CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-11624 13.06.2026 9.4
CVE-2026-46716 Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron 12.06.2026 9.9
CVE-2026-53519 Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key 12.06.2026 9.1
CVE-2026-53609 Apostrophe has Server-Side Prototype Pollution in apos.util.set via patch operators that leads to process-wide authorization bypass 12.06.2026 9.1
CVE-2026-44990 Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html` 12.06.2026 9.3
CVE-2026-28742 Naxclow IoT Platform Use of hard-coded cryptographic key 12.06.2026 9.2
CVE-2026-50101 Naxclow IoT Platform Not using password aging 12.06.2026 9.2
CVE-2026-48558 SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification 13.06.2026 9.5
CVE-2026-45833 12.06.2026 9.4
CVE-2026-50083 Aqara hardcoded OAuth client credentials 12.06.2026 9.1
CVE-2026-50084 Aqara API cross-account access 12.06.2026 9.6
CVE-2026-50086 Aqara unauthenticated AES oracle 12.06.2026 10
CVE-2026-50090 Aqara OAuth redirect_uri validation bypass 12.06.2026 9.3
CVE-2026-50091 Aqara Home Android SDK hardcoded keys 12.06.2026 9.1
CVE-2026-10557 Yarbo Android/iOS Mobile Application and Cloud Infrastructure Use of Hard-coded Credentials 12.06.2026 9.3
CVE-2026-47131 vm2: Sandbox Escape 13.06.2026 10
CVE-2026-47137 vm2: GHSA-8hg8-63c5-gwmx patch bypass: nesting:true without explicit require still allows full RCE 13.06.2026 10
CVE-2026-47140 vm2: NodeVM builtin denylist bypass via process and inspector/promises allows host code execution 13.06.2026 10
CVE-2026-47208 vm2: Sandbox Breakout Using Promise Species 13.06.2026 10
CVE-2026-47210 vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass 13.06.2026 9.8
CVE-2026-53787 Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload 13.06.2026 9.3
CVE-2026-54133 jmespath.php has CompilerRuntime code injection via unescaped function names 12.06.2026 9.8
CVE-2026-6853 OTP Bypass in Başbelen Group's Pause+ Mobile App 12.06.2026 9.8
CVE-2026-11849 IEI Integration Corp|iRM-IEI Remote Management - Hard-coded Credentials 12.06.2026 9.3
CVE-2026-11535 12.06.2026 9.4
CVE-2026-47365 12.06.2026 9.9
CVE-2026-47367 12.06.2026 9.9
CVE-2026-47369 13.06.2026 9.9
CVE-2026-47370 13.06.2026 9.9
CVE-2026-48611 12.06.2026 9.8
CVE-2026-42846 ClipBucket: Remote Play URL Command Injection 12.06.2026 9.8
CVE-2026-45060 ClipBucket: Blind SQL Injection in progress_video.php 12.06.2026 9.8
CVE-2026-39494 WordPress Product Filter by WBW plugin <= 3.1.2 - SQL Injection vulnerability 12.06.2026 9.3
CVE-2026-42647 WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability 12.06.2026 9.3
CVE-2026-49060 WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability 12.06.2026 9.8
CVE-2026-41005 UAA accepts SAML Encrypted Assertions authentication bypass 13.06.2026 9
CVE-2026-49973 Hermes WebUI < 0.51.358 Unauthenticated Password Takeover via /api/settings 13.06.2026 9.2
CVE-2026-45177 Idira Secrets Manager SaaS Edge: Authentication Bypass of an internal validation mechanism 11.06.2026 9.1
CVE-2026-47172 Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment. 11.06.2026 9.5
CVE-2026-47174 Duck Site: Untrusted pull request code can trigger privileged production deployment 11.06.2026 9.5
CVE-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd` 12.06.2026 10
CVE-2026-11839 Arbitrary File Upload in Basarsoft's Rotaban 11.06.2026 9.9
CVE-2026-11561 SSTI in Soagen Informatics' Apinizer 12.06.2026 9.8
CVE-2026-7852 Unrestricted File Upload in Limatek's LimRAD NAC 11.06.2026 9.8
CVE-2026-4764 Privilege Escalation in Dialogflow CX via Playbook Import 11.06.2026 9.4
CVE-2026-35273 13.06.2026 9.8
CVE-2026-46695 BoxLite: Permission Bypass in boxlite Allows Modification of Read-Only Files 11.06.2026 10
CVE-2026-46703 BoxLite: Path Traversal Vulnerability in boxlite Leads to Arbitrary File Write on the Host 11.06.2026 9.6
CVE-2026-20253 Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise 11.06.2026 9.8
