CVE Field Guide

Critical CVEs

CVE	Title	Updated	Score
CVE-2026-10520		09.06.2026	10
CVE-2026-10523		09.06.2026	9.9
CVE-2026-25089		09.06.2026	9.1
CVE-2026-8025	SQLi in MOSK Informatics' CBS Platform	09.06.2026	9.8
CVE-2026-7486	SQLi in Netcad's E-İmar	09.06.2026	9.8
CVE-2017-20251	WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API	09.06.2026	9.3
CVE-2026-10731	SQL injection in Nemon products	09.06.2026	9.3
CVE-2026-41031	A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor	09.06.2026	9.3
CVE-2026-5067	Out-of-bounds read/write in HTTP WebSocket upgrade via non-null-terminated Sec-WebSocket-Key	09.06.2026	9.8
CVE-2026-27671	Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform	09.06.2026	9.8
CVE-2026-40128	Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)	09.06.2026	9
CVE-2026-44748	XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform	09.06.2026	9.9
CVE-2026-52778	YesWiki has Unsafe eval() in Formula Calculator - Remote Code Execution (RCE) & Denial of Service (DoS)	08.06.2026	9.8
CVE-2026-25555	OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header	08.06.2026	9.3
CVE-2026-39910	STACKIT IaaS API Privilege Escalation via Service Account Attachment	08.06.2026	9.3
CVE-2026-41448	AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie	08.06.2026	9.2
CVE-2026-46442	Flowise: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape	09.06.2026	9.4
CVE-2026-47430	Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews	08.06.2026	9.5
CVE-2026-11499	Tenda HG7HG9/HG10 formDOMAINBLK stack-based overflow	08.06.2026	9.3
CVE-2023-54352	WordPress Seotheme Remote Code Execution Unauthenticated	08.06.2026	9.3
CVE-2024-58348	WordPress Background Image Cropper 1.2 Remote Code Execution	08.06.2026	9.3
CVE-2024-58349	WordPress Theme Travelscape 1.0.3 Arbitrary File Upload	08.06.2026	9.3
CVE-2026-11429	Path Traversal in Altium Git Service Allows Remote Code Execution	08.06.2026	9.4
CVE-2026-11423	Path Traversal in Altium Enterprise Server Collaboration Service Allows Privilege Escalation	08.06.2026	9.4
CVE-2026-11419	Path Traversal in Altium Enterprise Server Vault UploadController Allows Arbitrary File Write	05.06.2026	9.4
CVE-2026-11420	Path Traversal in Altium Enterprise Server NIS Allows Unauthenticated Arbitrary File Write and File Read	05.06.2026	10
CVE-2026-45758	Malicious code in guardrails-ai 0.10.1 (supply chain compromise)	08.06.2026	9.6
CVE-2026-45777	Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection	05.06.2026	9.3
CVE-2026-45779	Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise	08.06.2026	9.3
CVE-2026-11414	Unauthenticated File Exfiltration in Altium Enterprise Server Vault Service via Hard-coded Cryptographic Key and Path Traversal	09.06.2026	10
CVE-2026-10580	Hippoo Mobile App for WooCommerce <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover via REST API	06.06.2026	9.8
CVE-2026-46389	UDS Identity Config has a client authentication bypass in `ClientIdAndKubernetesSecretAuthenticator`	05.06.2026	10
CVE-2026-46395	HAX CMS Vulnerable to Private Key Disclosure via Broken HMAC Implementation	05.06.2026	9.3
CVE-2026-46396	HAX CMS has a stored XSS via <iframe> that allows access to sensitive client-side data and account takeover	09.06.2026	9.3
CVE-2026-46399	Authenticated Remote Code Execution via File Overwrite	08.06.2026	9.4
CVE-2026-46496	HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft	05.06.2026	9.3
