CVE Field Guide

Critical CVEs

CVE	Title	Updated	Score
CVE-2026-48276	ColdFusion \| Unrestricted Upload of File with Dangerous Type (CWE-434)	30.06.2026	10
CVE-2026-48277	ColdFusion \| Improper Input Validation (CWE-20)	30.06.2026	10
CVE-2026-48281	ColdFusion \| Improper Input Validation (CWE-20)	30.06.2026	10
CVE-2026-48282	ColdFusion \| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)	30.06.2026	10
CVE-2026-48283	ColdFusion \| Unrestricted Upload of File with Dangerous Type (CWE-434)	30.06.2026	10
CVE-2026-48286	Adobe Campaign Classic (ACC) \| Incorrect Authorization (CWE-863)	30.06.2026	10
CVE-2026-48313	ColdFusion \| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)	30.06.2026	9.3
CVE-2026-48315	ColdFusion \| Improper Input Validation (CWE-20)	30.06.2026	9.3
CVE-2026-58116	LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path	30.06.2026	9.3
CVE-2026-6556	@fastify/express vulnerable to middleware bypass via non-string mount paths in prefixed plugins	30.06.2026	9.1
CVE-2026-44946	SAML Authentication Replay in Rancher	30.06.2026	9.5
CVE-2026-14162	Advantech｜Hospital Quering Management - Missing Authentication	30.06.2026	9.3
CVE-2026-53690	SQL Injection in Redeight CMS	30.06.2026	9.3
CVE-2026-8402	SQLi in Exagate's SYSGUARD 6001	30.06.2026	9.8
CVE-2026-12076	SQL Injection in Raytha CMS	30.06.2026	9.3
CVE-2026-9711	EventON - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection via Search Parameter	30.06.2026	9.8
CVE-2026-12818	DVP-12SE Exposure of Sensitive Information Vulnerability	30.06.2026	9.3
CVE-2026-12819	DVP-12SE Missing Authentication and Unauthorized Write access Vulnerability	30.06.2026	9.3
CVE-2026-12073	ProfileGrid - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation via Email Overwrite	30.06.2026	9.8
CVE-2026-57498	Coolify Cross-Team IDOR: Livewire Components Accept Unscoped server_id and destination_uuid — Deploy to Other Teams' Servers	29.06.2026	9.6
CVE-2026-11720	Path Traversal in googleapis/mcp-toolbox HTTP Tool URL Builder	29.06.2026	9.3
CVE-2026-56782	Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints	30.06.2026	9.3
CVE-2026-41052	Rancher Privilege Escalation from Project Owner to Host	30.06.2026	9.4
CVE-2026-56290	Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0	30.06.2026	10
CVE-2026-57331	WordPress Paid Videochat Turnkey Site plugin <= 7.4.8 - Arbitrary File Deletion vulnerability	29.06.2026	9.9
CVE-2026-58053	Gitea act_runner - Container Hardening Bypass via Workflow Container Options	30.06.2026	9.4
CVE-2026-12415	Invoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' Parameter	29.06.2026	9.8
CVE-2026-31928	Daktronics Controller Firmware Use of Hard-coded Credentials	29.06.2026	9.3
CVE-2026-28701	Daktronics Controller Firmware Path Traversal	29.06.2026	9.3
CVE-2026-49869	Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`	29.06.2026	10
CVE-2026-53576	Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass	29.06.2026	10
CVE-2026-54350	Budibase: Anonymous NoSQL operator injection via published-app query templates	26.06.2026	10
CVE-2026-54352	Budibase: Arbitrary file read by workspace-builder via PWA-zip symlink upload	27.06.2026	9.6
CVE-2026-46386	OpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`	29.06.2026	9.9
CVE-2026-53309	ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison	28.06.2026	9.8
CVE-2026-52780	OpenProject: Cache store poisoning leads to Remote Code Execution (RCE)	27.06.2026	9.6
CVE-2026-52782	OpenProject: IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH parameter "storages_project_storage[project_folder_id]" leads to Access to Unauthorized Resources	29.06.2026	9.9
CVE-2026-52785	OpenProject: SQL injection in timestamps functionality	29.06.2026	9.9
CVE-2026-33646	mise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)	29.06.2026	9.6
CVE-2026-45405	Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add	26.06.2026	9
CVE-2026-45406	Dokku: Host RCE via Maliciously Named OpenResty Include Files Injected Through eval	26.06.2026	9