CVE-2026-46614 Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger 11.06.2026 9.8
CVE-2026-50545 Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover 12.06.2026 9.9
CVE-2026-50563 Fission Container Executor Function PodSpec Injection Leading to Node Escape 12.06.2026 9.9
CVE-2026-50564 Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape 12.06.2026 9.9
CVE-2026-50566 Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation 12.06.2026 9.9
CVE-2026-45550 Roxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant's monitoring URL/IP/body 10.06.2026 9.1
CVE-2026-45552 Roxy-WI: Cross-tenant authorization bypass on /install/* — guest can run Ansible / SSH on every registered server 10.06.2026 9.9
CVE-2026-45556 Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name` 10.06.2026 9.9
CVE-2026-45558 Roxy-WI: Authenticated RCE on every managed HAProxy load balancer via `option` field config injection in section save 10.06.2026 9.9
CVE-2026-53469 Migration-planner: unprotected delete endpoint wipes all tenant data 10.06.2026 9.1
CVE-2026-53470 Migration-planner: getsourcedownloadurl missing organization check 10.06.2026 9.6
CVE-2026-53471 Migration-planner: agent api ignores jwt source_id claim 10.06.2026 9.6
CVE-2026-53474 Migration-planner: second-order sql injection via rvtools upload 10.06.2026 9.6
CVE-2026-53475 Assisted-migration-agent: tls verification disabled on all vcenter connections 10.06.2026 9.3
CVE-2026-53476 Assisted-migration-agent: vddk tarball chained-symlink arbitrary file write 10.06.2026 9.6
CVE-2025-6254 Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation 10.06.2026 9.8
CVE-2025-66276 QTS 10.06.2026 9.2
CVE-2026-45328 ESF-IDF: Out-of-Bounds Write in ESP-TEE Secure Service Wrappers 10.06.2026 9.3
CVE-2026-44963 10.06.2026 9.4
CVE-2026-47928 ColdFusion | Improper Input Validation (CWE-20) 11.06.2026 9.6
CVE-2026-47938 Adobe Campaign Classic (ACC) | Server-Side Request Forgery (SSRF) (CWE-918) 10.06.2026 10
CVE-2026-48303 Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863) 10.06.2026 10
CVE-2026-34691 Adobe Experience Manager Forms JEE | Cross-site Scripting (Stored XSS) (CWE-79) 09.06.2026 9.3
CVE-2026-26142 Nuance PowerScribe Remote Code Execution Vulnerability 10.06.2026 9.8
CVE-2026-42904 Windows TCP/IP Elevation of Privilege Vulnerability 10.06.2026 9.6
CVE-2026-44815 DHCP Client Service Remote Code Execution Vulnerability 10.06.2026 9.8
CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability 10.06.2026 9.1
CVE-2026-45657 Windows Kernel Remote Code Execution Vulnerability 10.06.2026 9.8
CVE-2026-47281 Visual Studio Code Elevation of Privilege Vulnerability 10.06.2026 9.6
CVE-2026-47291 HTTP.sys Remote Code Execution Vulnerability 10.06.2026 9.8
CVE-2026-47643 Azure Stack Edge Remote Code Execution Vulnerability 10.06.2026 9.8
CVE-2026-49840 FreeSWITCH: Pre-authentication heap buffer overflow in libesl `Content-Length` parsing 09.06.2026 9.1
CVE-2026-49841 FreeSWITCH: Pre-authentication heap buffer overflow in `mod_verto` HTTP POST body read 11.06.2026 9.8
CVE-2026-10520 12.06.2026 10
CVE-2026-10523 10.06.2026 9.9
CVE-2026-25089 10.06.2026 9.1
CVE-2026-8025 SQLi in MOSK Informatics' CBS Platform 09.06.2026 9.8
CVE-2026-7486 SQLi in Netcad's E-İmar 09.06.2026 9.8
CVE-2017-20251 WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API 09.06.2026 9.3
CVE-2026-10731 SQL injection in Nemon products 09.06.2026 9.3
CVE-2026-41031 A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor 09.06.2026 9.3
CVE-2026-5067 Out-of-bounds read/write in HTTP WebSocket upgrade via non-null-terminated Sec-WebSocket-Key 09.06.2026 9.8
CVE-2026-27671 Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform 09.06.2026 9.8
CVE-2026-40128 Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container) 10.06.2026 9
CVE-2026-44748 XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform 09.06.2026 9.9