CVE-2025-71317	NetMan 204 Hard-coded Backdoor Credentials	05.06.2026	9.3
CVE-2025-71318	NetMan 204 Missing Authentication for Administrative Functions	08.06.2026	9.3
CVE-2026-45744	Termix has an OS Command Injection in File Manager resolvePath endpoint	08.06.2026	9.9
CVE-2026-45746	Termix Vulnerable to Arbitrary Command Execution via Session Hijacking	09.06.2026	9
CVE-2026-45748	Termix Vulnerable to Remote Code Execution via SSH Tunnel Forward Command Injection	08.06.2026	9.8
CVE-2026-45750	Termix Vulnerable to Arbitrary Command Execution in File Manager	08.06.2026	9
CVE-2026-49777	WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability	08.06.2026	10
CVE-2026-6274	Authentication Bypass in DTS Electronics' Redline WR3200	08.06.2026	9.8
CVE-2026-48907	Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5	05.06.2026	10
CVE-2026-48567	Azure HorizonDB Elevation of Privilege Vulnerability	06.06.2026	10
CVE-2026-48579	Microsoft Exchange Online Information Disclosure Vulnerability	05.06.2026	9.1
CVE-2025-71316	SQLite sqldiff remote code execution via argument injection	05.06.2026	9.2
CVE-2025-67447		04.06.2026	9.8
CVE-2026-10880	Unauthenticated SQL Injection in Osnexus Quantastor	04.06.2026	9.8
CVE-2026-25550	Seagull Software BarTender Unauthenticated RCE via .NET Remoting Service	04.06.2026	9.3
CVE-2025-67446		04.06.2026	9.8
CVE-2026-10868	MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification	04.06.2026	9
CVE-2026-43986	Tautulli vulnerable to unauthenticated SSRF in /image/<hash> via attacker-seeded image hash replay	04.06.2026	9.9
CVE-2019-25727	WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download	04.06.2026	9.3
CVE-2019-25729	PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie	04.06.2026	9.3
CVE-2019-25738	WordPress Hybrid Composer 1.4.6 Unauthenticated Settings Change	04.06.2026	9.3
CVE-2019-25741	Mobatek MobaXterm 12.1 Buffer Overflow via Sessions File	04.06.2026	9.3
CVE-2026-8037	OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF	05.06.2026	9.6
CVE-2026-4104	SQLi in Akmer Informatics' TeknoPass	04.06.2026	9.8
CVE-2026-50214	Shared Secret Quota Inflation	04.06.2026	9.3
CVE-2026-50208	Permissive TrustAllCerts TLS Verification	04.06.2026	9.2
CVE-2026-50209	MDM Server Registration Overriding	04.06.2026	9.3
CVE-2026-49190	Missing Per-Instruction Authorization Checks	04.06.2026	9.4
CVE-2026-49191	Exposed Hard-coded M3WebServer Backend API Key	04.06.2026	9.3
CVE-2026-49194	SCREEN_CLICK Authentication Bypass	04.06.2026	9.4
CVE-2026-41283		04.06.2026	9.9
CVE-2026-49185	Instruction Injection via FieldX MDM	04.06.2026	10
CVE-2026-46244	netfilter: nft_inner: Fix IPv6 inner_thoff desync	05.06.2026	9.1
CVE-2026-46266	inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP	05.06.2026	9.1
CVE-2026-35075	Hardcoded default Password for Service Account	09.06.2026	9.3
CVE-2026-47065	Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232	04.06.2026	9.8
CVE-2026-4035	Environment Variable Resolution Vulnerability in mlflow/mlflow	03.06.2026	9.1
CVE-2026-32625	LibreChat Exfiltrates Server Secrets via MCP Server URL Injection	03.06.2026	9.6
CVE-2026-42849	authentik: Reflected XSS in SFE AutosubmitStage allows IDP account takeover	03.06.2026	9.3
CVE-2026-49448	authentik: SourceStage bypass via empty POST	03.06.2026	9.8
CVE-2026-5076	ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation	02.06.2026	9.8

