Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20714
Total
1493
Critical
6288
High
6559
Medium
CVE ID Severity Score Description Published
CVE-2025-7958 UNKNOWN A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface … Jun 26, 2026
CVE-2026-6658 MEDIUM 5.4 A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized `text/vnd.mermaid` output in HTML exports. The `data_mermaid` block in `share/templates/lab/base.html.j2` renders … Jun 26, 2026
CVE-2026-1869 MEDIUM 6.5 The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is … Jun 26, 2026
CVE-2026-11702 HIGH 7.5 Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the … Jun 26, 2026
CVE-2026-11625 HIGH 7.5 Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is … Jun 26, 2026
CVE-2026-57881 CRITICAL 9.8 An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation … Jun 26, 2026
CVE-2026-57880 CRITICAL 9.8 An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking … Jun 26, 2026
CVE-2026-57879 CRITICAL 9.8 An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking … Jun 26, 2026
CVE-2026-57878 CRITICAL 9.8 An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking … Jun 26, 2026
CVE-2026-57877 HIGH 8.6 An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally … Jun 26, 2026
CVE-2026-57876 HIGH 7.5 An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when … Jun 26, 2026
CVE-2026-57875 HIGH 7.5 An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. … Jun 26, 2026
CVE-2026-57874 HIGH 7.5 An unauthenticated buffer overflow vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when … Jun 26, 2026
CVE-2026-57873 HIGH 7.5 An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of … Jun 26, 2026
CVE-2026-57872 HIGH 7.5 An unauthenticated directory traversal vulnerability exists in get_fcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied … Jun 26, 2026
CVE-2026-49486 HIGH 7.5 The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was … Jun 26, 2026
CVE-2026-2053 HIGH 8.3 The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows … Jun 26, 2026
CVE-2026-8380 MEDIUM 6.5 The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with … Jun 26, 2026
CVE-2026-10835 HIGH 7.7 The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using … Jun 26, 2026
CVE-2026-10823 HIGH 7.5 The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied … Jun 26, 2026
CVE-2025-10268 MEDIUM 5.3 The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker … Jun 26, 2026
CVE-2026-8797 UNKNOWN An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed … Jun 26, 2026
CVE-2026-8661 MEDIUM 4.8 Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote … Jun 26, 2026
CVE-2026-50745 MEDIUM 4.7 A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, … Jun 26, 2026
CVE-2026-50744 MEDIUM 4.3 A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID … Jun 26, 2026