktur Solutions theme <= 1.1.1 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-40756 |
WordPress Zoya theme <= 1.4 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-40757 |
WordPress Château theme <= 1.2.1 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-49108 |
WordPress Moderno theme < 1.43 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2026-49268 |
Apache Shiro: LDAP DN Injection in DefaultLdapRealm |
17.06.2026 |
|
| CVE-2026-52707 |
WordPress Kastell theme <= 2.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-52716 |
WordPress WorkScout-Core plugin <= 1.7.11 - Arbitrary File Deletion vulnerability |
17.06.2026 |
6.5 |
| CVE-2026-54193 |
WordPress Fusion Builder plugin <= 3.15.4 - Arbitrary File Deletion vulnerability |
17.06.2026 |
7.7 |
| CVE-2026-54417 |
Integer Overflow in rxi/microtar mtar_next() Causes Infinite Loop DoS |
17.06.2026 |
7.5 |
| CVE-2026-54808 |
WordPress WP Travel Gutenberg Blocks plugin <= 3.9.4 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-54809 |
WordPress GIFT4U plugin <= 1.0.10 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-54813 |
WordPress SureDash plugin <= 1.8.0 - SQL Injection vulnerability |
17.06.2026 |
8.5 |
| CVE-2026-54814 |
WordPress Motors plugin <= 1.4.109 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-54815 |
WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-54816 |
WordPress Advanced Ads plugin <= 2.0.21 - Remote Code Execution (RCE) vulnerability |
17.06.2026 |
7.5 |
| CVE-2026-54817 |
WordPress MStore API plugin <= 4.18.4 - Broken Authentication vulnerability |
17.06.2026 |
6.5 |
| CVE-2026-54818 |
WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability |
17.06.2026 |
8.5 |
| CVE-2026-54819 |
WordPress Listdom plugin <= 5.4.0 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-55738 |
Stack Buffer Overflow in rxi/microtar raw_to_header() via non-null-terminated TAR name field |
17.06.2026 |
8.8 |
| CVE-2026-9591 |
Cross-Site Request Forgery (CSRF) in SimplCommerce News Module |
17.06.2026 |
|
| CVE-2024-24709 |
WordPress Shareaholic plugin <= 9.7.11 - Broken Access Control vulnerability |
17.06.2026 |
4.3 |
| CVE-2024-31435 |
WordPress Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.6 - Broken Access Control vulnerability |
17.06.2026 |
4.3 |
| CVE-2024-32729 |
WordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arbitrary File Download vulnerability |
17.06.2026 |
7.5 |
| CVE-2024-32949 |
WordPress Integrate Google Drive plugin <= 1.3.8 - Broken Access Control vulnerability |
17.06.2026 |
8.3 |
| CVE-2024-33685 |
WordPress Startupzy theme <= 1.1.1 - Broken Access Control vulnerability |
17.06.2026 |
4.3 |
| CVE-2024-33909 |
WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability |
17.06.2026 |
5.3 |
| CVE-2024-35648 |
WordPress Emergency Password Reset plugin <= 8.0 - Cross Site Request Forgery (CSRF) vulnerability |
17.06.2026 |
4.3 |
| CVE-2024-35690 |
WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerability |
17.06.2026 |
6.5 |
| CVE-2024-37210 |
WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control vulnerability |
17.06.2026 |
6.5 |
| CVE-2024-37496 |
WordPress Metro Magazine theme <= 1.3.7 - Broken Access Control on Notice Dismissal vulnerability |
17.06.2026 |
4.3 |
| CVE-2025-31013 |
WordPress Themify Folo theme <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2025-59872 |
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, |
17.06.2026 |
4.3 |
| CVE-2025-62340 |
HCL iControl was affected by Inadequate Session Timeout vulnerability |
17.06.2026 |
3.1 |
| CVE-2026-10836 |
Improper neutralization of HTTP headers in Password Manager |
17.06.2026 |
|
| CVE-2026-10837 |
Open redirection vulnerability in Password Manager |
17.06.2026 |
|
| CVE-2026-10839 |
Open redirection vulnerability in Password Manager |
17.06.2026 |
|
| CVE-2026-11857 |
Insecure .NET Remoting deserialization in Quanos SCHEMA ST4 Client Update Service allows local privilege escalation |
17.06.2026 |
|
| CVE-2026-11858 |
Missing authorization in Quanos SCHEMA ST4 Client Update Service allows arbitrary file overwrite as SYSTEM |
17.06.2026 |
|
| CVE-2026-11975 |
Stored Cross-Site Scripting (XSS) in SimplCommerce News Module Admin Interface |
17.06.2026 |
|
| CVE-2024-34810 |
WordPress Skyline WP theme <= 1.0.10 - Cross Site Request Forgery (CSRF) vulnerability |
17.06.2026 |
4.3 |
| CVE-2024-49269 |
WordPress my flatonica theme <= 0.0.8 - Reflected Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2024-52488 |
WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerability |
17.06.2026 |
9.9 |
| CVE-2025-49403 |
WordPress Premium Age Verification / Restriction for WordPress Plugin <= 3.0.2 - Arbitrary File Download Vulnerability |
17.06.2026 |
7.5 |
| CVE-2025-58952 |
WordPress Neuronet theme < 1.14.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-58953 |
WordPress Joly theme <= 1.22.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-58954 |
WordPress HomeRoofer theme <= 2.11.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-59560 |
WordPress Sonaar theme <= 4.27.4 - Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2025-59563 |
WordPress Sonaar theme <= 4.27.4 - Privilege Escalation vulnerability |
17.06.2026 |
8.8 |
| CVE-2025-60205 |
WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2025-60218 |
WordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Upload Vulnerability |
17.06.2026 |
9.9 |
| CVE-2025-60223 |
WordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.5 - Arbitrary File Deletion vulnerability |
17.06.2026 |
7.7 |
| CVE-2025-69110 |
WordPress AirSupply theme <= 2.0.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69117 |
