Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21880
Total
1559
Critical
6647
High
6994
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-49293 | HIGH | 7.5 | js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / … | Jun 19, 2026 |
| CVE-2026-49291 | HIGH | 8.1 | mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope … | Jun 19, 2026 |
| CVE-2026-49288 | MEDIUM | 4.3 | Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and … | Jun 19, 2026 |
| CVE-2026-27878 | MEDIUM | 6.5 | A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting … | Jun 19, 2026 |
| CVE-2026-12726 | MEDIUM | 6.3 | A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the controller stores the pull_request.statuses_url value from the webhook payload … | Jun 19, 2026 |
| CVE-2026-12238 | MEDIUM | 5.3 | The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. … | Jun 19, 2026 |
| CVE-2023-54357 | HIGH | 7.5 | Joomla com_booking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer … | Jun 19, 2026 |
| CVE-2026-49359 | MEDIUM | 6.5 | PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` fetches the content of option … | Jun 19, 2026 |
| CVE-2026-49290 | UNKNOWN | — | Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC (CDLC). Prior to 0.2.9-alpha.5, a path-traversal vulnerability in Slopsmith's archive … | Jun 19, 2026 |
| CVE-2026-49287 | HIGH | 7.4 | Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the … | Jun 19, 2026 |
| CVE-2026-49286 | HIGH | 8.1 | PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` guarded the output filename against … | Jun 19, 2026 |
| CVE-2026-49271 | MEDIUM | 6.5 | libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using … | Jun 19, 2026 |
| CVE-2019-25762 | HIGH | 7.5 | Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can … | Jun 19, 2026 |
| CVE-2019-25761 | HIGH | 7.1 | Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal_id … | Jun 19, 2026 |
| CVE-2019-25760 | MEDIUM | 6.2 | Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers … | Jun 19, 2026 |
| CVE-2019-25759 | HIGH | 7.1 | Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid … | Jun 19, 2026 |
| CVE-2019-25758 | HIGH | 8.8 | Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the … | Jun 19, 2026 |
| CVE-2019-25757 | HIGH | 7.1 | Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and … | Jun 19, 2026 |
| CVE-2019-25756 | HIGH | 8.2 | Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid … | Jun 19, 2026 |
| CVE-2019-25755 | HIGH | 8.2 | Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId … | Jun 19, 2026 |
| CVE-2019-25754 | HIGH | 8.2 | Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch … | Jun 19, 2026 |
| CVE-2019-25753 | HIGH | 8.2 | Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound … | Jun 19, 2026 |
| CVE-2019-25752 | HIGH | 8.2 | Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type … | Jun 19, 2026 |
| CVE-2019-25751 | HIGH | 8.2 | Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. … | Jun 19, 2026 |
| CVE-2019-25750 | HIGH | 8.2 | Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotel_id … | Jun 19, 2026 |