Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20714
Total
1493
Critical
6288
High
6559
Medium
CVE ID Severity Score Description Published
CVE-2025-64636 MEDIUM 5.3 Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions. Jun 26, 2026
CVE-2025-63079 MEDIUM 4.3 Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions. Jun 26, 2026
CVE-2025-63078 MEDIUM 4.3 Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions. Jun 26, 2026
CVE-2025-63041 MEDIUM 5.4 Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions. Jun 26, 2026
CVE-2026-57940 UNKNOWN HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed import functionality. The function get_feed() in system/admin/admin.php passes user-supplied $feed_url directly to … Jun 26, 2026
CVE-2026-57926 LOW 2.6 In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack Jun 26, 2026
CVE-2026-57925 MEDIUM 4.3 In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags Jun 26, 2026
CVE-2026-57924 MEDIUM 4.3 In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details Jun 26, 2026
CVE-2026-57923 MEDIUM 5.3 In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings Jun 26, 2026
CVE-2026-57922 LOW 3.1 In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible Jun 26, 2026
CVE-2026-57921 MEDIUM 4.3 In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint Jun 26, 2026
CVE-2026-53914 MEDIUM 6.7 In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata Jun 26, 2026
CVE-2026-13426 MEDIUM 5.4 The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API … Jun 26, 2026
CVE-2026-57920 HIGH 7.7 Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/{orgId} endpoints. Jun 26, 2026
CVE-2026-57915 HIGH 7.3 It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended … Jun 26, 2026
CVE-2026-40711 HIGH 8.0 Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS … Jun 26, 2026
CVE-2025-64152 CRITICAL 9.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from … Jun 26, 2026
CVE-2025-55017 CRITICAL 9.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 2.0.0 before 2.0.6, from … Jun 26, 2026
CVE-2026-57914 MEDIUM 6.5 By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to … Jun 26, 2026
CVE-2026-57620 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons … Jun 26, 2026
CVE-2026-57918 HIGH 7.1 libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when … Jun 26, 2026
CVE-2026-57913 HIGH 7.5 Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts. Jun 26, 2026
CVE-2026-57912 HIGH 7.5 Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers. Jun 26, 2026
CVE-2026-57473 UNKNOWN A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the possibility of brute-force cracking the … Jun 26, 2026
CVE-2026-13325 HIGH 8.5 A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain … Jun 26, 2026