WordPress Ingenioso theme <= 1.14.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69129 |
WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Upload vulnerability |
17.06.2026 |
10 |
| CVE-2025-69135 |
WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability |
17.06.2026 |
8.5 |
| CVE-2025-69138 |
WordPress Genemy theme <= 1.6.6 - Privilege Escalation vulnerability |
17.06.2026 |
8.8 |
| CVE-2025-69145 |
WordPress Gat theme <= 1.16 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69148 |
WordPress Quirky theme <= 1.23 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69161 |
WordPress Snowy theme <= 1.13 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69171 |
WordPress Orpheus theme <= 1.3 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69172 |
WordPress Resurs theme <= 1.3 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69173 |
WordPress Tipsy theme <= 1.1 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69179 |
WordPress Support Ticket Management System plugin <= 1.9 - Privilege Escalation vulnerability |
17.06.2026 |
9.8 |
| CVE-2026-12491 |
Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch between model input and expectations |
17.06.2026 |
|
| CVE-2026-22325 |
WordPress Promo theme <= 1.3.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-22326 |
WordPress Reprizo theme <= 1.0.8 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-22327 |
WordPress Restaurt theme <= 1.0.4 - Arbitrary File Upload vulnerability |
17.06.2026 |
9.9 |
| CVE-2026-22328 |
WordPress Auto Repair theme <= 22.6 - Reflected Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2026-22329 |
WordPress Skillate theme <= 1.2.10 - Reflected Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2026-22330 |
WordPress Right Way theme <= 4.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-22331 |
WordPress AutoParts theme <= 1.5.8 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-22332 |
WordPress Tutor LMS Pro plugin <= 3.9.6 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-22334 |
WordPress Woocommerce Book Price plugin <= 1.3 - Arbitrary File Download vulnerability |
17.06.2026 |
7.5 |
| CVE-2026-22335 |
WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerability |
17.06.2026 |
8.5 |
| CVE-2026-22338 |
WordPress EcoBlue theme <= 1.15 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-22339 |
WordPress WPJobster theme <= 6.3.5 - Reflected Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2026-22340 |
WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-22342 |
WordPress WordPress Dating Theme theme <= 11.2.0 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability |
17.06.2026 |
8.8 |
| CVE-2026-22343 |
WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability |
17.06.2026 |
8.6 |
| CVE-2026-24575 |
WordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerability |
17.06.2026 |
4.3 |
| CVE-2026-24610 |
WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability |
17.06.2026 |
4.3 |
| CVE-2026-24611 |
WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability |
17.06.2026 |
9.1 |
| CVE-2026-25439 |
WordPress Booknetic plugin <= 4.8.5 - Account Takeover vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-25446 |
WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability |
17.06.2026 |
9.9 |
| CVE-2026-27041 |
WordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upload vulnerability |
17.06.2026 |
9.9 |
| CVE-2026-27400 |
WordPress BookPro plugin <= 1.1.0 - Arbitrary File Deletion vulnerability |
17.06.2026 |
8.6 |
| CVE-2026-27410 |
WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerability |
17.06.2026 |
6.5 |
| CVE-2026-34888 |
WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability |
17.06.2026 |
7.5 |
| CVE-2026-39537 |
WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39545 |
WordPress Zermatt theme <= 1.6.1 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39546 |
WordPress MultiLoca plugin <= 4.2.15 - Privilege Escalation vulnerability |
17.06.2026 |
7.6 |
| CVE-2026-39558 |
WordPress Malmö theme <= 2.2 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39573 |
WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39582 |
WordPress Hitek theme < 1.8.3 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39589 |
WordPress Webenvo theme <= 0.0.6 - Arbitrary File Upload vulnerability |
17.06.2026 |
9.9 |
| CVE-2026-39595 |
WordPress W3 Total Cache plugin <= 2.9.1 - Broken Access Control vulnerability |
17.06.2026 |
4.7 |
| CVE-2026-39596 |
WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-39597 |
WordPress WPZOOM Addons for Elementor plugin <= 1.3.4 - Reflected Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2026-40721 |
WordPress Element Pack Pro plugin <= 9.0.6 - Local File Inclusion vulnerability |
17.06.2026 |
7.5 |
| CVE-2026-40723 |
WordPress Bricks Builder theme <= 2.1.4 - Broken Access Control vulnerability |
17.06.2026 |
4.3 |
| CVE-2026-40724 |
WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability |
17.06.2026 |
6.5 |
| CVE-2026-40725 |
WordPress WooCommerce Product Filters plugin < 2.0.6 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2026-40726 |
WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability |
17.06.2026 |
8.2 |
| CVE-2026-40731 |
WordPress ChapterOne theme <= 1.7 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-40735 |
WordPress Reina theme <= 2.1 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-40746 |
WordPress Restaurant Zone theme <= 0.7.8 - Arbitrary File Upload vulnerability |
17.06.2026 |
9.9 |
| CVE-2026-40747 |
WordPress Ecommerce Zone theme <= 0.9.7 - Arbitrary File Upload vulnerability |
17.06.2026 |
