Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21903
Total
1562
Critical
6654
High
7000
Medium
CVE ID Severity Score Description Published
CVE-2026-6933 HIGH 8.8 The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is … Jun 16, 2026
CVE-2026-5149 MEDIUM 6.5 The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the get_submission_content AJAX … Jun 16, 2026
CVE-2026-50255 MEDIUM 6.7 Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed … Jun 16, 2026
CVE-2026-10780 MEDIUM 4.3 The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to … Jun 16, 2026
CVE-2026-10635 MEDIUM 6.3 On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_domain_list, of active memory domains using a list node embedded … Jun 16, 2026
CVE-2025-10262 MEDIUM 6.3 Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user … Jun 16, 2026
CVE-2026-6964 MEDIUM 5.3 The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to … Jun 16, 2026
CVE-2026-7273 HIGH 8.8 A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the … Jun 16, 2026
CVE-2026-42014 MEDIUM 6.6 A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when … Jun 16, 2026
CVE-2026-1767 MEDIUM 5.6 A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow … Jun 16, 2026
CVE-2026-1766 MEDIUM 5.6 A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when … Jun 16, 2026
CVE-2026-1765 MEDIUM 5.6 A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners). This vulnerability, a heap buffer overflow, occurs when processing specially … Jun 16, 2026
CVE-2026-1764 MEDIUM 5.6 A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds … Jun 16, 2026
CVE-2026-12162 MEDIUM 5.5 Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via … Jun 16, 2026
CVE-2026-12161 HIGH 8.8 Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify … Jun 16, 2026
CVE-2026-9262 MEDIUM 6.5 Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier Jun 16, 2026
CVE-2026-9261 MEDIUM 6.8 Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier Jun 16, 2026
CVE-2026-9260 MEDIUM 6.2 Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier Jun 16, 2026
CVE-2026-9259 MEDIUM 6.5 Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier Jun 16, 2026
CVE-2026-9258 MEDIUM 6.5 Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier Jun 16, 2026
CVE-2026-53430 UNKNOWN Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. … Jun 15, 2026
CVE-2026-48854 UNKNOWN Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming … Jun 15, 2026
CVE-2026-48853 UNKNOWN Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via … Jun 15, 2026
CVE-2026-48723 HIGH 7.8 The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via … Jun 15, 2026
CVE-2026-48599 UNKNOWN Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting … Jun 15, 2026