CVE-2026-45408	Dokku: OS Command Injection via App Name in Git Pre-Receive Hook	26.06.2026	9
CVE-2026-54636	Dokku: OS Command Injection via app.json managed Cron	29.06.2026	9
CVE-2026-54820	WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-54825	WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-54827	WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-54831	WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-56027	WordPress Booster for WooCommerce plugin <= 8.0.1 - Arbitrary File Upload vulnerability	26.06.2026	9.9
CVE-2026-56028	WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability	29.06.2026	9.8
CVE-2026-56030	WordPress Paytium plugin <= 5.0.2 - Privilege Escalation vulnerability	26.06.2026	9.8
CVE-2026-56032	WordPress Buddyboss Platform plugin <= 3.0.4 - PHP Object Injection vulnerability	26.06.2026	9.8
CVE-2026-56033	WordPress Dokan Pro plugin <= 5.0.4 - Privilege Escalation vulnerability	26.06.2026	9.8
CVE-2026-56034	WordPress Library Management System plugin <= 3.5.7 - SQL Injection vulnerability	29.06.2026	9.3
CVE-2026-56036	WordPress 워드프레스 결제 심플페이 plugin <= 5.5.6 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-56057	WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability	26.06.2026	9.8
CVE-2026-56058	WordPress Quform plugin <= 2.23.0 - Arbitrary File Upload vulnerability	26.06.2026	9.9
CVE-2026-56059	WordPress Travel Booking theme <= 2.2.5 - Arbitrary File Upload vulnerability	26.06.2026	9.9
CVE-2026-56062	WordPress Quotes llama plugin <= 3.1.5 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-56067	WordPress JetSmartFilters plugin <= 3.8.3 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-56068	WordPress JetEngine plugin <= 3.8.10.2 - SQL Injection vulnerability	29.06.2026	9.3
CVE-2026-56070	WordPress Advance Product Search plugin <= 1.4.4 - SQL Injection vulnerability	26.06.2026	9.3
CVE-2026-57658	WordPress TemplateSpare plugin <= 4.2.0 - Arbitrary File Upload vulnerability	26.06.2026	9.1
CVE-2026-57878	GV-LPC2011/LPC2211 - unauthorized buffer overflow vulnerability (thttpd)	26.06.2026	9.8
CVE-2026-57879	GV-LPC2011/LPC2211 - unauthorized buffer overflow via AuthMode/AuthValue path (ssvr)	26.06.2026	9.8
CVE-2026-57880	GV-LPC2011/LPC2211 - unauthorized buffer overflow via RTSP Digest username (ssvr)	26.06.2026	9.8
CVE-2026-57881	GV-LPC2011/LPC2211 - unauthorized stack-based buffer overflow vulnerability (vlsvr)	26.06.2026	9.8
CVE-2026-9222	Setracker2 Children's Smartwatch Ecosystem Use of password hash instead of password for authentication	26.06.2026	9.2
CVE-2025-71327	Flowise - Authentication Bypass via Unprotected Registration Endpoint	26.06.2026	9.3
CVE-2025-71333	Flowise - Arbitrary File Upload via Unauthenticated /api/v1/attachments Endpoint	27.06.2026	9.3
CVE-2025-71334	Flowise - Arbitrary File Access via Missing Chat Flow ID Validation	26.06.2026	9.3
CVE-2025-71336	Flowise - Unsandboxed Remote Code Execution via Custom MCP	30.06.2026	9.3
CVE-2025-71338	Flowise - Arbitrary File Write to Remote Code Execution via document-store API	26.06.2026	10
CVE-2026-40702	EVoke Systems EVoke CSMS Missing Authentication for Critical Function	26.06.2026	9.3
CVE-2026-50548	Cursor Desktop sandbox escape via agent-controlled working directory	25.06.2026	9.3
CVE-2026-50549	Cursor Desktop sandbox escape via symlink and failed path canonicalization	25.06.2026	9.3
CVE-2026-54088	File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)	25.06.2026	9.3
CVE-2026-54089	File Browser: Authentication Bypass via Proxy Auth Header Forgery	25.06.2026	9.1
CVE-2026-56786	RTKLIB 2.4.3 - Out-of-bounds Write in decode_type1033 via Crafted RTCM3 Message	25.06.2026	9.3
CVE-2026-57700	WordPress OMGF Pro plugin <= 5.2.6 - Arbitrary File Upload vulnerability	29.06.2026	10
CVE-2026-55413	ToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution	25.06.2026	9.4
CVE-2026-56123	socat 1.8.0.0 - 1.8.1.1 Heap Buffer Overflow via SOCKS5 Reply Parser	26.06.2026	9.2