9.9 |
| CVE-2026-40748 |
WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upload vulnerability |
17.06.2026 |
9.9 |
| CVE-2026-40749 |
WordPress Charity Zone theme <= 1.1.1 - Arbitrary File Upload vulnerability |
17.06.2026 |
9.9 |
| CVE-2026-40753 |
WordPress EasyMeals theme <= 1.5.1 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-40765 |
WordPress collectchat plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2026-40768 |
WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability |
17.06.2026 |
7.3 |
| CVE-2026-40783 |
WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerability |
17.06.2026 |
9.9 |
| CVE-2026-41557 |
WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2026-42380 |
WordPress AI Lab theme < 5.4.2 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2026-42385 |
WordPress Profile Builder Pro plugin <= 3.15.0 - Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2026-42629 |
WordPress PowerPack Pro for Elementor plugin < v2.13.0 - Broken Authentication vulnerability |
17.06.2026 |
8.8 |
| CVE-2026-45436 |
WordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerability |
17.06.2026 |
6.5 |
| CVE-2026-48875 |
WordPress JetSmartFilters plugin <= 3.8.1 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-48967 |
WordPress Geo Mashup plugin <= 1.13.19 - SQL Injection vulnerability |
17.06.2026 |
8.5 |
| CVE-2026-49058 |
WordPress LoginPress Pro plugin <= 6.2.2 - Privilege Escalation vulnerability |
17.06.2026 |
9.8 |
| CVE-2026-49071 |
WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability |
17.06.2026 |
6.5 |
| CVE-2026-49072 |
WordPress WooCommerce Anti-Fraud plugin <= 7.2.6 - Broken Access Control vulnerability |
17.06.2026 |
6.5 |
| CVE-2026-49074 |
WordPress JetEngine plugin <= 3.8.9.1 - Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2026-49075 |
WordPress JetEngine plugin <= 3.8.9.1 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2026-49076 |
WordPress JetEngine plugin <= 3.8.9.1 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-49079 |
WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-49081 |
WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability |
17.06.2026 |
8.2 |
| CVE-2026-49084 |
WordPress JetEngine plugin < 3.8.9.1 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-49107 |
WordPress Thrive Apprentice plugin < 10.8.10.2 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2026-49767 |
WordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerability |
17.06.2026 |
9.8 |
| CVE-2026-49778 |
WordPress WPFunnels Pro plugin <= 2.9.4 - Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2026-52696 |
WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability |
17.06.2026 |
7.5 |
| CVE-2026-52698 |
WordPress PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget plugin <= 4.2.3 - Sensitive Data Exposure vulnerability |
17.06.2026 |
7.4 |
| CVE-2026-52705 |
WordPress SigmaForms Pro – AI Generated Forms plugin <= 1.4.5 - Arbitrary File Upload vulnerability |
17.06.2026 |
9 |
| CVE-2026-52706 |
WordPress JetEngine plugin <= 3.8.10 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2026-54184 |
WordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerability |
17.06.2026 |
8.2 |
| CVE-2026-54185 |
WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability |
17.06.2026 |
8.5 |
| CVE-2026-54186 |
WordPress JobSearch plugin <= 3.2.9 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-54187 |
WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-54188 |
WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2026-54189 |
WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2026-54192 |
WordPress Popup box plugin <= 6.2.9 - Reflected Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2026-54195 |
WordPress JetFormBuilder plugin <= 3.6.0.1 - Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2026-54196 |
WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability |
17.06.2026 |
6.8 |
| CVE-2026-54802 |
WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerability |
17.06.2026 |
7.5 |
| CVE-2026-54803 |
WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerability |
17.06.2026 |
9.8 |
| CVE-2026-54804 |
WordPress Melhor Envio plugin <= 2.16.3 - Broken Authentication vulnerability |
17.06.2026 |
7.6 |
| CVE-2026-54805 |
WordPress Falang multilanguage plugin <= 1.4.2 - Privilege Escalation vulnerability |
17.06.2026 |
8.8 |
| CVE-2026-54806 |
WordPress WP Activity Log plugin <= 5.6.3.1 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2026-54807 |
WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulnerability |
17.06.2026 |
9.8 |
| CVE-2026-54811 |
WordPress WP eMember plugin < v10.9.4 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-5667 |
Information Disclosure, Information Tampering, or Denial-of-Service (DoS) Vulnerability in Multiple Home Appliances |
17.06.2026 |
|
| CVE-2026-9690 |
WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability |
17.06.2026 |
7.5 |
| CVE-2026-12115 |
Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import |
17.06.2026 |
6.6 |
| CVE-2026-12165 |
Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter |
17.06.2026 |
8.8 |
| CVE-2026-27868 |
PUBLICATION OF SENSITIVE INFORMATION ON REGESTA SMART HD-PLC OF TELDAT |
17.06.2026 |
|
| CVE-2026-27869 |
WEB SERVICE (HTTP) DENIAL OF SERVICE VIA SLOW HEADERS ON REGESTA SMART HD-PLC OF TELDAT |
17.06.2026 |
|
| CVE-2026-27870 |
CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT |
17.06.2026 |
|
| CVE-2026-32966 |
Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure |
17.06.2026 |
|
| CVE-2026-32967 |
Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks |
17.06.2026 |
|
