Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21246
Total
1526
Critical
6466
High
6753
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-62198 | UNKNOWN | — | An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes … | Jun 22, 2026 |
| CVE-2026-8157 | UNKNOWN | — | The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST … | Jun 22, 2026 |
| CVE-2026-7859 | UNKNOWN | — | The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify … | Jun 22, 2026 |
| CVE-2026-6858 | UNKNOWN | — | The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against … | Jun 22, 2026 |
| CVE-2026-4259 | UNKNOWN | — | The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site … | Jun 22, 2026 |
| CVE-2026-4110 | UNKNOWN | — | The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site … | Jun 22, 2026 |
| CVE-2026-10530 | UNKNOWN | — | The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a … | Jun 22, 2026 |
| CVE-2026-6645 | UNKNOWN | — | An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level … | Jun 22, 2026 |
| CVE-2026-8918 | UNKNOWN | — | A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash … | Jun 22, 2026 |
| CVE-2026-11748 | UNKNOWN | — | A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing … | Jun 22, 2026 |
| CVE-2026-11746 | UNKNOWN | — | A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back … | Jun 22, 2026 |
| CVE-2026-11745 | UNKNOWN | — | A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// … | Jun 22, 2026 |
| CVE-2026-12823 | LOW | 3.3 | A security flaw has been discovered in Browserbase up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation … | Jun 22, 2026 |
| CVE-2026-12822 | MEDIUM | 5.3 | A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to … | Jun 22, 2026 |
| CVE-2026-12821 | MEDIUM | 6.3 | A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 … | Jun 22, 2026 |
| CVE-2026-12815 | MEDIUM | 6.3 | A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os … | Jun 22, 2026 |
| CVE-2026-12845 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | Jun 21, 2026 |
| CVE-2026-12814 | MEDIUM | 6.3 | A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=ping_config of the component … | Jun 21, 2026 |
| CVE-2026-12813 | MEDIUM | 6.3 | A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. … | Jun 21, 2026 |
| CVE-2026-12812 | LOW | 3.5 | A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The … | Jun 21, 2026 |
| CVE-2026-12811 | MEDIUM | 4.3 | A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/router.push of the file apps/frontend/src/app/auth/page.tsx of the … | Jun 21, 2026 |
| CVE-2026-12810 | MEDIUM | 6.3 | A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the … | Jun 21, 2026 |
| CVE-2026-12809 | MEDIUM | 6.3 | A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz_5in1_redirect of the file /goform/wiz_5in1_redirect of the component POST Request Handler. Such … | Jun 21, 2026 |
| CVE-2026-12808 | MEDIUM | 6.3 | A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainfo of the component POST Request Handler. This … | Jun 21, 2026 |
| CVE-2026-12807 | MEDIUM | 6.3 | A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of the component POST Request Handler. The … | Jun 21, 2026 |