Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21880
Total
1559
Critical
6647
High
6994
Medium
CVE ID Severity Score Description Published
CVE-2026-49293 HIGH 7.5 js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / … Jun 19, 2026
CVE-2026-49291 HIGH 8.1 mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope … Jun 19, 2026
CVE-2026-49288 MEDIUM 4.3 Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and … Jun 19, 2026
CVE-2026-27878 MEDIUM 6.5 A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting … Jun 19, 2026
CVE-2026-12726 MEDIUM 6.3 A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the controller stores the pull_request.statuses_url value from the webhook payload … Jun 19, 2026
CVE-2026-12238 MEDIUM 5.3 The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. … Jun 19, 2026
CVE-2023-54357 HIGH 7.5 Joomla com_booking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer … Jun 19, 2026
CVE-2026-49359 MEDIUM 6.5 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` fetches the content of option … Jun 19, 2026
CVE-2026-49290 UNKNOWN Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC (CDLC). Prior to 0.2.9-alpha.5, a path-traversal vulnerability in Slopsmith's archive … Jun 19, 2026
CVE-2026-49287 HIGH 7.4 Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the … Jun 19, 2026
CVE-2026-49286 HIGH 8.1 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` guarded the output filename against … Jun 19, 2026
CVE-2026-49271 MEDIUM 6.5 libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using … Jun 19, 2026
CVE-2019-25762 HIGH 7.5 Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can … Jun 19, 2026
CVE-2019-25761 HIGH 7.1 Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal_id … Jun 19, 2026
CVE-2019-25760 MEDIUM 6.2 Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers … Jun 19, 2026
CVE-2019-25759 HIGH 7.1 Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid … Jun 19, 2026
CVE-2019-25758 HIGH 8.8 Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the … Jun 19, 2026
CVE-2019-25757 HIGH 7.1 Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and … Jun 19, 2026
CVE-2019-25756 HIGH 8.2 Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid … Jun 19, 2026
CVE-2019-25755 HIGH 8.2 Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId … Jun 19, 2026
CVE-2019-25754 HIGH 8.2 Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch … Jun 19, 2026
CVE-2019-25753 HIGH 8.2 Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound … Jun 19, 2026
CVE-2019-25752 HIGH 8.2 Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type … Jun 19, 2026
CVE-2019-25751 HIGH 8.2 Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. … Jun 19, 2026
CVE-2019-25750 HIGH 8.2 Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotel_id … Jun 19, 2026