| CVE-2026-40722 |
WordPress Yoast SEO Premium plugin <= 26.6 - Broken Access Control vulnerability |
17.06.2026 |
5.5 |
| CVE-2026-41280 |
Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects |
17.06.2026 |
|
| CVE-2026-42357 |
Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. |
17.06.2026 |
|
| CVE-2026-47340 |
Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access. |
17.06.2026 |
|
| CVE-2026-0063 |
|
17.06.2026 |
|
| CVE-2026-0064 |
|
17.06.2026 |
|
| CVE-2026-0068 |
|
17.06.2026 |
|
| CVE-2026-0071 |
|
17.06.2026 |
|
| CVE-2026-0081 |
|
17.06.2026 |
|
| CVE-2026-0082 |
|
17.06.2026 |
|
| CVE-2026-0083 |
|
17.06.2026 |
|
| CVE-2026-0092 |
|
17.06.2026 |
|
| CVE-2026-10094 |
Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 |
17.06.2026 |
9.8 |
| CVE-2026-12199 |
Unauthenticated Denial of Service in nltk.app.wordnet_app |
17.06.2026 |
|
| CVE-2026-28575 |
|
17.06.2026 |
|
| CVE-2026-28576 |
|
17.06.2026 |
|
| CVE-2026-28587 |
|
17.06.2026 |
|
| CVE-2026-28615 |
|
17.06.2026 |
|
| CVE-2026-7850 |
WP Magnific Popup <= 1.0 - Author+ Stored XSS via href Attribute |
17.06.2026 |
|
| CVE-2026-8089 |
weMail < 2.1.3 - Reflected Cross-Site Scripting |
17.06.2026 |
|
| CVE-2026-8383 |
LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API |
17.06.2026 |
|
| CVE-2026-8494 |
Permalink Manager Lite <= 2.5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title |
17.06.2026 |
6.4 |
| CVE-2026-8607 |
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrap' Shortcode Attribute |
17.06.2026 |
6.4 |
| CVE-2026-9570 |
Taskbuilder < 5.0.8 - Reflected XSS via Shortcode |
17.06.2026 |
|
| CVE-2025-48571 |
|
17.06.2026 |
|
| CVE-2025-48617 |
|
17.06.2026 |
|
| CVE-2025-48640 |
|
17.06.2026 |
|
| CVE-2025-48643 |
|
17.06.2026 |
|
| CVE-2026-0019 |
|
17.06.2026 |
|
| CVE-2026-0057 |
|
17.06.2026 |
|
| CVE-2026-12360 |
JetEngine <= 3.8.10.1 - Unauthenticated SQL Injection via Listing Grid Load More AJAX Endpoint |
17.06.2026 |
7.5 |
| CVE-2026-53876 |
|
17.06.2026 |
|
| CVE-2025-15641 |
Netskope Client Exposed IOCTL with Insufficient Access Controls |
17.06.2026 |
|
| CVE-2025-15642 |
Netskope Client Service Insufficient Access Controls |
17.06.2026 |
|
| CVE-2026-12437 |
|
17.06.2026 |
|
| CVE-2026-12438 |
|
17.06.2026 |
|
| CVE-2026-12439 |
|
17.06.2026 |
|
| CVE-2026-12440 |
|
17.06.2026 |
|
| CVE-2026-12441 |
|
17.06.2026 |
|
| CVE-2026-12442 |
|
17.06.2026 |
|
| CVE-2026-12443 |
|
17.06.2026 |
|
| CVE-2026-12444 |
|
17.06.2026 |
|
| CVE-2026-12445 |
|
17.06.2026 |
|
| CVE-2026-12446 |
|
17.06.2026 |
|
| CVE-2026-12447 |
|
17.06.2026 |
|
| CVE-2026-12448 |
|
17.06.2026 |
|
| CVE-2026-12449 |
|
17.06.2026 |
|
| CVE-2026-12450 |
|
17.06.2026 |
|
| CVE-2026-12451 |
|
17.06.2026 |
|
| CVE-2026-12452 |
|
17.06.2026 |
|
| CVE-2026-12453 |
|
17.06.2026 |
|
| CVE-2026-12454 |
|
17.06.2026 |
|
| CVE-2026-12455 |
|
17.06.2026 |
|
| CVE-2026-12456 |
|
17.06.2026 |
|
| CVE-2026-12457 |
|
17.06.2026 |
|
| CVE-2026-12458 |
|
17.06.2026 |
|
| CVE-2026-12459 |
|
17.06.2026 |
|
| CVE-2026-12460 |
|
17.06.2026 |
|
| CVE-2026-12461 |
|
17.06.2026 |
|
| CVE-2026-12462 |
|
17.06.2026 |
|
| CVE-2026-12463 |
|
17.06.2026 |
|
| CVE-2026-12464 |
|
17.06.2026 |
|
| CVE-2026-12465 |
|
17.06.2026 |
|
| CVE-2026-12466 |
|
17.06.2026 |
|
| CVE-2026-12467 |
|
17.06.2026 |
|
| CVE-2026-12468 |
|
17.06.2026 |
|
| CVE-2026-12469 |
|
17.06.2026 |
|
| CVE-2026-50203 |
Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory allows local file write outside the destination directory via malicious server-supplied directory-entry names |
17.06.2026 |
|
| CVE-2026-55706 |
|
17.06.2026 |
5.8 |
| CVE-2026-44587 |
CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters |
16.06.2026 |
4.7 |
| CVE-2026-48797 |
Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication |
16.06.2026 |
|
| CVE-2026-48616 |
|
16.06.2026 |
|
| CVE-2026-48782 |
pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses (incomplete fix of CVE-2026-46678) |
17.06.2026 |
6.8 |
| CVE-2026-48788 |
Remark42: Cross-Site Scripting (XSS) on /api/v1/img via content-type spoofing |
17.06.2026 |
|
| CVE-2026-48929 |
|
16.06.2026 |
|
| CVE-2026-48745 |
Traccar Client: silent configuration hijack via unverified deep link redirects all GPS telemetry |
17.06.2026 |
9.3 |
| CVE-2026-8317 |
|
16.06.2026 |
|
| CVE-2025-58924 |
WordPress Geya theme <= 1.15 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-60085 |
WordPress Learnify theme <= 1.15.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69103 |
WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability |
17.06.2026 |
7.5 |
| CVE-2025-69104 |
WordPress Qreatix theme <= 1.9.4 - Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2025-69105 |
WordPress Modernee theme <= 1.6.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69107 |
WordPress Rosaleen theme <= 2.8 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69108 |
WordPress Hot Coffee theme <= 1.7 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2025-69109 |
WordPress Raider Spirit theme <= 1.1.2 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69112 |
WordPress Planty theme <= 1.14.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69113 |
WordPress Nexio theme <= 1.10.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69114 |
WordPress MaxiNet theme <= 1.2.10 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69116 |
WordPress Iona theme <= 1.0.8 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69118 |
WordPress CopyPress theme <= 1.4.5 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69119 |
WordPress Corbesier theme <= 1.15.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69121 |