Latest Updates

CVE	Title	Updated	Score
CVE-2025-67862		09.06.2026	6
CVE-2026-10520		09.06.2026	10
CVE-2026-10523		09.06.2026	9.9
CVE-2026-10727		09.06.2026	7.2
CVE-2026-24064	Local Privilege Escalation via Dynamic Library Injection in Waves Central for macOS	09.06.2026
CVE-2026-24065	Local Privilege Escalation via Insecure XPC Client Validation in Waves Central for macOS	09.06.2026
CVE-2026-25089		09.06.2026	9.1
CVE-2026-49938		09.06.2026	6.2
CVE-2026-49948	Mem0 0.2.8 Missing Authorization via POST /configure Endpoint	09.06.2026
CVE-2026-8025	SQLi in MOSK Informatics' CBS Platform	09.06.2026	9.8
CVE-2026-8045		09.06.2026
CVE-2026-47899	Arbitrary File Read, Write, Rename, and Delete in Logseq	09.06.2026
CVE-2026-47900	Stored XSS via Unsanitized Plugin Metadata in Logseq	09.06.2026
CVE-2026-47901	Iframe escape by plugins in Logseq	09.06.2026
CVE-2026-49762	Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service	09.06.2026
CVE-2026-9279	Shell command injection in Logseq	09.06.2026
CVE-2026-11785	389-ds-base: 389-ds-base: partial stack address information leak via ber_printf type confusion in sso token handler	09.06.2026
CVE-2026-11786	389-ds-base: 389-ds-base: heap out-of-bounds read in ldif parser str2entry_state_information_from_type()	09.06.2026
CVE-2026-11787	389-ds-base: 389-ds-base: heap buffer over-read in ldap_utf8prev() via str2simple filter parsing	09.06.2026
CVE-2026-11788	389-ds-base: 389-ds-base: null pointer dereference in deref control plugin ber parser	09.06.2026
CVE-2026-11789	389-ds-base: 389-ds-base: smd5 password storage plugin salt length integer underflow crash	09.06.2026
CVE-2026-11790	389-ds-base: 389-ds-base: pbkdf2 password storage plugin unbounded iteration count denial of service	09.06.2026
CVE-2026-11792	389-ds-base: 389-ds-base: heap buffer overflow in audit log password masking (create_masked_entry_string)	09.06.2026
CVE-2026-11793	389-ds-base: 389-ds-base: stack buffer overflow in checkprefix() algorithm id parsing	09.06.2026
CVE-2026-46325	RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE	09.06.2026
CVE-2026-46326	iio: pressure: mprls0025pa: fix spi_transfer struct initialisation	09.06.2026
CVE-2026-46327	dm: fix unlocked test for dm_suspended_md	09.06.2026
CVE-2026-46328	apparmor: fix rlimit for posix cpu timers	09.06.2026
CVE-2026-46329	erofs: handle end of filesystem properly for file-backed mounts	09.06.2026
CVE-2026-46330	Revert "net/smc: Introduce TCP ULP support"	09.06.2026
CVE-2026-46332	greybus: gb-beagleplay: bound bootloader receive buffering	09.06.2026
CVE-2026-52904	drm/nouveau: fix nvkm_device leak on aperture removal failure	09.06.2026
CVE-2026-52905	mm/damon/core: disallow non-power of two min_region_sz on damon_start()	09.06.2026
CVE-2026-52906	9p: fix access mode flags being ORed instead of replaced	09.06.2026
CVE-2026-52907	media: rockchip: rkcif: fix off by one bugs	09.06.2026
CVE-2026-7486	SQLi in Netcad's E-İmar	09.06.2026	9.8
CVE-2016-20062	Simply Poll 1.4.1 Plugin for WordPress SQL Injection	09.06.2026
CVE-2016-20063	Single Personal Message 1.0.3 WordPress Plugin SQL Injection	09.06.2026
CVE-2016-20064	WP Vault 0.8.6.6 Local File Inclusion via wpv-image Parameter	09.06.2026
CVE-2016-20065	Product Catalog 8 1.2 Plugin WordPress SQL Injection	09.06.2026
CVE-2017-20243	WordPress Car Park Booking Plugin SQL Injection via space_id	09.06.2026
