Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21246
Total
1526
Critical
6466
High
6753
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-56225 | HIGH | 8.3 | Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers (get/put/delete/post). API keys created with mode=all but restricted to a … | Jun 23, 2026 |
| CVE-2026-56222 | HIGH | 7.2 | Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings that fails to verify app_id ownership during app-scoped role binding creation. An attacker with … | Jun 23, 2026 |
| CVE-2026-54892 | UNKNOWN | — | Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 (and Plug.Conn.Query.decode_each/2) parse query strings and application/x-www-form-urlencoded … | Jun 23, 2026 |
| CVE-2026-4610 | MEDIUM | 6.4 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pm_author_message' parameter in the pm_send_message_to_author function … | Jun 23, 2026 |
| CVE-2026-44089 | UNKNOWN | — | Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to … | Jun 23, 2026 |
| CVE-2026-10857 | MEDIUM | 6.1 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. … | Jun 23, 2026 |
| CVE-2026-10711 | HIGH | 8.8 | Missing authentication for critical function vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. CafePlus allows Accessing Functionality Not Properly Constrained by ACLs. … | Jun 23, 2026 |
| CVE-2025-71376 | HIGH | 8.1 | picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary … | Jun 23, 2026 |
| CVE-2025-71370 | HIGH | 8.1 | picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and … | Jun 23, 2026 |
| CVE-2025-71365 | HIGH | 8.1 | picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary … | Jun 23, 2026 |
| CVE-2025-71341 | HIGH | 8.1 | picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious … | Jun 23, 2026 |
| CVE-2025-71337 | HIGH | 8.3 | Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vulnerability. An authenticated user can change the account email address, used as … | Jun 23, 2026 |
| CVE-2023-54365 | HIGH | 7.5 | Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation (CVE-2023-44487 / … | Jun 23, 2026 |
| CVE-2026-4983 | MEDIUM | 4.1 | Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such … | Jun 23, 2026 |
| CVE-2026-11374 | CRITICAL | 9.0 | In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an … | Jun 23, 2026 |
| CVE-2026-9733 | CRITICAL | 9.1 | Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to … | Jun 23, 2026 |
| CVE-2026-10521 | HIGH | 7.2 | An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This … | Jun 23, 2026 |
| CVE-2026-8379 | HIGH | 7.5 | The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to … | Jun 23, 2026 |
| CVE-2026-8378 | MEDIUM | 5.4 | The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoint before storing it … | Jun 23, 2026 |
| CVE-2026-8172 | HIGH | 7.1 | The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, … | Jun 23, 2026 |
| CVE-2026-8163 | HIGH | 8.8 | The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL … | Jun 23, 2026 |
| CVE-2026-7842 | MEDIUM | 6.8 | The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the import_list(), url_detail(), … | Jun 23, 2026 |
| CVE-2026-12866 | CRITICAL | 9.8 | All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by supplying crafted expressions … | Jun 23, 2026 |
| CVE-2026-55655 | MEDIUM | 5.0 | A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by … | Jun 23, 2026 |
| CVE-2026-55654 | LOW | 3.7 | A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators … | Jun 23, 2026 |