WordPress Deliciosa theme <= 1.10.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69122 |
WordPress SeaFood Company theme <= 1.4 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2025-69124 |
WordPress Especio theme <= 1.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69125 |
WordPress Food Drop theme <= 1.3 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69131 |
WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Download vulnerability |
17.06.2026 |
7.5 |
| CVE-2025-69136 |
WordPress Wanium theme <= 1.9.8 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69137 |
WordPress Genemy theme <= 1.6.6 - Broken Access Control vulnerability |
17.06.2026 |
6.5 |
| CVE-2025-69139 |
WordPress Car Zone theme <= 3.7 - Arbitrary File Deletion vulnerability |
17.06.2026 |
8.6 |
| CVE-2025-69141 |
WordPress Kelly Young theme <= 1.1.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69142 |
WordPress Abelle theme <= 1.22 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69143 |
WordPress Mission theme <= 1.22 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69146 |
WordPress Dom theme <= 1.24 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69147 |
WordPress Putter theme <= 1.17 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69149 |
WordPress Top Dog theme <= 1.0.5 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69150 |
WordPress Medeus theme <= 1.14 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69151 |
WordPress Grand Car Rental theme <= 3.7 - Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2025-69159 |
WordPress Printo theme <= 1.11 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69160 |
WordPress Gita theme <= 1.11 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69162 |
WordPress Grecko theme <= 5.17 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69163 |
WordPress WineShop theme <= 3.17 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69165 |
WordPress Choreo theme <= 1.6 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69167 |
WordPress Eros theme <= 1.3 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69168 |
WordPress Spike theme <= 1.2 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69176 |
WordPress ITactics theme <= 1.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69177 |
WordPress Roneous theme <= 2.1.5 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2025-69178 |
WordPress Truemag theme <= 4.3.14.2 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-11409 |
OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N |
17.06.2026 |
|
| CVE-2026-11410 |
OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N |
17.06.2026 |
|
| CVE-2026-12256 |
WordPress Avada theme <= 3.15.3 - PHP Object Injection vulnerability |
17.06.2026 |
8.8 |
| CVE-2026-25470 |
WordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote Code Execution (RCE) vulnerability |
17.06.2026 |
10 |
| CVE-2026-27395 |
WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability |
17.06.2026 |
9.8 |
| CVE-2026-27429 |
WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2026-2604 |
Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent uri handling |
17.06.2026 |
|
| CVE-2026-34893 |
WordPress Thegov Core plugin < 2.0.23 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-34894 |
WordPress Integrio Core plugin < 1.2.8 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-34895 |
WordPress Softlab Core plugin < 1.2.11 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39433 |
WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability |
17.06.2026 |
6.5 |
| CVE-2026-39438 |
WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-39443 |
WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39446 |
WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39522 |
WordPress Solene theme <= 3.4 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39529 |
WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2026-39539 |
WordPress Alloggio - Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39547 |
WordPress Getaway theme < 1.8 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39548 |
WordPress MagOne theme <= 9.0 - Reflected Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2026-39549 |
WordPress Aperitif theme <= 1.5 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39554 |
WordPress Fidalgo theme <= 1.2.2 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39557 |
WordPress NeoBeat theme <= 1.7 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39567 |
WordPress Santé theme <= 1.5.1 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39568 |
WordPress Mr. SEO theme <= 2.0 - Local File Inclusion vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39577 |
WordPress Playroom theme <= 1.4.1 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39578 |
WordPress Valiance theme <= 1.2 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39580 |
WordPress Micdrop theme <= 1.3.1 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-39598 |
WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability |
17.06.2026 |
8 |
| CVE-2026-40736 |
WordPress Laurits theme <= 1.5.1 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-40739 |
WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-40751 |
WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-40754 |
WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-40755 |
WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-40758 |
WordPress Léonie theme <= 1.2.1 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-40759 |
WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-40760 |
WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-40761 |
WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability |
17.06.2026 |
8.1 |
| CVE-2026-47277 |
Runtipi: Unauthenticated arbitrary file read through app-store logo symlinks |
17.06.2026 |
6.5 |
| CVE-2026-48055 |
Streambert: Arbitrary File Write (Zip Slip) via Subtitle Extraction |
17.06.2026 |
10 |
| CVE-2026-48779 |
ws: Memory exhaustion DoS from tiny fragments and data chunks |
16.06.2026 |
7.5 |
| CVE-2026-48781 |
Postiz has cross-tenant SUPERADMIN takeover via Skool-provider JWT forgery |
16.06.2026 |
9.9 |
| CVE-2026-48783 |
Postiz has an unauthenticated billing-enforcement bypass via /public/modify-subscription |
17.06.2026 |
4.8 |
| CVE-2026-48869 |
WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
17.06.2026 |
7.1 |
| CVE-2026-49057 |
WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability |
17.06.2026 |
7.5 |
| CVE-2026-49073 |
WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability |
17.06.2026 |
8.5 |
| CVE-2026-49080 |
WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability |
17.06.2026 |
9.3 |
| CVE-2026-49113 |
WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability |
17.06.2026 |
8.5 |
| CVE-2026-54194 |
WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability |
17.06.2026 |
9.8 |
| CVE-2026-12348 |
Address Bar Spoofing in Arc Search for Android (window.open race condition) |
16.06.2026 |
7.4 |
| CVE-2026-35258 |
|
17.06.2026 |
8.7 |
| CVE-2026-35259 |
|
17.06.2026 |
8.8 |
| CVE-2026-35261 |
|
17.06.2026 |
6.5 |
| CVE-2026-35262 |
|
17.06.2026 |
8.3 |
| CVE-2026-35263 |
|
17.06.2026 |
9.9 |
| CVE-2026-35265 |
|
17.06.2026 |
8.8 |
| CVE-2026-35267 |
|
17.06.2026 |
8.8 |
| CVE-2026-35268 |
|
17.06.2026 |
9.9 |
| CVE-2026-35269 |
|
17.06.2026 |
7.5 |
| CVE-2026-35270 |
|
17.06.2026 |
9.1 |
| CVE-2026-35271 |
|
17.06.2026 |
8.7 |
| CVE-2026-35272 |
|
17.06.2026 |
8.4 |
| CVE-2026-35274 |
|
17.06.2026 |
8.2 |
| CVE-2026-35275 |
|
17.06.2026 |
7.5 |
| CVE-2026-35276 |
|
17.06.2026 |
8.1 |
| CVE-2026-35278 |
|
17.06.2026 |
9.8 |
| CVE-2026-35279 |
|
17.06.2026 |
8.1 |
| CVE-2026-35280 |
|
17.06.2026 |
9.9 |
| CVE-2026-35281 |
|
17.06.2026 |
9.9 |
| CVE-2026-35282 |
|
17.06.2026 |
9.9 |
| CVE-2026-35283 |
|
17.06.2026 |
9.9 |
| CVE-2026-35284 |
|
17.06.2026 |
9.9 |
| CVE-2026-35285 |
|
17.06.2026 |
9.9 |
| CVE-2026-35286 |
|
17.06.2026 |
9.8 |
| CVE-2026-35288 |
|
17.06.2026 |
8.2 |
| CVE-2026-35289 |
|
17.06.2026 |
8.1 |
| CVE-2026-35291 |
|
17.06.2026 |
6.6 |
| CVE-2026-35292 |
|
17.06.2026 |
10 |
| CVE-2026-35293 |
|
17.06.2026 |
9.8 |
| CVE-2026-35294 |
|
17.06.2026 |
9.9 |
| CVE-2026-35295 |
|
17.06.2026 |
7.5 |
| CVE-2026-35296 |
|
17.06.2026 |
9.8 |
| CVE-2026-35298 |
|
17.06.2026 |
9.1 |
| CVE-2026-35299 |
|
17.06.2026 |
8.8 |
| CVE-2026-35300 |
|
17.06.2026 |
9.8 |
| CVE-2026-35301 |
|
17.06.2026 |
10 |
| CVE-2026-35302 |
|
17.06.2026 |
8.3 |
| CVE-2026-35303 |
|
17.06.2026 |
8.8 |
| CVE-2026-35304 |
|
17.06.2026 |
9.8 |
| CVE-2026-35305 |
|
17.06.2026 |
9.3 |
| CVE-2026-35306 |
|
16.06.2026 |
9.3 |
| CVE-2026-35307 |
|
16.06.2026 |
10 |
| CVE-2026-35308 |
|
16.06.2026 |
10 |
| CVE-2026-35309 |
|
16.06.2026 |
9.8 |
| CVE-2026-35310 |
|
16.06.2026 |
9.8 |
| CVE-2026-35311 |
|
16.06.2026 |
8.8 |
| CVE-2026-35312 |
|
16.06.2026 |
9.8 |
| CVE-2026-35313 |
|
16.06.2026 |
9.9 |
| CVE-2026-35314 |
|
16.06.2026 |
7.3 |
| CVE-2026-35315 |
|
16.06.2026 |
8.8 |
| CVE-2026-35316 |
|
16.06.2026 |
9.9 |
| CVE-2026-35317 |
|
16.06.2026 |
8.8 |
| CVE-2026-35318 |
|
16.06.2026 |
8.8 |
| CVE-2026-35319 |
|
16.06.2026 |
9.8 |
| CVE-2026-35320 |
|
16.06.2026 |
9 |
| CVE-2026-35321 |
|
16.06.2026 |
9.9 |
| CVE-2026-35322 |
|
16.06.2026 |
8.8 |
| CVE-2026-35323 |
|
16.06.2026 |
9.9 |
| CVE-2026-35324 |
|
16.06.2026 |
8.8 |
| CVE-2026-35325 |
|
16.06.2026 |
8.8 |
| CVE-2026-35326 |
|
16.06.2026 |
7.2 |
| CVE-2026-35327 |
|
16.06.2026 |
7.6 |
| CVE-2026-46765 |
|
16.06.2026 |
9.9 |
| CVE-2026-46766 |
|
16.06.2026 |
9.8 |
| CVE-2026-46767 |
|
16.06.2026 |
9.9 |
| CVE-2026-46768 |
|
16.06.2026 |
6 |
| CVE-2026-46769 |
|
16.06.2026 |
7.2 |
| CVE-2026-46770 |
|
16.06.2026 |
6.1 |
| CVE-2026-46771 |
|
16.06.2026 |
4.1 |
| CVE-2026-46772 |
|
16.06.2026 |
4.7 |
| CVE-2026-46773 |
|
16.06.2026 |
9.8 |
| CVE-2026-46774 |
|
16.06.2026 |
9.8 |
| CVE-2026-46776 |
|
16.06.2026 |
8.6 |
| CVE-2026-46777 |
|
16.06.2026 |
9.1 |
| CVE-2026-46778 |
|
16.06.2026 |
10 |
| CVE-2026-46779 |
|
16.06.2026 |
9.9 |
| CVE-2026-46780 |
|
16.06.2026 |
8.8 |
| CVE-2026-46781 |
|
16.06.2026 |
10 |
| CVE-2026-46782 |
|
16.06.2026 |
9.9 |
| CVE-2026-46783 |
|
16.06.2026 |
9.8 |
| CVE-2026-46784 |
|
17.06.2026 |
9.1 |
| CVE-2026-46785 |
|
17.06.2026 |
9.3 |
| CVE-2026-46786 |
|
17.06.2026 |
9.6 |
| CVE-2026-46787 |
|
17.06.2026 |
8 |
| CVE-2026-46788 |
|
17.06.2026 |
8.4 |
| CVE-2026-46789 |
|
17.06.2026 |
9.6 |
| CVE-2026-46790 |
|
17.06.2026 |
5.3 |
| CVE-2026-46791 |
|
17.06.2026 |
7.5 |
| CVE-2026-46792 |
|
17.06.2026 |
9.9 |
| CVE-2026-46793 |
|
17.06.2026 |
9.9 |
| CVE-2026-46794 |
|
17.06.2026 |
9.9 |
| CVE-2026-46795 |
|
17.06.2026 |
9.3 |
| CVE-2026-46796 |
|
16.06.2026 |
8 |
| CVE-2026-46797 |
|
16.06.2026 |
9.8 |
| CVE-2026-46798 |
|
16.06.2026 |
10 |
| CVE-2026-46799 |
|
16.06.2026 |
9.8 |
| CVE-2026-46800 |
|
16.06.2026 |
10 |
| CVE-2026-46801 |
|
16.06.2026 |
9.8 |
| CVE-2026-46802 |
|
16.06.2026 |
9.9 |
| CVE-2026-46803 |
|
16.06.2026 |
10 |
| CVE-2026-46804 |
|
16.06.2026 |
8.7 |
| CVE-2026-46805 |
|
16.06.2026 |
9.3 |
| CVE-2026-46806 |
|
16.06.2026 |
8.2 |
| CVE-2026-46807 |
|
16.06.2026 |
9.8 |
| CVE-2026-46808 |
|
16.06.2026 |
8.7 |
| CVE-2026-46809 |
|
16.06.2026 |
9.1 |
| CVE-2026-46810 |
|
16.06.2026 |
6.5 |
| CVE-2026-46812 |
|
16.06.2026 |
6.1 |
| CVE-2026-46813 |