CVE-2026-41120		26.06.2026	9.8
CVE-2026-54823	WordPress Widget Options plugin <= 4.2.3 - Remote Code Execution (RCE) vulnerability	25.06.2026	9.9
CVE-2026-54836	WordPress Filter & Grids plugin <= 3.11.5 - SQL Injection vulnerability	25.06.2026	9.3
CVE-2026-54843	WordPress MDTF plugin <= 1.3.7 - SQL Injection vulnerability	25.06.2026	9.3
CVE-2026-54849	WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability	25.06.2026	9.3
CVE-2026-41566	Apache Kvrocks: Improper permission for the APPLYBATCH command	25.06.2026	9.4
CVE-2026-46752	Apache Kvrocks: Stack buffer overflow in Lua bit.tohex()	25.06.2026	10
CVE-2026-53131	netfilter: require Ethernet MAC header before using eth_hdr()	29.06.2026	9.4
CVE-2026-53151	rxrpc: Fix the ACK parser to extract the SACK table for parsing	28.06.2026	9.8
CVE-2026-53175	inet: frags: fix use-after-free caused by the fqdir_pre_exit() flush	30.06.2026	9.8
CVE-2026-53176	IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN	30.06.2026	9.8
CVE-2026-53186	RDMA/srp: bound SRP_RSP sense copy by the received length	28.06.2026	9.1
CVE-2026-53215	net: mvpp2: refill RX buffers before XDP or skb use	28.06.2026	9.8
CVE-2026-53216	net: mvpp2: limit XDP frame size to the RX buffer	28.06.2026	9.8
CVE-2026-53221	ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()	28.06.2026	9.8
CVE-2026-53224	sctp: validate embedded INIT chunk and address list lengths in cookie	28.06.2026	9.1
CVE-2026-53225	sctp: fix uninit-value in __sctp_rcv_asconf_lookup()	28.06.2026	9.1
CVE-2026-53228	ipv6: sit: reload inner IPv6 header after GSO offloads	28.06.2026	9.8
CVE-2026-53246	sctp: validate cached peer INIT chunk length in COOKIE_ECHO processing	28.06.2026	9.8
CVE-2026-53247	net: ethernet: mtk_eth_soc: Fix use-after-free in metadata dst teardown	28.06.2026	9.8
CVE-2026-53260	tcp: Add preempt_{disable,enable}_nested() in reqsk_queue_hash_req().	28.06.2026	9.8
CVE-2026-39948	Cacti has SQL Injection via rfilter parameter in RLIKE clauses	26.06.2026	9.3
CVE-2026-39955	Cacti has Pre-Authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php	26.06.2026	9.8
CVE-2026-39938	Cacti: Unauthenticated RCE on Graph Image	26.06.2026	9.8
CVE-2026-39893	Cacti: Pre-authentication SQL injection via rfilter RLIKE clause in graph_view.php	26.06.2026	9.8
CVE-2026-50551	SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content	25.06.2026	9.9
CVE-2026-54067	SiYuan: Stored XSS to RCE via CSS-snippet <style> breakout in renderSnippet()	25.06.2026	9.9
CVE-2026-54069	SiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist	25.06.2026	9.2
CVE-2026-54158	SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()	25.06.2026	9.9
CVE-2026-55454	Appsmith: Caddy admin API exposed without authentication	25.06.2026	9.9
CVE-2026-55570	SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375's patch)	25.06.2026	9
CVE-2026-55666	Rocket.Chat: Email Parameter Fallback Leads To Account Takeover Within Apple OAuth	29.06.2026	9.3
CVE-2026-33543	FOSSBilling: Authentication bypass allows unauthenticated administrator creation	25.06.2026	9.3
CVE-2026-45688	Rocket.Chat: Pre-Auth NoSQL Injection in CAS Login Handler leading to Arbitrary CAS/SAML User Session Hijack	26.06.2026	9.1
CVE-2026-45689	Rocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATO	26.06.2026	9.1
CVE-2026-46423	Rocket.Chat: SAML signature validation skipped when IdP certificate field is empty	26.06.2026	9.3
CVE-2026-52811	Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym	26.06.2026	9
CVE-2026-52813	Gogs: Path Traversal in organization name results in RCE through Git hooks	26.06.2026	10
CVE-2026-52806	Gogs: RCE via git rebase --exec argument injection in pull request merge	26.06.2026	9.9
CVE-2026-49980	Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix	29.06.2026	9.8
CVE-2026-53943	Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header	24.06.2026	9.6
CVE-2026-52955	libceph: Fix potential out-of-bounds access in crush_decode()	30.06.2026	9.8