CVE-2017-20244	Wow Forms WordPress Plugin 2.1 SQL Injection	09.06.2026
CVE-2017-20245	Wow Viral Signups 2.1 WordPress Plugin SQL Injection	09.06.2026
CVE-2017-20246	KittyCatfish 2.2 Plugin for WordPress SQL Injection	09.06.2026
CVE-2017-20247	WordPress Plugin PICA Photo Gallery 1.0 SQL Injection	09.06.2026
CVE-2017-20248	WordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download	09.06.2026
CVE-2017-20249	WordPress Plugin Apptha Slider Gallery 1.0 SQL Injection	09.06.2026
CVE-2017-20250	WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download	09.06.2026
CVE-2017-20251	WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API	09.06.2026
CVE-2026-11764	Data exposed without proper permission	09.06.2026
CVE-2026-2638	X-VPN macOS website versions - Local Privilege Escalation	09.06.2026
CVE-2026-46316	KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry	09.06.2026
CVE-2026-46317	KVM: arm64: Reassign nested_mmus array behind mmu_lock	09.06.2026
CVE-2026-46318	Revert "mm/hugetlbfs: update hugetlbfs to use mmap_prepare"	09.06.2026
CVE-2026-46319	net/sched: act_ct: Only release RCU read lock after ct_ft	09.06.2026
CVE-2026-46320	tap: free page on error paths in tap_get_user_xdp()	09.06.2026
CVE-2026-46321	tun: free page on short-frame rejection in tun_xdp_one()	09.06.2026
CVE-2026-46322	tun: free page on build_skb failure in tun_xdp_one()	09.06.2026
CVE-2026-46323	net: gro: don't merge zcopy skbs	09.06.2026
CVE-2026-46324	netfilter: nf_tables: use list_del_rcu for netlink hooks	09.06.2026
CVE-2026-11607	TYPO3 CMS - Broken Access Control in Form Framework	09.06.2026
CVE-2026-47343	TYPO3 CMS - Destructive Actions on File Mount Folders	09.06.2026
CVE-2026-47346	TYPO3 CMS - Broken Access Control in Form Framework	09.06.2026
CVE-2026-47347	TYPO3 CMS - Open Redirect in Core Utilities	09.06.2026
CVE-2026-47348	TYPO3 CMS - Cross-Site Scripting in Indexed Search	09.06.2026
CVE-2026-47349	TYPO3 CMS - Broken Access Control in Recycler	09.06.2026
CVE-2026-47350	TYPO3 CMS - Broken Access Control in DataHandler	09.06.2026
CVE-2026-47351	TYPO3 CMS - Broken Access Control in Clipboard	09.06.2026
CVE-2026-47352	TYPO3 CMS - Broken Access Control in Backend API	09.06.2026
CVE-2026-49738	TYPO3 CMS - Broken Access Control in File Abstraction Layer	09.06.2026
CVE-2026-49740	TYPO3 CMS - Insecure Deserialization in Core API	09.06.2026
CVE-2026-49741	TYPO3 CMS - Privilege Escalation & SQL Injection in Form Framework	09.06.2026
CVE-2026-49742	TYPO3 CMS - Broken Access Control in Media Module	09.06.2026
CVE-2025-10263		09.06.2026
CVE-2025-40808		09.06.2026	6.1
CVE-2026-10731	SQL injection in Nemon products	09.06.2026
CVE-2026-24349		09.06.2026	7.1
CVE-2026-41031	A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor	09.06.2026	8.7
CVE-2026-46746		09.06.2026	8.8
CVE-2026-46747		09.06.2026	4.3
CVE-2026-46748		09.06.2026	8.8
CVE-2026-46749		09.06.2026	7.5
CVE-2026-4058	User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation	09.06.2026	4.3
CVE-2026-52902	Awxkit: path traversal via yaml !include directive	09.06.2026
CVE-2009-10007	Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks	09.06.2026
CVE-2026-11616	Events Calendar for GeoDirectory <= 2.3.28 - Authenticated (Subscriber+) Privilege Escalation	09.06.2026	8.8
CVE-2026-25688	Apache Answer: XSS in AI Answer Rendering	09.06.2026