CVE-2026-52778 YesWiki has Unsafe eval() in Formula Calculator - Remote Code Execution (RCE) & Denial of Service (DoS) 09.06.2026 9.8
CVE-2026-25555 OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header 08.06.2026 9.3
CVE-2026-39910 STACKIT IaaS API Privilege Escalation via Service Account Attachment 09.06.2026 9.3
CVE-2026-41448 AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie 08.06.2026 9.2
CVE-2026-46442 Flowise: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape 09.06.2026 9.4
CVE-2026-47430 Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews 08.06.2026 9.5
CVE-2026-11499 Tenda HG7HG9/HG10 formDOMAINBLK stack-based overflow 08.06.2026 9.3
CVE-2023-54352 WordPress Seotheme Remote Code Execution Unauthenticated 08.06.2026 9.3
CVE-2024-58348 WordPress Background Image Cropper 1.2 Remote Code Execution 08.06.2026 9.3
CVE-2024-58349 WordPress Theme Travelscape 1.0.3 Arbitrary File Upload 08.06.2026 9.3

Latest Updates

CVE Title Updated Score
CVE-2026-5513 Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie 13.06.2026 7.2
CVE-2026-11624 13.06.2026
CVE-2026-1291 Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation 13.06.2026 4.3
CVE-2026-2470 Pagelayer <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration via 'contacts' 13.06.2026 4.3
CVE-2026-3297 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Anchor Block 13.06.2026 6.4
CVE-2026-9629 Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute 13.06.2026 6.4
CVE-2026-9061 Agile Store Locator < 1.6.9 - Admin+ Stored XSS via logo_name 13.06.2026
CVE-2026-9062 Agile Store Locator < 1.6.9 - Admin+ Arbitrary File Read via Path Traversal 13.06.2026
CVE-2026-9109 GPTranslate <= 2.31 - Unauthenticated Stored Cross-Site Scripting via REST API Translation Storage 13.06.2026 7.2
CVE-2026-9134 Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_attribute_key' Shortcode Parameter 13.06.2026 6.4
CVE-2026-11769 Operator - Namespaced User Path Traversal 13.06.2026
CVE-2026-12089 WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read 13.06.2026 4.9
CVE-2026-54228 Abrt: toctou race condition in abrt-dbus setelement allows arbitrary file writes to dump directories 13.06.2026
CVE-2026-54229 Abrt: chownproblemdir succeeds during active post-create event processing due to inadequate locking 13.06.2026
CVE-2026-54230 Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites 13.06.2026
CVE-2026-54231 Abrt: unsanitized systemd journal content written to dump directory files enables content injection 13.06.2026
CVE-2026-9848 WP Ticket <= 6.0.4 - Unauthenticated SQL Injection via WordPress Search 's' Parameter 13.06.2026 7.5
CVE-2026-11442 Allegra exportReport Directory Traversal Information Disclosure Vulnerability 12.06.2026
CVE-2026-11443 Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability 12.06.2026
CVE-2025-14098 Avira antivirus engine heap buffer OOB write when scanning a malformed MS-DOS executable file 12.06.2026 7.8
CVE-2025-9032 Avira antivirus engine heap buffer OOB read when scanning a malformed PE file 12.06.2026 7.8
CVE-2025-9033 Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 3) 12.06.2026 7.8
CVE-2026-12068 Avira Password Manager credential disclosure via cross-origin autofill in Firefox 12.06.2026 7.4
CVE-2026-6676 Avira antivirus engine heap buffer OOB write when scanning a malformed POSIX tar archive 12.06.2026 7.8
CVE-2025-7002 Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 2) 12.06.2026 7.8
CVE-2025-7003 Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 1) 12.06.2026 7.8
CVE-2025-7004 Avast antivirus heap buffer OOB write when scanning a malformed PE file 12.06.2026 7.8
CVE-2025-7005 Avast antivirus infinite recursion when scanning a malformed PE file 12.06.2026 5.5
CVE-2025-7006 Avast antivirus use of stack memory after free when scanning a malformed PE file 12.06.2026 5.5
CVE-2025-7008 Avast antivirus heap buffer OOB read when scanning a malformed PE file 12.06.2026 7.8