CVE-2026-52958	libceph: Fix potential out-of-bounds access in osdmap_decode()	28.06.2026	9.1
CVE-2026-52982	net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit()	28.06.2026	9.8
CVE-2026-52986	netfilter: nf_conntrack_sip: don't use simple_strtoul	28.06.2026	9.8
CVE-2026-52989	nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers	30.06.2026	9.8
CVE-2026-52993	tipc: fix double-free in tipc_buf_append()	30.06.2026	9.8
CVE-2026-52999	netfilter: nfnetlink_osf: fix out-of-bounds read on option matching	28.06.2026	9.1
CVE-2026-53002	netfilter: conntrack: remove sprintf usage	30.06.2026	9.8
CVE-2026-53006	ipv6: fix possible UAF in icmpv6_rcv()	30.06.2026	9.8
CVE-2026-53010	ksmbd: fix use-after-free in smb2_open during durable reconnect	28.06.2026	9.8
CVE-2026-53043	ocfs2/dlm: validate qr_numregions in dlm_match_regions()	28.06.2026	9.1
CVE-2026-53045	memory: tegra124-emc: Fix dll_change check	28.06.2026	9.8
CVE-2026-53046	ksmbd: fix use-after-free from async crypto on Qualcomm crypto engine	28.06.2026	9.8
CVE-2026-53049	gfs2: add some missing log locking	28.06.2026	9.8
CVE-2026-53055	crypto: hisilicon/sec2 - prevent req used-after-free for sec	28.06.2026	9.8
CVE-2026-53086	net: bcmgenet: fix racing timeout handler	28.06.2026	9.8
CVE-2026-53088	net: bcmgenet: fix off-by-one in bcmgenet_put_txcb	28.06.2026	9.8
CVE-2026-56121	Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization	30.06.2026	9.3
CVE-2026-12537	Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows	24.06.2026	10
CVE-2026-56223	Capgo - Account Takeover via Cross-Domain SSO Email Assertion in provision-user	24.06.2026	9.3
CVE-2026-56237	Capgo - Unauthenticated API Key Generation via Client-Side Parameter Manipulation	24.06.2026	9.3
CVE-2026-52914	batman-adv: fix fragment reassembly length accounting	28.06.2026	9.8
CVE-2026-52924	sctp: purge outqueue on stale COOKIE-ECHO handling	30.06.2026	9.8
CVE-2026-52931	batman-adv: tp_meter: avoid use of uninit sender vars	28.06.2026	9.8
CVE-2026-12416	Invoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter	25.06.2026	9.8
CVE-2026-12417	SignUp & SignIn <= 1.0.0 - Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account Takeover	29.06.2026	9.8
CVE-2026-12485	GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command	24.06.2026	10
CVE-2026-12486	GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability	24.06.2026	9.1
CVE-2026-12846	GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command	24.06.2026	10
CVE-2026-12847	GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command	24.06.2026	10
CVE-2026-12848	GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command	24.06.2026	10
CVE-2026-12849	GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability	24.06.2026	9.1
CVE-2026-12850	GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability	24.06.2026	9.1
CVE-2026-12851	GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability	24.06.2026	9.1
CVE-2026-54588	Poweradmin has Host Header Injection in OIDC redirect_uri, SAML ACS/SLO URL, and Logout Redirect Construction.	24.06.2026	9.6
CVE-2026-11807	Eda-server: websocket missing authorization allows credential theft via activation_id spoofing	29.06.2026	9.6
CVE-2026-53753	Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API	23.06.2026	9.8
CVE-2026-53662	immich: One-click account takeover via XSS in login page continue redirect	23.06.2026	9.6
CVE-2026-54157	LobeHub: Unauthenticated SSRF in `/webapi/proxy`	23.06.2026	9

Latest Updates

CVE	Title	Updated	Score
CVE-2026-13455	PostgreSQL Anonymizer: Unrestricted function can leak the secret salt	30.06.2026	4.3
CVE-2026-44948	Path Traversal in Rancher Fleet ImageScan GitRepo Path Handler	30.06.2026
CVE-2026-48276	ColdFusion \| Unrestricted Upload of File with Dangerous Type (CWE-434)	30.06.2026	10
CVE-2026-48277	ColdFusion \| Improper Input Validation (CWE-20)	30.06.2026	10
CVE-2026-48281	ColdFusion \| Improper Input Validation (CWE-20)	30.06.2026	10