|
16.06.2026 |
9.8 |
| CVE-2026-46814 |
|
16.06.2026 |
9.9 |
| CVE-2026-46815 |
|
16.06.2026 |
3.2 |
| CVE-2026-46816 |
|
16.06.2026 |
3.2 |
| CVE-2026-46825 |
|
16.06.2026 |
6 |
| CVE-2026-46832 |
|
16.06.2026 |
9.9 |
| CVE-2026-46838 |
|
16.06.2026 |
9.9 |
| CVE-2026-46844 |
|
16.06.2026 |
9.9 |
| CVE-2026-46845 |
|
16.06.2026 |
9.8 |
| CVE-2026-46846 |
|
16.06.2026 |
10 |
| CVE-2026-46847 |
|
17.06.2026 |
9.9 |
| CVE-2026-46848 |
|
17.06.2026 |
7.9 |
| CVE-2026-46849 |
|
17.06.2026 |
8.1 |
| CVE-2026-46850 |
|
17.06.2026 |
9.9 |
| CVE-2026-46851 |
|
17.06.2026 |
8.1 |
| CVE-2026-46852 |
|
17.06.2026 |
9.9 |
| CVE-2026-46853 |
|
17.06.2026 |
9.6 |
| CVE-2026-46854 |
|
17.06.2026 |
9.9 |
| CVE-2026-46855 |
|
17.06.2026 |
9.9 |
| CVE-2026-46856 |
|
17.06.2026 |
9.6 |
| CVE-2026-46857 |
|
17.06.2026 |
9.8 |
| CVE-2026-46858 |
|
17.06.2026 |
9.1 |
| CVE-2026-46859 |
|
17.06.2026 |
9.8 |
| CVE-2026-46860 |
|
17.06.2026 |
9.8 |
| CVE-2026-46861 |
|
17.06.2026 |
9.6 |
| CVE-2026-46862 |
|
17.06.2026 |
7.5 |
| CVE-2026-46863 |
|
17.06.2026 |
7.5 |
| CVE-2026-46864 |
|
17.06.2026 |
8.8 |
| CVE-2026-46865 |
|
17.06.2026 |
8.2 |
| CVE-2026-46866 |
|
17.06.2026 |
8.2 |
| CVE-2026-46867 |
|
17.06.2026 |
7.2 |
| CVE-2026-46868 |
|
17.06.2026 |
7.2 |
| CVE-2026-46869 |
|
16.06.2026 |
6.5 |
| CVE-2026-46870 |
|
16.06.2026 |
8.5 |
| CVE-2026-46871 |
|
16.06.2026 |
6.5 |
| CVE-2026-46872 |
|
16.06.2026 |
9 |
| CVE-2026-46873 |
|
16.06.2026 |
7.5 |
| CVE-2026-46874 |
|
16.06.2026 |
3.2 |
| CVE-2026-46875 |
|
16.06.2026 |
9.1 |
| CVE-2026-46877 |
|
16.06.2026 |
6 |
| CVE-2026-46878 |
|
16.06.2026 |
9.8 |
| CVE-2026-46879 |
|
16.06.2026 |
9.8 |
| CVE-2026-46880 |
|
16.06.2026 |
9.8 |
| CVE-2026-46881 |
|
16.06.2026 |
9.8 |
| CVE-2026-46882 |
|
16.06.2026 |
9.8 |
| CVE-2026-46883 |
|
16.06.2026 |
9.8 |
| CVE-2026-46884 |
|
16.06.2026 |
9.8 |
| CVE-2026-46885 |
|
16.06.2026 |
8.8 |
| CVE-2026-46886 |
|
16.06.2026 |
8.8 |
| CVE-2026-46887 |
|
16.06.2026 |
9.8 |
| CVE-2026-46888 |
|
16.06.2026 |
7.8 |
| CVE-2026-46889 |
|
16.06.2026 |
9.8 |
| CVE-2026-46890 |
|
17.06.2026 |
9.8 |
| CVE-2026-46891 |
|
17.06.2026 |
8.1 |
| CVE-2026-46892 |
|
17.06.2026 |
9.1 |
| CVE-2026-46893 |
|
17.06.2026 |
9.9 |
| CVE-2026-46894 |
|
17.06.2026 |
8 |
| CVE-2026-46895 |
|
17.06.2026 |
9.9 |
| CVE-2026-46896 |
|
17.06.2026 |
9.1 |
| CVE-2026-46897 |
|
17.06.2026 |
9.9 |
| CVE-2026-46898 |
|
17.06.2026 |
8.1 |
| CVE-2026-46899 |
|
17.06.2026 |
9.6 |
| CVE-2026-46900 |
|
17.06.2026 |
9.9 |
| CVE-2026-46901 |
|
17.06.2026 |
9.9 |
| CVE-2026-46902 |
|
17.06.2026 |
9.8 |
| CVE-2026-46903 |
|
17.06.2026 |
8.8 |
| CVE-2026-46904 |
|
17.06.2026 |
9.8 |
| CVE-2026-46905 |
|
17.06.2026 |
9.8 |
| CVE-2026-46906 |
|
17.06.2026 |
9.6 |
| CVE-2026-46907 |
|
17.06.2026 |
9.9 |
| CVE-2026-46908 |
|
17.06.2026 |
9.9 |
| CVE-2026-46909 |
|
17.06.2026 |
9.8 |
| CVE-2026-46910 |
|
17.06.2026 |
9.1 |
| CVE-2026-46911 |
|
17.06.2026 |
9.6 |
| CVE-2026-46912 |
|
17.06.2026 |
9.3 |
| CVE-2026-46913 |
|
17.06.2026 |
9.3 |
| CVE-2026-46914 |
|
17.06.2026 |
7.1 |
| CVE-2026-46915 |
|
17.06.2026 |
8.5 |
| CVE-2026-46916 |
|
17.06.2026 |
8.8 |
| CVE-2026-46918 |
|
17.06.2026 |
9.9 |
| CVE-2026-46919 |
|
17.06.2026 |
9.8 |
| CVE-2026-46920 |
|
17.06.2026 |
8.1 |
| CVE-2026-46921 |
|
17.06.2026 |
8.8 |
| CVE-2026-46922 |
|
17.06.2026 |
7.2 |
| CVE-2026-46925 |
|
17.06.2026 |
8.3 |
| CVE-2026-46926 |
|
17.06.2026 |
8.8 |
| CVE-2026-46927 |
|
17.06.2026 |
8.1 |
| CVE-2026-46928 |
|
17.06.2026 |
8.8 |
| CVE-2026-46929 |
|
17.06.2026 |
8.8 |
| CVE-2026-46930 |
|
17.06.2026 |
9.1 |
| CVE-2026-46931 |
|
17.06.2026 |
8.8 |
| CVE-2026-46932 |
|
17.06.2026 |
7.1 |
| CVE-2026-46933 |
|
16.06.2026 |
9.9 |
| CVE-2026-46934 |
|
16.06.2026 |
7.5 |
| CVE-2026-46935 |
|
16.06.2026 |
7.5 |
| CVE-2026-46937 |
|
16.06.2026 |
8.8 |
| CVE-2026-46938 |
|
16.06.2026 |
7.2 |
| CVE-2026-46939 |
|
16.06.2026 |
8.1 |
| CVE-2026-46940 |
|
16.06.2026 |
8.8 |
| CVE-2026-46942 |
|
16.06.2026 |
8.8 |
| CVE-2026-46944 |
|
16.06.2026 |
9.1 |
| CVE-2026-46945 |
|
16.06.2026 |
9.1 |
| CVE-2026-46946 |
|
16.06.2026 |
9.1 |
| CVE-2026-46947 |
|
16.06.2026 |
8.8 |
| CVE-2026-46949 |
|
16.06.2026 |
9.1 |
| CVE-2026-46950 |
|
16.06.2026 |
8.8 |
| CVE-2026-46951 |
|
16.06.2026 |
8.8 |
| CVE-2026-46952 |
|
16.06.2026 |
8.8 |
| CVE-2026-46953 |
|
16.06.2026 |
7.2 |
| CVE-2026-46955 |
|
16.06.2026 |
7.5 |
| CVE-2026-46956 |
|
16.06.2026 |
7.2 |
| CVE-2026-46957 |
|
16.06.2026 |
7.5 |
| CVE-2026-46958 |
|
16.06.2026 |
7.5 |
| CVE-2026-46959 |
|
16.06.2026 |
7.5 |
| CVE-2026-46960 |
|
16.06.2026 |
7.2 |
| CVE-2026-46961 |
|
16.06.2026 |
8.8 |
| CVE-2026-46962 |
|
16.06.2026 |
8.8 |
| CVE-2026-46963 |
|
16.06.2026 |
9.9 |
| CVE-2026-46964 |
|
16.06.2026 |
9.9 |
| CVE-2026-46965 |
|
16.06.2026 |
8.8 |
| CVE-2026-46966 |
|
16.06.2026 |
7.5 |
| CVE-2026-46967 |
|
16.06.2026 |
8.8 |
| CVE-2026-46969 |
|
16.06.2026 |
7.2 |
| CVE-2026-46970 |
|
16.06.2026 |
7.2 |
| CVE-2026-46971 |
|
16.06.2026 |
7.5 |
| CVE-2026-46972 |
|
16.06.2026 |
8.8 |
| CVE-2026-46973 |
|
16.06.2026 |
8.8 |
| CVE-2026-46974 |
|
16.06.2026 |
7.5 |
| CVE-2026-46976 |
|
16.06.2026 |
7.2 |
| CVE-2026-46977 |
|
16.06.2026 |
3.2 |
| CVE-2026-46978 |
|
16.06.2026 |
10 |
| CVE-2026-46979 |
|
16.06.2026 |
6.5 |
| CVE-2026-48294 |
|
16.06.2026 |
7.4 |
| CVE-2026-48776 |
LangGraph SDK has unsafe URL path construction |
17.06.2026 |
4.2 |
| CVE-2026-0125 |
|
17.06.2026 |
|
| CVE-2026-0126 |
|
17.06.2026 |
|
| CVE-2026-0127 |
|
16.06.2026 |
|
| CVE-2026-0128 |
|
16.06.2026 |
|
| CVE-2026-0129 |
|
16.06.2026 |
|
| CVE-2026-0130 |
|
16.06.2026 |
|
| CVE-2026-0131 |
|
17.06.2026 |
|
| CVE-2026-0132 |
|
17.06.2026 |
|