CVE-2025-7009 Avast antivirus heap buffer OOB read when scanning a malformed PE file 12.06.2026 7.8
CVE-2025-7010 Avast antivirus stack overflow when scanning a malformed PDF file 12.06.2026 5.5
CVE-2025-7011 Avast antivirus heap OOB when scanning a malformed zip file 12.06.2026 7.8
CVE-2025-7017 Avira antivirus engine heap buffer OOB read when scanning a malformed Windows MSI file 12.06.2026 7.8
CVE-2025-7018 Avira antivirus engine null pointer dereference when scanning a malformed PE file 12.06.2026 5.5
CVE-2025-7019 Avast antivirus stack overflow when scanning a malformed Office Open XML file 12.06.2026 5.5
CVE-2026-34195 GPU DDK - Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page translation from virtual page indexes 12.06.2026
CVE-2026-41155 GPU DDK - SharedSecMem mapped into all GPU virtual address spaces 12.06.2026
CVE-2026-41157 GPU DDK - OOB Write in CalculateNPOTTwiddleSparsePageMap3D 12.06.2026
CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink 12.06.2026
CVE-2026-53820 OpenClaw < 2026.5.12 - Exec Denylist Bypass in Bundle MCP Loopback Session Spawn 12.06.2026
CVE-2026-53821 OpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocket 12.06.2026
CVE-2026-53822 OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval and Execution 12.06.2026
CVE-2026-53823 OpenClaw < 2026.5.3 - Privilege Escalation via Mutable Slack Display Names in allowFrom 12.06.2026
CVE-2026-53824 Mattermost plugin for OpenClaw < 2026.4.24 - Slash Token Revocation Lag via Monitor Refresh Delay 13.06.2026
CVE-2026-53825 OpenClaw < 2026.4.7 - Arbitrary Local File Read via memory-wiki Ingest with operator.write Scope 12.06.2026
CVE-2026-53826 OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn 12.06.2026
CVE-2026-53827 OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action Forwarding 12.06.2026
CVE-2026-53828 OpenClaw < 2026.5.6 - Native Command Authorization Bypass via Owner-Command Enforcement 12.06.2026
CVE-2026-53829 OpenClaw < 2026.5.18 - Command Truncation in Exec Approval Display 12.06.2026
CVE-2026-53830 OpenClaw < 2026.4.22 - Webhook Secret Revocation Bypass via secrets.reload 12.06.2026
CVE-2026-53831 OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist 12.06.2026
CVE-2026-53832 OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration 12.06.2026
CVE-2026-53833 QQBot for OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command 13.06.2026
CVE-2026-53834 OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands 12.06.2026
CVE-2026-53835 OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings 12.06.2026
CVE-2026-53836 OpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encoded-Command Aliases 12.06.2026
CVE-2026-53837 OpenClaw < 2026.5.6 - Missing Channel Type Validation in Mattermost Event Handlers 12.06.2026
CVE-2026-53838 OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection 12.06.2026
CVE-2026-53839 OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation 12.06.2026
CVE-2026-53867 Capgo < 12.128.2 - Orphaned File Retention via Profile Image Replacement 12.06.2026
CVE-2026-53868 Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion 12.06.2026
CVE-2026-54095 12.06.2026
CVE-2020-2521 12.06.2026
CVE-2026-12131 CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection 12.06.2026
CVE-2026-46716 Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron 12.06.2026 9.9
CVE-2026-46717 Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification 13.06.2026 7.7
CVE-2026-47120 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check) 12.06.2026 7.1
CVE-2026-47124 Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members 12.06.2026 6.5
CVE-2026-47268 Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host 12.06.2026 6.4
CVE-2026-48119 Nezha Monitoring: Authenticated agents can forge service-monitor results for other users' services 12.06.2026 7.1