CVE-2026-48282	ColdFusion \| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)	30.06.2026	10
CVE-2026-48283	ColdFusion \| Unrestricted Upload of File with Dangerous Type (CWE-434)	30.06.2026	10
CVE-2026-48285	ColdFusion \| Server-Side Request Forgery (SSRF) (CWE-918)	30.06.2026	8.6
CVE-2026-48286	Adobe Campaign Classic (ACC) \| Incorrect Authorization (CWE-863)	30.06.2026	10
CVE-2026-48307	ColdFusion \| Cross-site Scripting (Reflected XSS) (CWE-79)	30.06.2026	8.8
CVE-2026-48313	ColdFusion \| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)	30.06.2026	9.3
CVE-2026-48314	ColdFusion \| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)	30.06.2026	6.5
CVE-2026-48315	ColdFusion \| Improper Input Validation (CWE-20)	30.06.2026	9.3
CVE-2026-27881	Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)	30.06.2026	5
CVE-2026-27882	Coolify: Timing Attack in GitLab Webhook Token Validation	30.06.2026	4.8
CVE-2026-27883	Coolify: IDOR in Deployment API - Cross-Team Deployment Information Disclosure	30.06.2026	5
CVE-2026-27955	Coolify: Command Injection via Single-Quote Breakout in `executeInDocker()`	30.06.2026	6.6
CVE-2026-27956	Coolify: Cross-team application domain enumeration via domains_by_server endpoint	30.06.2026	4.3
CVE-2026-27957	Coolify: Authenticated RCE via command injection in CA certificate management feature	30.06.2026	8.8
CVE-2026-44947	Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher	30.06.2026
CVE-2026-44949	Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook	30.06.2026
CVE-2026-48192		30.06.2026	5.4
CVE-2026-4360	Tarfile.extract() doesn't fully respect filter parameter	30.06.2026
CVE-2025-53648	Apache Gravitino: SQL misconfiguration can access or truncate files	30.06.2026
CVE-2026-14178	openGauss存在非法内存访问导致DoS漏洞	30.06.2026	5.9
CVE-2026-14241	Memory safety bugs fixed in Firefox 152.0.4	30.06.2026
CVE-2026-35095	Session fixation in KTM System e-BOK	30.06.2026
CVE-2026-35096	Cross-Site Request Forgery (CSRF) in KTM System e-BOK	30.06.2026
CVE-2026-35097	Weak Password Requirements in KTM System e-BOK	30.06.2026
CVE-2026-35098	Improper Restriction of Excessive Authentication Attempts in KTM System e-BOK	30.06.2026
CVE-2026-10816	Arbitrary File Read (Unauthenticated)	30.06.2026
CVE-2026-10817	Insufficient input validation leading to memory overread	30.06.2026
CVE-2026-13474	Denial of service via malformed HTTP/2 requests	30.06.2026
CVE-2026-47105		30.06.2026
CVE-2026-58010	Glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal()	30.06.2026
CVE-2026-58011	Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime	30.06.2026
CVE-2026-58012	Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()	30.06.2026
CVE-2026-58013	Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"	30.06.2026
CVE-2026-58014	Glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list"	30.06.2026
CVE-2026-58015	Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive	30.06.2026
CVE-2026-58016	Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"	30.06.2026
CVE-2026-58116	LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path	30.06.2026
CVE-2026-58374		30.06.2026	6.5
CVE-2026-6556	@fastify/express vulnerable to middleware bypass via non-string mount paths in prefixed plugins	30.06.2026	9.1
CVE-2026-8451	Insufficient input validation leading to memory overread	30.06.2026
CVE-2026-8452	Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service	30.06.2026
CVE-2026-8655	Multiple Memory overflow vulnerabilities leading to unpredictable or erroneous behavior and Denial of Service	30.06.2026
CVE-2026-12388	Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper	30.06.2026
CVE-2026-14209	Keycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions	30.06.2026
CVE-2026-44946	SAML Authentication Replay in Rancher	30.06.2026
CVE-2026-4629	Keycloak: keycloak: privilege escalation through hardcoded role mapper injection	30.06.2026
CVE-2026-53432	Integer Overflow in fzf	30.06.2026
