Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21246
Total
1526
Critical
6466
High
6753
Medium
CVE ID Severity Score Description Published
CVE-2025-62198 UNKNOWN An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes … Jun 22, 2026
CVE-2026-8157 UNKNOWN The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST … Jun 22, 2026
CVE-2026-7859 UNKNOWN The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify … Jun 22, 2026
CVE-2026-6858 UNKNOWN The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against … Jun 22, 2026
CVE-2026-4259 UNKNOWN The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site … Jun 22, 2026
CVE-2026-4110 UNKNOWN The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site … Jun 22, 2026
CVE-2026-10530 UNKNOWN The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a … Jun 22, 2026
CVE-2026-6645 UNKNOWN An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level … Jun 22, 2026
CVE-2026-8918 UNKNOWN A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash … Jun 22, 2026
CVE-2026-11748 UNKNOWN A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing … Jun 22, 2026
CVE-2026-11746 UNKNOWN A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back … Jun 22, 2026
CVE-2026-11745 UNKNOWN A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// … Jun 22, 2026
CVE-2026-12823 LOW 3.3 A security flaw has been discovered in Browserbase up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation … Jun 22, 2026
CVE-2026-12822 MEDIUM 5.3 A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to … Jun 22, 2026
CVE-2026-12821 MEDIUM 6.3 A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 … Jun 22, 2026
CVE-2026-12815 MEDIUM 6.3 A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os … Jun 22, 2026
CVE-2026-12845 UNKNOWN Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … Jun 21, 2026
CVE-2026-12814 MEDIUM 6.3 A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=ping_config of the component … Jun 21, 2026
CVE-2026-12813 MEDIUM 6.3 A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. … Jun 21, 2026
CVE-2026-12812 LOW 3.5 A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The … Jun 21, 2026
CVE-2026-12811 MEDIUM 4.3 A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/router.push of the file apps/frontend/src/app/auth/page.tsx of the … Jun 21, 2026
CVE-2026-12810 MEDIUM 6.3 A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the … Jun 21, 2026
CVE-2026-12809 MEDIUM 6.3 A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz_5in1_redirect of the file /goform/wiz_5in1_redirect of the component POST Request Handler. Such … Jun 21, 2026
CVE-2026-12808 MEDIUM 6.3 A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainfo of the component POST Request Handler. This … Jun 21, 2026
CVE-2026-12807 MEDIUM 6.3 A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of the component POST Request Handler. The … Jun 21, 2026