Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20714
Total
1493
Critical
6288
High
6559
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-64636 | MEDIUM | 5.3 | Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions. | Jun 26, 2026 |
| CVE-2025-63079 | MEDIUM | 4.3 | Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions. | Jun 26, 2026 |
| CVE-2025-63078 | MEDIUM | 4.3 | Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions. | Jun 26, 2026 |
| CVE-2025-63041 | MEDIUM | 5.4 | Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions. | Jun 26, 2026 |
| CVE-2026-57940 | UNKNOWN | — | HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed import functionality. The function get_feed() in system/admin/admin.php passes user-supplied $feed_url directly to … | Jun 26, 2026 |
| CVE-2026-57926 | LOW | 2.6 | In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack | Jun 26, 2026 |
| CVE-2026-57925 | MEDIUM | 4.3 | In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags | Jun 26, 2026 |
| CVE-2026-57924 | MEDIUM | 4.3 | In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details | Jun 26, 2026 |
| CVE-2026-57923 | MEDIUM | 5.3 | In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings | Jun 26, 2026 |
| CVE-2026-57922 | LOW | 3.1 | In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible | Jun 26, 2026 |
| CVE-2026-57921 | MEDIUM | 4.3 | In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint | Jun 26, 2026 |
| CVE-2026-53914 | MEDIUM | 6.7 | In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata | Jun 26, 2026 |
| CVE-2026-13426 | MEDIUM | 5.4 | The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API … | Jun 26, 2026 |
| CVE-2026-57920 | HIGH | 7.7 | Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/{orgId} endpoints. | Jun 26, 2026 |
| CVE-2026-57915 | HIGH | 7.3 | It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended … | Jun 26, 2026 |
| CVE-2026-40711 | HIGH | 8.0 | Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS … | Jun 26, 2026 |
| CVE-2025-64152 | CRITICAL | 9.1 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from … | Jun 26, 2026 |
| CVE-2025-55017 | CRITICAL | 9.1 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 2.0.0 before 2.0.6, from … | Jun 26, 2026 |
| CVE-2026-57914 | MEDIUM | 6.5 | By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to … | Jun 26, 2026 |
| CVE-2026-57620 | MEDIUM | 6.5 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons … | Jun 26, 2026 |
| CVE-2026-57918 | HIGH | 7.1 | libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when … | Jun 26, 2026 |
| CVE-2026-57913 | HIGH | 7.5 | Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts. | Jun 26, 2026 |
| CVE-2026-57912 | HIGH | 7.5 | Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers. | Jun 26, 2026 |
| CVE-2026-57473 | UNKNOWN | — | A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the possibility of brute-force cracking the … | Jun 26, 2026 |
| CVE-2026-13325 | HIGH | 8.5 | A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain … | Jun 26, 2026 |