Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20714
Total
1493
Critical
6288
High
6559
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-7958 | UNKNOWN | — | A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface … | Jun 26, 2026 |
| CVE-2026-6658 | MEDIUM | 5.4 | A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized `text/vnd.mermaid` output in HTML exports. The `data_mermaid` block in `share/templates/lab/base.html.j2` renders … | Jun 26, 2026 |
| CVE-2026-1869 | MEDIUM | 6.5 | The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is … | Jun 26, 2026 |
| CVE-2026-11702 | HIGH | 7.5 | Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the … | Jun 26, 2026 |
| CVE-2026-11625 | HIGH | 7.5 | Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is … | Jun 26, 2026 |
| CVE-2026-57881 | CRITICAL | 9.8 | An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation … | Jun 26, 2026 |
| CVE-2026-57880 | CRITICAL | 9.8 | An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking … | Jun 26, 2026 |
| CVE-2026-57879 | CRITICAL | 9.8 | An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking … | Jun 26, 2026 |
| CVE-2026-57878 | CRITICAL | 9.8 | An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking … | Jun 26, 2026 |
| CVE-2026-57877 | HIGH | 8.6 | An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally … | Jun 26, 2026 |
| CVE-2026-57876 | HIGH | 7.5 | An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when … | Jun 26, 2026 |
| CVE-2026-57875 | HIGH | 7.5 | An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. … | Jun 26, 2026 |
| CVE-2026-57874 | HIGH | 7.5 | An unauthenticated buffer overflow vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when … | Jun 26, 2026 |
| CVE-2026-57873 | HIGH | 7.5 | An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of … | Jun 26, 2026 |
| CVE-2026-57872 | HIGH | 7.5 | An unauthenticated directory traversal vulnerability exists in get_fcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied … | Jun 26, 2026 |
| CVE-2026-49486 | HIGH | 7.5 | The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was … | Jun 26, 2026 |
| CVE-2026-2053 | HIGH | 8.3 | The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows … | Jun 26, 2026 |
| CVE-2026-8380 | MEDIUM | 6.5 | The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with … | Jun 26, 2026 |
| CVE-2026-10835 | HIGH | 7.7 | The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using … | Jun 26, 2026 |
| CVE-2026-10823 | HIGH | 7.5 | The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied … | Jun 26, 2026 |
| CVE-2025-10268 | MEDIUM | 5.3 | The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker … | Jun 26, 2026 |
| CVE-2026-8797 | UNKNOWN | — | An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed … | Jun 26, 2026 |
| CVE-2026-8661 | MEDIUM | 4.8 | Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote … | Jun 26, 2026 |
| CVE-2026-50745 | MEDIUM | 4.7 | A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, … | Jun 26, 2026 |
| CVE-2026-50744 | MEDIUM | 4.3 | A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID … | Jun 26, 2026 |