Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20896
Total
1510
Critical
6356
High
6618
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-55488 | UNKNOWN | — | motionEye (mEye) is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to … | Jun 24, 2026 |
| CVE-2026-50712 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component | Jun 24, 2026 |
| CVE-2026-50711 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component. | Jun 24, 2026 |
| CVE-2026-50710 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component. | Jun 24, 2026 |
| CVE-2026-50709 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications > Events panel. | Jun 24, 2026 |
| CVE-2026-50708 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component. | Jun 24, 2026 |
| CVE-2026-50705 | UNKNOWN | — | A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer. | Jun 24, 2026 |
| CVE-2026-50704 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer. | Jun 24, 2026 |
| CVE-2026-50703 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer. | Jun 24, 2026 |
| CVE-2026-50701 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component. | Jun 24, 2026 |
| CVE-2026-50700 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.get_avatar function. | Jun 24, 2026 |
| CVE-2026-49269 | HIGH | 8.6 | Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader … | Jun 24, 2026 |
| CVE-2026-50699 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in … | Jun 24, 2026 |
| CVE-2026-50698 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the … | Jun 24, 2026 |
| CVE-2026-12986 | UNKNOWN | — | A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to … | Jun 24, 2026 |
| CVE-2026-11878 | UNKNOWN | — | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS). This issue affects Access Manager: from … | Jun 24, 2026 |
| CVE-2026-11877 | UNKNOWN | — | An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3. | Jun 24, 2026 |
| CVE-2026-57307 | MEDIUM | 4.2 | A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified … | Jun 24, 2026 |
| CVE-2026-57306 | MEDIUM | 4.2 | A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials … | Jun 24, 2026 |
| CVE-2026-57305 | MEDIUM | 5.4 | A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username … | Jun 24, 2026 |
| CVE-2026-57304 | MEDIUM | 5.4 | A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified … | Jun 24, 2026 |
| CVE-2026-57303 | HIGH | 7.1 | Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the … | Jun 24, 2026 |
| CVE-2026-57302 | MEDIUM | 4.3 | Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with … | Jun 24, 2026 |
| CVE-2026-57301 | HIGH | 8.8 | Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to … | Jun 24, 2026 |
| CVE-2026-57300 | MEDIUM | 4.3 | A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs … | Jun 24, 2026 |