CVE-2026-25699	Apache Answer: Authorization Bypass in Timeline API	09.06.2026
CVE-2026-28262		09.06.2026	6
CVE-2026-33582	Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error	09.06.2026
CVE-2026-34031	Apache Answer: The custom avatar was not properly validated	09.06.2026
CVE-2026-34033	Apache Answer: HTML Content Injection in Email	09.06.2026
CVE-2026-34905	Apache Answer: Unlisted Questions Accessible via Direct API Access	09.06.2026
CVE-2026-46315	io_uring/waitid: clear waitid info before copying it to userspace	09.06.2026
CVE-2026-49818	Apache Airflow Samba provider: Path traversal in GCSToSambaOperator via GCS object names	09.06.2026
CVE-2026-6899	Improper Check for Certificate Revocation in S2OPC	09.06.2026	5.6
CVE-2026-7542	Slider Revolution <= 7.0.10 - Authenticated (Subscriber+) Sensitive Information Disclosure	09.06.2026	6.5
CVE-2026-8365	Blocksy <= 2.1.41 - Authenticated (Contributor+) PHP Object Injection via Deserialization of Untrusted Data via 'blocksy_meta' REST API Field	09.06.2026	8.8
CVE-2026-8599	MailerPress <= 2.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Campaign HTML Content Field	09.06.2026	6.4
CVE-2026-8677	Prime Elementor Addons <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget HTML Tag Settings	09.06.2026	6.4
CVE-2025-62858	QTS, QuTS hero	09.06.2026
CVE-2026-41972		09.06.2026	5.4
CVE-2026-41973		09.06.2026	5.9
CVE-2026-41974		09.06.2026	3.6
CVE-2026-41976		09.06.2026	6.6
CVE-2026-41977		09.06.2026	5
CVE-2026-41981		09.06.2026	5.3
CVE-2026-41982		09.06.2026	6.4
CVE-2026-41983		09.06.2026	4.3
CVE-2026-41984		09.06.2026	5.2
CVE-2026-41985		09.06.2026	5.1
CVE-2026-41986		09.06.2026	2.4
CVE-2026-44083	QuMagie	09.06.2026
CVE-2026-5068	bt: l2cap le coc: remote oob write via seg counter stored in net_buf user_data	09.06.2026	7.6
CVE-2026-9698	DBI versions before 1.648 for Perl saved errors in a limited-sized buffer	09.06.2026
CVE-2026-11572		09.06.2026	8.8
CVE-2026-41539	QTS, QuTS hero	09.06.2026
CVE-2026-4986	WPForms Lite < 1.10.0.5 – Unauthenticated PayPal Webhook Forgery	09.06.2026
CVE-2026-5067	Out-of-bounds read/write in HTTP WebSocket upgrade via non-null-terminated Sec-WebSocket-Key	09.06.2026	9.8
CVE-2026-8981	Lazy Blocks < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML	09.06.2026
CVE-2026-10024	TinyMCE shortcode Addon <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute	09.06.2026	6.4
CVE-2026-10553	jQuery Hover Footnotes <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update	09.06.2026	4.3
CVE-2026-10738	jQuery Hover Footnotes <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax)	09.06.2026	6.4
CVE-2026-11603	Product Filter Widget for Elementor <= 1.0.6 - Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter	09.06.2026	6.1
CVE-2026-11623	tmux image.c image_free use after free	09.06.2026
CVE-2026-26236	QuMagie	09.06.2026
CVE-2026-40983	Micrometer gRPC server instrumentation DoS vulnerability	09.06.2026	7.5
CVE-2026-40984	Micrometer HTTP server instrumentations DoS vulnerability	09.06.2026	7.5
CVE-2026-41006	Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration	09.06.2026	7.5
CVE-2026-41007	Spring HATEOAS heap exhaustion through unbounded internal caching	09.06.2026	7.5
CVE-2026-41710	Cache Exhaustion in Stateful Retries leads to Denial of Service	09.06.2026	5.9
CVE-2026-41715	Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect	09.06.2026	6.1
