Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21246
Total
1526
Critical
6466
High
6753
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-49287 | HIGH | 7.4 | Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the … | Jun 19, 2026 |
| CVE-2026-49286 | HIGH | 8.1 | PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` guarded the output filename against … | Jun 19, 2026 |
| CVE-2026-49271 | MEDIUM | 6.5 | libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using … | Jun 19, 2026 |
| CVE-2019-25762 | HIGH | 7.5 | Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can … | Jun 19, 2026 |
| CVE-2019-25761 | HIGH | 7.1 | Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal_id … | Jun 19, 2026 |
| CVE-2019-25760 | MEDIUM | 6.2 | Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers … | Jun 19, 2026 |
| CVE-2019-25759 | HIGH | 7.1 | Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid … | Jun 19, 2026 |
| CVE-2019-25758 | HIGH | 8.8 | Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the … | Jun 19, 2026 |
| CVE-2019-25757 | HIGH | 7.1 | Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and … | Jun 19, 2026 |
| CVE-2019-25756 | HIGH | 8.2 | Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid … | Jun 19, 2026 |
| CVE-2019-25755 | HIGH | 8.2 | Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId … | Jun 19, 2026 |
| CVE-2019-25754 | HIGH | 8.2 | Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch … | Jun 19, 2026 |
| CVE-2019-25753 | HIGH | 8.2 | Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound … | Jun 19, 2026 |
| CVE-2019-25752 | HIGH | 8.2 | Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type … | Jun 19, 2026 |
| CVE-2019-25751 | HIGH | 8.2 | Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. … | Jun 19, 2026 |
| CVE-2019-25750 | HIGH | 8.2 | Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotel_id … | Jun 19, 2026 |
| CVE-2019-25749 | HIGH | 7.1 | Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guest_adult parameter. … | Jun 19, 2026 |
| CVE-2026-56211 | HIGH | 7.1 | A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC (Scalable Video Coding) … | Jun 19, 2026 |
| CVE-2026-56210 | HIGH | 7.1 | A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID … | Jun 19, 2026 |
| CVE-2026-56209 | HIGH | 7.1 | An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer … | Jun 19, 2026 |
| CVE-2026-56208 | HIGH | 7.6 | A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing (LAP) mode causes … | Jun 19, 2026 |
| CVE-2026-51846 | UNKNOWN | — | In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution. | Jun 19, 2026 |
| CVE-2026-51845 | UNKNOWN | — | Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter. | Jun 19, 2026 |
| CVE-2026-51844 | UNKNOWN | — | Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter. | Jun 19, 2026 |
| CVE-2026-51843 | UNKNOWN | — | Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter. | Jun 19, 2026 |