CVE-2026-53433	Denial of Service in fzf	30.06.2026
CVE-2026-8403	Stored XSS in Exagate's SYSGUARD 6001	30.06.2026	6.1
CVE-2026-13766	DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers	30.06.2026
CVE-2026-14161	Advantech｜Hospital Queuing Management - Sensitive Data Exposure	30.06.2026
CVE-2026-14162	Advantech｜Hospital Quering Management - Missing Authentication	30.06.2026
CVE-2026-41053	Over-inclusive team membership expansion in GitHub App authentication provider for Rancher	30.06.2026	8.8
CVE-2026-53690	SQL Injection in Redeight CMS	30.06.2026
CVE-2026-53691	Remote Code Execution in Redeight CMS	30.06.2026
CVE-2026-53692	Weak hashing algorithm in Redeight CMS	30.06.2026
CVE-2026-57079	Net::BitTorrent versions through 2.0.1 for Perl write files outside the download directory via path traversal in peer-supplied metadata	30.06.2026
CVE-2026-57080	Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix	30.06.2026
CVE-2026-57081	Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input	30.06.2026
CVE-2026-57082	Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG	30.06.2026
CVE-2026-8402	SQLi in Exagate's SYSGUARD 6001	30.06.2026	9.8
CVE-2026-13316	Foreman: ssrf to cloud metada service through unvalidated test_url parameters in foreman config	30.06.2026
CVE-2026-49432	Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service	30.06.2026
CVE-2026-49434	Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker	30.06.2026
CVE-2026-49877	Apache ActiveMQ: Authenticated web users retain admin access by default in the Web Console	30.06.2026
CVE-2026-50734	Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire memory-allocation DoS during wire format negotiation	30.06.2026
CVE-2026-50750	Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270	30.06.2026
CVE-2026-52760	Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ Web Console	30.06.2026
CVE-2026-53916	Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec	30.06.2026
CVE-2026-53917	Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling	30.06.2026
CVE-2026-54475	Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover	30.06.2026
CVE-2025-24815	An unrestricted file upload vulnerability in Nokia MantaRay NM	30.06.2026
CVE-2025-24816	An Improper Access Control vulnerability in Nokia MantaRay NM	30.06.2026
CVE-2025-7406	A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM	30.06.2026
CVE-2026-10763		30.06.2026
CVE-2026-12076	SQL Injection in Raytha CMS	30.06.2026
CVE-2026-12610	Sssd: use-after-free crash in sssd' 'sssd_pam' process	30.06.2026
CVE-2026-13149		30.06.2026
CVE-2026-6953	Multiple vulnerabilities in Intermark IT's WebControl CMS	30.06.2026
CVE-2026-6954	Multiple vulnerabilities in Intermark IT's WebControl CMS	30.06.2026
CVE-2026-8141	Ajax Load More - Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting via 'taxonomy_include_children' Field	30.06.2026	7.2
CVE-2026-9711	EventON - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection via Search Parameter	30.06.2026	9.8
CVE-2026-12578	DTMSoft - Deserialization of Untrusted Data Vulnerability	30.06.2026
CVE-2026-45822		30.06.2026
CVE-2026-11581	Kali Forms < 2.4.13 - Contributor+ Stored XSS via Form Field Caption	30.06.2026
CVE-2026-11589	WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Stored XSS via File Upload	30.06.2026
CVE-2026-11590	WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated SQL Injection via filter[elements] Array Keys	30.06.2026
CVE-2026-12240	Export User Data <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion via display_name Field	30.06.2026	8
CVE-2026-12818	DVP-12SE Exposure of Sensitive Information Vulnerability	30.06.2026
CVE-2026-12819	DVP-12SE Missing Authentication and Unauthorized Write access Vulnerability	30.06.2026
CVE-2026-14164	Libarchive: double-free vulnerability in rar5 decompression logic via dangling filtered_buf pointer in init_unpack()	30.06.2026
CVE-2026-56137		30.06.2026
CVE-2026-56808		30.06.2026