CVE-2026-49396 Nezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim's agents 13.06.2026 7.1
CVE-2026-49397 Nezha Monitoring: Private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data 12.06.2026 5.3
CVE-2026-53519 Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key 12.06.2026 9.1
CVE-2026-53520 Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing 12.06.2026 6.5
CVE-2026-53521 Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context 12.06.2026 6.4
CVE-2026-53522 Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS 12.06.2026 6.5
CVE-2026-53523 Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection 12.06.2026 6.8
CVE-2026-53608 @apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script Tag 12.06.2026 8.7
CVE-2026-53609 Apostrophe has Server-Side Prototype Pollution in apos.util.set via patch operators that leads to process-wide authorization bypass 12.06.2026 9.1
CVE-2026-54398 MISP object edit authorization bypass allows unauthorized sharing group assignment 12.06.2026
CVE-2026-12129 CodeAstro Human Resource Management System Dashboard add_tod cross site scripting 13.06.2026
CVE-2026-12130 CodeAstro Human Resource Management System Projects Management Add_Projects cross site scripting 12.06.2026
CVE-2026-24618 WordPress Hash Elements plugin <= 1.5.4 - Sensitive Data Exposure vulnerability 13.06.2026 4.3
CVE-2026-42853 @apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input 13.06.2026 6.5
CVE-2026-44779 Discourse: Bot debug endpoints disclose whisper translation audit logs 12.06.2026 4.3
CVE-2026-44780 Discourse: Category queue reviewers can read raw incoming emails from queued posts 12.06.2026 4.3
CVE-2026-44782 Discourse: GroupPostSerializer leaks hidden full names through reaction post association 12.06.2026 4.3
CVE-2026-44783 Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts 12.06.2026 5.4
CVE-2026-44784 Discourse: Non-staff group owners can see email password in plaintext through group history 13.06.2026 6.5
CVE-2026-44785 Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts 12.06.2026 4.3
CVE-2026-44786 Discourse: Public chat MessageBus broadcasts are not restricted to chat-eligible users 12.06.2026 7.5
CVE-2026-44990 Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html` 12.06.2026 9.3
CVE-2026-45011 Apostrophe has stored XSS via javascript: URL in Image Widget Link 12.06.2026 7.3
CVE-2026-45012 Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget 12.06.2026 7.6
CVE-2026-45013 Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation 13.06.2026 8.1
CVE-2026-45014 Apostrophe Vulnerable to Stored Cross-Site Scripting via Unsanitized User Display Name in Draft Version Tooltip 12.06.2026
CVE-2026-45085 Discourse: Chat misauthorization and information disclosure 12.06.2026 5.3
CVE-2026-45775 Discourse: Cross-site backup access via path traversal in multisite local backups 12.06.2026 6.8
CVE-2026-47263 Discourse: Prevent webhook payload disclosure on event redelivery 12.06.2026 4.3
CVE-2026-47264 Discourse: Don't leak restricted tag group names via tag info 13.06.2026 5.3
CVE-2026-4870 Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions. 12.06.2026 7.5
CVE-2026-53606 sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes 12.06.2026 5.4
CVE-2026-53607 @apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host header 12.06.2026 3.7
CVE-2026-54056 Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging 12.06.2026 7.6
CVE-2026-54057 Kitty vulnerable to command injection via unsanitized OSC 21 query reply 12.06.2026
CVE-2026-54362 MISP template builder exposes non-visible custom galaxies across organisations 12.06.2026
CVE-2026-54393 MISP Overmind theme stored XSS via unvalidated homepage setting 12.06.2026
CVE-2026-54394 MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files 12.06.2026
CVE-2026-54395 MISP UiBeta event index reflected XSS in advanced filter popup 12.06.2026