CVE-2026-41720	Authentication Bypass with Empty Password in Spring LDAP	09.06.2026	7.4
CVE-2026-41838	Spring Framework Predictable Session ID in WebSocket Module	09.06.2026	4.8
CVE-2026-41839	Spring Framework Escalation via Session Fixation in WebFlux	09.06.2026	4.2
CVE-2026-41840	Spring Framework Denial of Service via Multipart Requests in WebFlux	09.06.2026	5.9
CVE-2026-41841	Spring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux	09.06.2026	5.9
CVE-2026-41842	Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux	09.06.2026	7.5
CVE-2026-41843	Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux	09.06.2026	5.9
CVE-2026-41844	Spring Framework Open Redirect in Spring MVC and WebFlux	09.06.2026	4.2
CVE-2026-41845	Spring Framework Cross-site Scripting via JavaScriptUtils	09.06.2026	7.1
CVE-2026-41846	Spring Framework Cross-site Scripting via JSP Form Tags	09.06.2026	5.9
CVE-2026-41847	Spring Framework Security Filter Bypass in WebFlux Kotlin Router DSL	09.06.2026	4.8
CVE-2026-41848	Spring Framework Denial of Service via AntPathMatcher	09.06.2026	3.7
CVE-2026-41849	Spring Framework Denial of Service via Integer Overflow in SpEL Expressions	09.06.2026	7.5
CVE-2026-41850	Spring Framework Algorithmic Denial of Service via SpEL Expressions	09.06.2026	7.5
CVE-2026-41851	Spring Framework Denial of Service via Unbounded Cache in SpEL	09.06.2026	5.3
CVE-2026-41852	Spring Framework Arbitrary Method Invocation in SpEL Expressions	09.06.2026	3.7
CVE-2026-41853	Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux	09.06.2026	5.3
CVE-2026-41854	Spring Framework Server-Side Request Forgery via UriComponentsBuilder	09.06.2026	4.2
CVE-2026-41855	Spring Framework Unsafe Deserialization via Jackson JMS Converters	09.06.2026	8.1
CVE-2026-41975		09.06.2026	6.3
CVE-2026-41978		09.06.2026	4.4
CVE-2026-41979		09.06.2026	5.5
CVE-2026-41980		09.06.2026	5.5
CVE-2026-7662	ePaperFlip Publisher <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'publicationid' Shortcode Attribute	09.06.2026	6.4
CVE-2026-8499	Helpfulcrowd Product Reviews <= 1.2.9 - Inccorect Authorization via Type Juggling in 'token' Parameter to Arbitrary Settings Update	09.06.2026	5.3
CVE-2026-8841	Extra Settings for RocketChat <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	09.06.2026	6.4
CVE-2026-8880	RomanCart Ecommerce <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	09.06.2026	6.4
CVE-2026-8882	WP ApplicantStack Jobs Display <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	09.06.2026	6.4
CVE-2026-8883	Global Body Mass Index Calculator <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	09.06.2026	6.4
CVE-2026-8895	kk blog card <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	09.06.2026	6.4
CVE-2026-8902	AJAX Report Comments <= 2.0.4 - Cross-Site Request Forgery to Settings Update	09.06.2026	4.3
CVE-2026-8904	FastPicker, an order picker and order management system (oms) for WooCommerce on steroids <= 1.0.2 - Cross-Site Request Forgery via Settings Save	09.06.2026	4.3
CVE-2026-8907	WP-Ultimate-Map <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'zoom-level' Parameter	09.06.2026	6.1
CVE-2026-8909	WpMobi <= 0.0.3 - Cross-Site Request Forgery via save_general_settings Action	09.06.2026	4.3
CVE-2026-8910	WP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' Parameter	09.06.2026	6.1
CVE-2026-8940	WP Meta Sort Posts <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update	09.06.2026	4.3