CVE-2026-56809		30.06.2026
CVE-2026-9576	Fluent Booking < 2.1.2 - Calendar Manager+ Sensitive Information Disclosure via Attendee Export	30.06.2026
CVE-2026-11367	PixMagix <= 1.7.2 - Authenticated (Author+) Path Traversal in 'layers[].id' Parameter	30.06.2026	6.5
CVE-2026-12073	ProfileGrid - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation via Email Overwrite	30.06.2026	9.8
CVE-2026-12349	Premium Addons for KingComposer <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion via 'add_custom_sidebar' and 'remove_custom_sidebar' AJAX actions	30.06.2026	5.3
CVE-2026-12560	Editorial Rating <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Link URL' Field	30.06.2026	4.4
CVE-2026-8944	Plugin for Google Analytics by IO technologies <= 1.1 - Cross-Site Request Forgery via 'ga_id' Parameter	30.06.2026	4.3
CVE-2026-12114	Team Members <= 8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'custom_css' Parameter	30.06.2026	4.4
CVE-2026-14160		30.06.2026	5.9
CVE-2026-58302		30.06.2026	8.4
CVE-2026-12243	Path Traversal via Percent-Encoding in nltk.data.find() and nltk.data.load()	30.06.2026
CVE-2026-10648	NULL-pointer dereference in MCUmgr serial/console SMP transport on buffer-pool exhaustion	30.06.2026	6.2
CVE-2026-51218		30.06.2026
CVE-2026-51219		30.06.2026
CVE-2026-7656	Broken IPv6 Neighbor Discovery input validation allows spoofed RA/NS/NA acceptance in Zephyr net stack	30.06.2026	8.1
CVE-2026-8023	Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read	30.06.2026	7.5
CVE-2026-10647	Deadlock denial of service in USB CDC-NCM device class on TX enqueue failure	30.06.2026	5.3
CVE-2026-34592	Coolify: Cross-Team IDOR via Unscoped Server and Project Lookups Exposes SSH Keys and Infrastructure	30.06.2026	7.7
CVE-2026-51221		30.06.2026
CVE-2026-57997	Strapi users-permissions - JWT Algorithm Confusion via Missing Algorithm Configuration	30.06.2026
CVE-2026-13758	CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in the streaming decrypt_done path	30.06.2026
CVE-2026-34594	Coolify: Authenticated Remote Code Execution via Command Injection in Destination Network Management	29.06.2026	8.8
CVE-2026-34597	Coolify: Authenticated Host RCE	30.06.2026	8.8
CVE-2026-41896	Coolify: Unauthenticated Deployment Trigger via Webhook HMAC Bypass with Null Secret	30.06.2026	7.5
CVE-2026-50229	Apache Tomcat: XSS in number guess example	30.06.2026
CVE-2026-53404	Apache Tomcat: Bad ornext processing in RewriteValve	30.06.2026
CVE-2026-53434	Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector	30.06.2026
CVE-2026-55276	Apache Tomcat: Logged effective web.xml is incomplete	30.06.2026
CVE-2026-55955	Apache Tomcat: EncryptInterceptor not protected against replay attacks	30.06.2026
CVE-2026-55956	Apache Tomcat: Security constraints for default servlet ignored method	30.06.2026
CVE-2026-55957	Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind	30.06.2026
CVE-2026-13593	CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away	29.06.2026
CVE-2026-13762	HTTP/2 Stream Parser Confusion Body-Inspection Bypass in Amazon CloudFront with AWS WAF	29.06.2026	9.8
CVE-2026-13763	HTTP/2 Stream Parser Confusion Body-Inspection Bypass in AWS Application Load Balancer with AWS WAF	29.06.2026	9.8
CVE-2026-28979		29.06.2026
CVE-2026-31016		29.06.2026
CVE-2026-37637		29.06.2026
CVE-2026-39868		30.06.2026
CVE-2026-39872		29.06.2026
CVE-2026-43663		29.06.2026
CVE-2026-43676		29.06.2026
CVE-2026-43699		29.06.2026
CVE-2026-43700		29.06.2026
CVE-2026-43701		30.06.2026
CVE-2026-43703		29.06.2026
CVE-2026-43704		29.06.2026
CVE-2026-43705		30.06.2026
CVE-2026-43706		29.06.2026
CVE-2026-43707		30.06.2026
CVE-2026-43708		29.06.2026
CVE-2026-43709		29.06.2026
CVE-2026-43712		29.06.2026
CVE-2026-43713		30.06.2026
CVE-2026-43715		30.06.2026
CVE-2026-43716		29.06.2026
CVE-2026-43717		29.06.2026
CVE-2026-43718		29.06.2026
CVE-2026-43720		29.06.2026
CVE-2026-43721		30.06.2026
CVE-2026-43722		30.06.2026
CVE-2026-43724		30.06.2026
