Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20896
Total
1510
Critical
6356
High
6618
Medium
CVE ID Severity Score Description Published
CVE-2026-55488 UNKNOWN motionEye (mEye) is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to … Jun 24, 2026
CVE-2026-50712 UNKNOWN A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component Jun 24, 2026
CVE-2026-50711 UNKNOWN A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component. Jun 24, 2026
CVE-2026-50710 UNKNOWN A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component. Jun 24, 2026
CVE-2026-50709 UNKNOWN A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications > Events panel. Jun 24, 2026
CVE-2026-50708 UNKNOWN A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component. Jun 24, 2026
CVE-2026-50705 UNKNOWN A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer. Jun 24, 2026
CVE-2026-50704 UNKNOWN A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer. Jun 24, 2026
CVE-2026-50703 UNKNOWN A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer. Jun 24, 2026
CVE-2026-50701 UNKNOWN A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component. Jun 24, 2026
CVE-2026-50700 UNKNOWN A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.get_avatar function. Jun 24, 2026
CVE-2026-49269 HIGH 8.6 Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader … Jun 24, 2026
CVE-2026-50699 UNKNOWN A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in … Jun 24, 2026
CVE-2026-50698 UNKNOWN A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the … Jun 24, 2026
CVE-2026-12986 UNKNOWN A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to … Jun 24, 2026
CVE-2026-11878 UNKNOWN Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS). This issue affects Access Manager: from … Jun 24, 2026
CVE-2026-11877 UNKNOWN An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3. Jun 24, 2026
CVE-2026-57307 MEDIUM 4.2 A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified … Jun 24, 2026
CVE-2026-57306 MEDIUM 4.2 A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials … Jun 24, 2026
CVE-2026-57305 MEDIUM 5.4 A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username … Jun 24, 2026
CVE-2026-57304 MEDIUM 5.4 A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified … Jun 24, 2026
CVE-2026-57303 HIGH 7.1 Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the … Jun 24, 2026
CVE-2026-57302 MEDIUM 4.3 Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with … Jun 24, 2026
CVE-2026-57301 HIGH 8.8 Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to … Jun 24, 2026
CVE-2026-57300 MEDIUM 4.3 A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs … Jun 24, 2026