CVE-2026-54396 MISP AuthKey edit endpoint allows authenticated user email enumeration 12.06.2026
CVE-2026-54397 MISP event editing allows unauthorized assignment to undisclosed sharing groups 12.06.2026
CVE-2026-42850 Kitty has a shell command injection 12.06.2026
CVE-2026-42851 @kitty-edit DCS + --color=geninclude vulnerable to Unauthenticated in-process RCE 12.06.2026 7.8
CVE-2026-54055 Kitty has an Arbitrary File Write via Symlink Race Condition in File Transmission Protocol 12.06.2026 5
CVE-2026-54358 MISP organization administrators can target site administrator accounts for password reset 12.06.2026
CVE-2026-54359 MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default 12.06.2026
CVE-2026-54360 MISP sharing group creation mass assignment allows unauthorized takeover of existing sharing groups 12.06.2026
CVE-2026-54361 MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records 12.06.2026
CVE-2026-42604 Actual has an OpenID `client_secret` Disclosure via Broken Authorization Guard in `/openid/config` 12.06.2026
CVE-2026-42890 actual Allows Electron to Run As Node 12.06.2026
CVE-2026-43872 actual-server has a path traversal vulnerability 12.06.2026
CVE-2026-47260 Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs 13.06.2026 7.7
CVE-2026-50287 Missing Authentication for Critical Function in @agenticmail/mcp 12.06.2026
CVE-2026-50552 Koel: Server-Side Request Forgery (SSRF) in radio station creation due to missing validation bail 12.06.2026 6.3
CVE-2026-54357 MISP improper authorization allows organization administrators to modify site administrator user settings 12.06.2026
CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint 12.06.2026
CVE-2026-12043 Heap double-free in AWS Common Runtime aws-c-http 12.06.2026 8.8
CVE-2026-12143 form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection) 12.06.2026
CVE-2026-28742 Naxclow IoT Platform Use of hard-coded cryptographic key 12.06.2026
CVE-2026-41568 Moby: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap 12.06.2026 6.1
CVE-2026-42306 Moby: Race condition in docker cp allows bind mount redirection to host path 13.06.2026 7.2
CVE-2026-42932 Naxclow IoT Platform Generation of Predictable Numbers or Identifiers 12.06.2026
CVE-2026-42947 Naxclow IoT Platform Authorization bypass through User-Controlled key 12.06.2026
CVE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking 12.06.2026
CVE-2026-47236 Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission 12.06.2026 4.3
CVE-2026-47248 Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers 12.06.2026
CVE-2026-50008 Parse Server: Server option routeAllowList is bypassable through batch sub-requests 12.06.2026
CVE-2026-50099 Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory 12.06.2026
CVE-2026-50101 Naxclow IoT Platform Not using password aging 12.06.2026
CVE-2026-50108 Naxclow IoT Platform Missing Authorization 12.06.2026
CVE-2026-50244 Naxclow IoT Platform Missing Authorization 12.06.2026
CVE-2026-53407 12.06.2026 8.1
CVE-2026-53408 12.06.2026 8.1
CVE-2026-53724 Parse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist 12.06.2026
CVE-2026-53725 Parse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied 13.06.2026
CVE-2026-53726 Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL 12.06.2026
CVE-2026-44168 MariaDB: wsrep SST unsafe parameter handling on the donor side 12.06.2026 8
CVE-2026-44169 MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions 13.06.2026 4.3
CVE-2026-44170 MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL 12.06.2026
CVE-2026-44171 MariaDB: path traversal in mbstream 12.06.2026 6.3
CVE-2026-44172 MariaDB: mysql_real_escape_string() incorrectly handled big5 12.06.2026
CVE-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause 12.06.2026 5
CVE-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync) 12.06.2026 8
CVE-2026-48165 MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side 12.06.2026 8
CVE-2026-53406 12.06.2026 7.8