CVE-2026-43725		29.06.2026
CVE-2026-43726		29.06.2026
CVE-2026-43727		29.06.2026
CVE-2026-43731		30.06.2026
CVE-2026-43732		29.06.2026
CVE-2026-43734		29.06.2026
CVE-2026-43735		30.06.2026
CVE-2026-43740		29.06.2026
CVE-2026-43742		29.06.2026
CVE-2026-43743		29.06.2026
CVE-2026-43745		29.06.2026
CVE-2026-43746		29.06.2026
CVE-2026-56017	JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful token of the input is a slash	29.06.2026
CVE-2026-56018	JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory growth	29.06.2026
CVE-2026-57498	Coolify Cross-Team IDOR: Livewire Components Accept Unscoped server_id and destination_uuid — Deploy to Other Teams' Servers	29.06.2026	9.6
CVE-2026-57919		29.06.2026	7.8
CVE-2026-13008		29.06.2026
CVE-2026-53426	Atom-table exhaustion denial-of-service via JSON parse_document in MDEx	30.06.2026
CVE-2026-53429	Unbounded native memory leak in mdex escaped-tag rendering enables unauthenticated denial of service	30.06.2026
CVE-2026-54888	Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex	30.06.2026
CVE-2026-54889	Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)	30.06.2026
CVE-2026-13757	P11-kit: stack exhaustion via unbounded recursion in rpc attribute parsing	29.06.2026
CVE-2026-53427	Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute	30.06.2026
CVE-2026-53428	Unbounded memory allocation in highlight_lines range expansion in mdex	30.06.2026
CVE-2026-57999	luci-app-tailscale-community - Command Injection via tailscale.do_login RPC	30.06.2026
CVE-2026-58000	luci-proto-openvpn - Command Injection via cl_meta Parameter in generateKey	30.06.2026
CVE-2026-11720	Path Traversal in googleapis/mcp-toolbox HTTP Tool URL Builder	29.06.2026
CVE-2026-13592	liftoff-sr CIPster EtherNet IP Message append out-of-bounds write	29.06.2026
CVE-2026-36848		29.06.2026
CVE-2026-56780	Modoboa < 2.9.0 - Insecure Direct Object Reference in Account Password Change API	29.06.2026
CVE-2026-56781	Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override	30.06.2026
CVE-2026-56782	Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints	30.06.2026
CVE-2026-56783	Parseable < 2.9.2 - Cleartext Credential Exposure in Notification Target API	30.06.2026
CVE-2026-57942	LibreTranslate - IP Spoofing via X-Forwarded-For Header	30.06.2026
CVE-2026-57943	LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint	30.06.2026
CVE-2026-57945	PhotoPrism - Unauthorized User Profile Modification via PUT /api/v1/users/{uid} Endpoint	29.06.2026
CVE-2026-57946	Invidious - Private Playlist Disclosure via Unauthenticated RSS Feed Endpoint	29.06.2026
CVE-2026-57947	Pinpoint - Server-Side Request Forgery via Alarm Webhook Registration	30.06.2026
CVE-2026-57948	Pinpoint - Insecure Session Cookie Attributes in pinpointJwt	30.06.2026
CVE-2026-57949	ruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET Endpoint	30.06.2026
CVE-2026-57950	ruoyi-vue-pro - Incorrect Permission Namespace in ErpSaleOrderController	29.06.2026
CVE-2026-57951	Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table	29.06.2026
CVE-2026-57952	Mythic < 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUID	29.06.2026
CVE-2026-57953	Mythic < 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook Endpoint	29.06.2026
CVE-2026-57954	Elide 7.1.17 - Permission Bypass in Sort Expression Validation	30.06.2026
CVE-2026-57955	SigNoz 0.130.1 - SQL Injection in Alert History Endpoints via Rule ID Parameter	29.06.2026
CVE-2026-57956	SigNoz 0.130.1 - Cross-Organization Insecure Direct Object Reference in Alert Rules	29.06.2026
CVE-2026-57957	Papermark 0.22.0 - CORS Misconfiguration in Viewer Upload Endpoint	30.06.2026
CVE-2026-57958	Mixpost 2.6.0 - Reflected XSS via OAuth Callback Error Parameter	29.06.2026
CVE-2026-57959	Hi.Events 1.9.0 - Promo Code Max-Usage Bypass via Asynchronous Job Race Condition	29.06.2026
CVE-2026-57960	Hi.Events 1.9.0 - Unauthenticated Attendee PII Exposure via Check-in List short_id	30.06.2026