Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21195
Total
1522
Critical
6451
High
6729
Medium
CVE ID Severity Score Description Published
CVE-2026-56222 HIGH 7.2 Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings that fails to verify app_id ownership during app-scoped role binding creation. An attacker with … Jun 23, 2026
CVE-2026-54892 UNKNOWN Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 (and Plug.Conn.Query.decode_each/2) parse query strings and application/x-www-form-urlencoded … Jun 23, 2026
CVE-2026-4610 MEDIUM 6.4 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pm_author_message' parameter in the pm_send_message_to_author function … Jun 23, 2026
CVE-2026-44089 UNKNOWN Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to … Jun 23, 2026
CVE-2026-10857 MEDIUM 6.1 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. … Jun 23, 2026
CVE-2026-10711 HIGH 8.8 Missing authentication for critical function vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. CafePlus allows Accessing Functionality Not Properly Constrained by ACLs. … Jun 23, 2026
CVE-2025-71376 HIGH 8.1 picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary … Jun 23, 2026
CVE-2025-71370 HIGH 8.1 picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and … Jun 23, 2026
CVE-2025-71365 HIGH 8.1 picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary … Jun 23, 2026
CVE-2025-71341 HIGH 8.1 picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious … Jun 23, 2026
CVE-2025-71337 HIGH 8.3 Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vulnerability. An authenticated user can change the account email address, used as … Jun 23, 2026
CVE-2023-54365 HIGH 7.5 Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation (CVE-2023-44487 / … Jun 23, 2026
CVE-2026-4983 MEDIUM 4.1 Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such … Jun 23, 2026
CVE-2026-11374 CRITICAL 9.0 In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an … Jun 23, 2026
CVE-2026-9733 CRITICAL 9.1 Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to … Jun 23, 2026
CVE-2026-10521 HIGH 7.2 An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This … Jun 23, 2026
CVE-2026-8379 HIGH 7.5 The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to … Jun 23, 2026
CVE-2026-8378 MEDIUM 5.4 The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoint before storing it … Jun 23, 2026
CVE-2026-8172 HIGH 7.1 The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, … Jun 23, 2026
CVE-2026-8163 HIGH 8.8 The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL … Jun 23, 2026
CVE-2026-7842 MEDIUM 6.8 The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the import_list(), url_detail(), … Jun 23, 2026
CVE-2026-12866 CRITICAL 9.8 All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by supplying crafted expressions … Jun 23, 2026
CVE-2026-55655 MEDIUM 5.0 A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by … Jun 23, 2026
CVE-2026-55654 LOW 3.7 A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators … Jun 23, 2026
CVE-2026-55653 MEDIUM 4.3 A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This … Jun 23, 2026