CVE-2026-8977	WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action	09.06.2026	6.4
CVE-2026-9185	6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter	09.06.2026	7.5
CVE-2026-9662	Recover Exit For WooCommerce <= 1.0.3 - Unauthenticated Local File Inclusion via 'tpf' Parameter	09.06.2026	8.1
CVE-2026-11618	DTStack Taier Source Connection Test Endpoint LoginInterceptor.java preHandle improper authentication	09.06.2026
CVE-2026-11619	Dolibarr ERP CRM Legacy Filemanager config.inc.php improper authorization	09.06.2026
CVE-2026-11620	TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation	09.06.2026
CVE-2026-11621	Dcat-Admin User Setting upload editorMDUpload unrestricted upload	09.06.2026
CVE-2026-5714	Enable Media Replace <= 4.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'location_dir' Parameter	09.06.2026	6.4
CVE-2026-7556	FV Flowplayer Video Player <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting via Comment Text	09.06.2026	7.2
CVE-2026-10862	Accordions <= 2.3.23 - Authenticated (Custom+) Stored Cross-Site Scripting via Accordion Body Field	09.06.2026	6.4
CVE-2026-24315	Path Traversal Vulnerability in SAP Fiori (launchpad)	09.06.2026	4.2
CVE-2026-27671	Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform	09.06.2026	9.8
CVE-2026-40128	Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)	09.06.2026	9
CVE-2026-44743	Security Misconfiguration vulnerability in SAP Business Objects	09.06.2026	3.7
CVE-2026-44744	SQL Injection vulnerability in SAP S/4HANA	09.06.2026	6.5
CVE-2026-44746	Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Servlet)	09.06.2026	6.1
CVE-2026-44748	XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform	09.06.2026	9.9
CVE-2026-44750	Missing Authorization check in SAP MDG (Review Match Groups Application)	09.06.2026	4.3
CVE-2026-44751	Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform	09.06.2026	7.1
CVE-2026-44754	Missing caller identification check-in for ODP Data Replication APIs	09.06.2026	6.6
CVE-2026-44755	Email Spoofing vulnerability in SAP Business Objects Business Intelligence Platform	09.06.2026	4.3
CVE-2026-44757	Cross-Site Scripting (XSS) vulnerability in SAP Wily Introscope Enterprise Manager	09.06.2026	4.7
CVE-2026-8795		09.06.2026	7.8
CVE-2026-11628		09.06.2026
CVE-2026-11629		09.06.2026
CVE-2026-11630		09.06.2026
CVE-2026-11631		09.06.2026
CVE-2026-11632		09.06.2026
CVE-2026-11633		09.06.2026
CVE-2026-11634		09.06.2026
CVE-2026-11635		09.06.2026
CVE-2026-11636		09.06.2026
CVE-2026-11637		09.06.2026
CVE-2026-11638		09.06.2026
CVE-2026-11639		09.06.2026
CVE-2026-11640		09.06.2026
CVE-2026-11641		09.06.2026
CVE-2026-11642		09.06.2026
CVE-2026-11643		09.06.2026
CVE-2026-11644		09.06.2026
CVE-2026-11645		09.06.2026
CVE-2026-11646		09.06.2026
CVE-2026-11647		09.06.2026
CVE-2026-11648		09.06.2026
CVE-2026-11649		09.06.2026
CVE-2026-11650		09.06.2026
CVE-2026-11651		09.06.2026
CVE-2026-11652		09.06.2026
CVE-2026-11653		09.06.2026
CVE-2026-11654		09.06.2026
CVE-2026-11655		09.06.2026
CVE-2026-11656		09.06.2026
CVE-2026-11657		09.06.2026
CVE-2026-11658		09.06.2026
CVE-2026-11659		09.06.2026
CVE-2026-11660		09.06.2026
CVE-2026-11661		09.06.2026
CVE-2026-11662		09.06.2026
CVE-2026-11663		09.06.2026
CVE-2026-11664		09.06.2026
CVE-2026-11665		09.06.2026
CVE-2026-11666		09.06.2026
CVE-2026-11667		09.06.2026