| CVE-2026-0133 |
|
17.06.2026 |
|
| CVE-2026-0134 |
|
16.06.2026 |
|
| CVE-2026-0135 |
|
17.06.2026 |
|
| CVE-2026-0136 |
|
16.06.2026 |
|
| CVE-2026-0137 |
|
17.06.2026 |
|
| CVE-2026-0138 |
|
17.06.2026 |
|
| CVE-2026-0139 |
|
17.06.2026 |
|
| CVE-2026-0140 |
|
16.06.2026 |
|
| CVE-2026-0141 |
|
16.06.2026 |
|
| CVE-2026-0142 |
|
16.06.2026 |
|
| CVE-2026-0143 |
|
17.06.2026 |
|
| CVE-2026-0144 |
|
16.06.2026 |
|
| CVE-2026-0145 |
|
16.06.2026 |
|
| CVE-2026-0146 |
|
17.06.2026 |
|
| CVE-2026-0147 |
|
17.06.2026 |
|
| CVE-2026-0148 |
|
17.06.2026 |
|
| CVE-2026-0149 |
|
17.06.2026 |
|
| CVE-2026-0150 |
|
17.06.2026 |
|
| CVE-2026-0151 |
|
17.06.2026 |
|
| CVE-2026-0152 |
|
17.06.2026 |
|
| CVE-2026-0153 |
|
17.06.2026 |
|
| CVE-2026-0154 |
|
17.06.2026 |
|
| CVE-2026-0155 |
|
16.06.2026 |
|
| CVE-2026-0156 |
|
16.06.2026 |
|
| CVE-2026-0157 |
|
16.06.2026 |
|
| CVE-2026-0158 |
|
16.06.2026 |
|
| CVE-2026-0160 |
|
17.06.2026 |
|
| CVE-2026-0161 |
|
17.06.2026 |
|
| CVE-2026-0162 |
|
17.06.2026 |
|
| CVE-2026-0164 |
|
17.06.2026 |
|
| CVE-2026-0165 |
|
16.06.2026 |
|
| CVE-2026-10303 |
ServerCo getssl ACME shell script path injection |
16.06.2026 |
7.4 |
| CVE-2026-11890 |
|
16.06.2026 |
|
| CVE-2026-12105 |
|
16.06.2026 |
|
| CVE-2026-12117 |
|
16.06.2026 |
|
| CVE-2026-12425 |
Reflected / DOM cross-site scripting (XSS) in PowerSchool ERP / Employee Access Center 23.10 |
16.06.2026 |
|
| CVE-2026-22312 |
Use of Hard-coded Credentials Vulnerability in Radiflow iSAP Smart Collector |
17.06.2026 |
8.6 |
| CVE-2026-22313 |
OS Commands Executed with Administrative Permissions in Radiflow iSAP Smart Collector |
16.06.2026 |
9.1 |
| CVE-2026-46448 |
|
17.06.2026 |
5.4 |
| CVE-2026-47747 |
stable-diffusion.cpp has a Heap-based Buffer Overflow |
16.06.2026 |
7.8 |
| CVE-2026-47750 |
stable-diffusion.cpp: Heap buffer overflow in GLOBAL opcode parsing for PyTorch checkpoint files |
17.06.2026 |
7.8 |
| CVE-2026-48777 |
FileBrowser Quantum: Path Traversal in public share PATCH allows file ops outside shared directory |
17.06.2026 |
|
| CVE-2024-39575 |
|
16.06.2026 |
7.4 |
| CVE-2026-10748 |
Nexus Repository 3 - Remote Code Execution via License Deserialization |
17.06.2026 |
|
| CVE-2026-47749 |
stable-diffusion.cpp: Heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files |
16.06.2026 |
7.8 |
| CVE-2026-48775 |
LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading |
16.06.2026 |
6.8 |
| CVE-2026-4367 |
Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing |
16.06.2026 |
|
| CVE-2026-50656 |
Microsoft Defender Elevation of Privilege Vulnerability |
17.06.2026 |
7.8 |
| CVE-2026-53840 |
OpenClaw < 2026.5.12 - Custom Header Leakage via MCP Streamable HTTP Cross-Origin Redirects |
16.06.2026 |
|
| CVE-2026-53841 |
OpenClaw < 2026.5.12 - Cross-Site Scripting via Unsafe Markdown Links in Exported Session HTML |
17.06.2026 |
|
| CVE-2026-53842 |
OpenClaw < 2026.5.2 - Arbitrary Python Runtime Execution via CLOUDSDK_PYTHON Environment Variable |
16.06.2026 |
|
| CVE-2026-53843 |
OpenClaw < 2026.5.26 - Node Token Revocation Bypass via Pairing-Scoped Device Session |
17.06.2026 |
|
| CVE-2026-53844 |
OpenClaw < 2026.4.29 - Session Visibility Check Bypass in Shared Memory Search |
16.06.2026 |
|
| CVE-2026-53845 |
OpenClaw < 2026.5.6 - Skill-Command Dispatch Hook Bypass via Before-Tool-Call Hook Skipping |
16.06.2026 |
|
| CVE-2026-53846 |
OpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpath |
16.06.2026 |
|
| CVE-2026-53847 |
OpenClaw < 2026.5.6 - Privilege Escalation via Active Memory Write Scope |
16.06.2026 |
|
| CVE-2026-53848 |
OpenClaw < 2026.5.26 - Exec Allowlist Bypass via Transparent Command Wrappers |
16.06.2026 |
|
| CVE-2026-53849 |
OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Discord Display Names in allowFrom |
17.06.2026 |
|
| CVE-2026-53850 |
OpenClaw < 2026.4.25 - Control Scope Enforcement Bypass in Focus Command |
16.06.2026 |
|
| CVE-2026-53851 |
OpenClaw < 2026.5.12 - Slack Reaction Event Notification Bypass |
16.06.2026 |
|
| CVE-2026-53852 |
OpenClaw < 2026.4.25 - Scope Bypass via Empty-Scope Device Re-pairing |
16.06.2026 |
|
| CVE-2026-53853 |
OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS |
16.06.2026 |
|
| CVE-2026-53854 |
OpenClaw < 2026.4.25 - Privilege Escalation via ownerAllowFrom Wildcard Inheritance in Internal/Webchat Commands |
16.06.2026 |
|
| CVE-2026-53855 |
OpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval Checks |
17.06.2026 |
|
| CVE-2026-53856 |
OpenClaw 2026.4.23 < 2026.4.24 - Insecure File Permissions in Config Recovery via OpenClaw.json |
16.06.2026 |
|
| CVE-2026-53857 |
OpenClaw < 2026.5.3 - Mutable Display Name Binding in Zalo allowFrom Policy |
16.06.2026 |
|
| CVE-2026-53858 |
OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable |
16.06.2026 |
|
| CVE-2026-53859 |
OpenClaw < 2026.5.26 - Hostname Validation Bypass via Trailing-Dot Inconsistency |
16.06.2026 |
|
| CVE-2026-53860 |
OpenClaw < 2026.5.7 - Sender Policy Bypass via Mutable Conversation Identifiers in BlueBubbles |
16.06.2026 |
|
| CVE-2026-53861 |
OpenClaw < 2026.5.6 - Allowlist Bypass via Combined POSIX Inline Flags on macOS |
17.06.2026 |
|
| CVE-2026-53862 |
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening |
16.06.2026 |
|
| CVE-2026-53863 |
OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in Tool Group Policy |
16.06.2026 |
|
| CVE-2026-53864 |
OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control Variables |
16.06.2026 |
|
| CVE-2026-53865 |
OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH |
16.06.2026 |
|
| CVE-2026-53866 |
OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing |
16.06.2026 |
|