CVE-2026-11668		09.06.2026
CVE-2026-11669		09.06.2026
CVE-2026-11670		09.06.2026
CVE-2026-11671		09.06.2026
CVE-2026-11672		09.06.2026
CVE-2026-11673		09.06.2026
CVE-2026-11674		09.06.2026
CVE-2026-11675		09.06.2026
CVE-2026-11676		09.06.2026
CVE-2026-11677		09.06.2026
CVE-2026-11678		09.06.2026
CVE-2026-11679		09.06.2026
CVE-2026-11680		09.06.2026
CVE-2026-11681		09.06.2026
CVE-2026-11682		09.06.2026
CVE-2026-11683		09.06.2026
CVE-2026-11684		09.06.2026
CVE-2026-11685		09.06.2026
CVE-2026-11686		09.06.2026
CVE-2026-11687		09.06.2026
CVE-2026-11688		09.06.2026
CVE-2026-11689		09.06.2026
CVE-2026-11690		09.06.2026
CVE-2026-11691		09.06.2026
CVE-2026-11692		09.06.2026
CVE-2026-11693		09.06.2026
CVE-2026-11694		09.06.2026
CVE-2026-11695		09.06.2026
CVE-2026-11696		09.06.2026
CVE-2026-11697		09.06.2026
CVE-2026-11698		09.06.2026
CVE-2026-11699		09.06.2026
CVE-2026-11700		09.06.2026
CVE-2026-11701		09.06.2026
CVE-2026-9669	bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow	08.06.2026
CVE-2026-11585	CodeAstro Student Attendance Management System createClassArms.php sql injection	09.06.2026
CVE-2026-40215		08.06.2026
CVE-2026-44541	Fides: DOM-based XSS vulnerability in fides.js via fides_description override	09.06.2026
CVE-2026-11582	CodeAstro Student Attendance Management System index.php sql injection	09.06.2026
CVE-2026-11583	CodeAstro Student Attendance Management System createClass.php sql injection	08.06.2026
CVE-2026-11584	CodeAstro Student Attendance Management System createClass.php edit sql injection	09.06.2026
CVE-2026-35058		08.06.2026
CVE-2026-40519	Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins()	09.06.2026
CVE-2026-46484	Headplane: Path Traversal + RBAC Bypass in renameNode allows authenticated OIDC users to expire or rename any node/user	09.06.2026	8.1
CVE-2026-47344	TYPO3 HTML Sanitizer allows Cross-Site Scripting	08.06.2026
CVE-2026-47345	TYPO3 HTML Sanitizer allows Cross-Site Scripting	08.06.2026
CVE-2026-49141	WACRM Authorization Bypass via Automation Engine Endpoint	09.06.2026
CVE-2026-10544		08.06.2026
CVE-2026-10786		08.06.2026
CVE-2026-10787		09.06.2026
CVE-2026-11393	Code injection via improper triple-quote escaping in AgentCore CLI Bedrock Agent import	08.06.2026	9
CVE-2026-11557	Tenda F451 Web Management Natlimit fromNatlimit stack-based overflow	08.06.2026
CVE-2026-11558	CodeAstro Payroll System home_salary.php sql injection	08.06.2026
CVE-2026-11559	CodeAstro Payroll System view_account.php sql injection	08.06.2026
CVE-2026-46486	Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing	08.06.2026
CVE-2026-46490	samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions	09.06.2026
CVE-2026-52778	YesWiki has Unsafe eval() in Formula Calculator - Remote Code Execution (RCE) & Denial of Service (DoS)	08.06.2026	9.8
CVE-2026-11552	SourceCodester Onlne Examination & Learning Management System import_users.php hard-coded password	08.06.2026
CVE-2026-11553	Tenda HG7HG9/HG10 formPPPEdit stack-based overflow	08.06.2026
CVE-2026-11554	TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation	09.06.2026
CVE-2026-11555	D-Link DGS-1100-08PD Web boa.conf least privilege violation	08.06.2026
CVE-2026-11556	Tenda F451 Web Management WriteFacMac formWriteFacMac os command injection	09.06.2026
CVE-2026-8913	Command Injection in TP-Link's Archer MR600 WireGuard Client Configuration	09.06.2026