Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21903
Total
1562
Critical
6654
High
7000
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6933 | HIGH | 8.8 | The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is … | Jun 16, 2026 |
| CVE-2026-5149 | MEDIUM | 6.5 | The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the get_submission_content AJAX … | Jun 16, 2026 |
| CVE-2026-50255 | MEDIUM | 6.7 | Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed … | Jun 16, 2026 |
| CVE-2026-10780 | MEDIUM | 4.3 | The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to … | Jun 16, 2026 |
| CVE-2026-10635 | MEDIUM | 6.3 | On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_domain_list, of active memory domains using a list node embedded … | Jun 16, 2026 |
| CVE-2025-10262 | MEDIUM | 6.3 | Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user … | Jun 16, 2026 |
| CVE-2026-6964 | MEDIUM | 5.3 | The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to … | Jun 16, 2026 |
| CVE-2026-7273 | HIGH | 8.8 | A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the … | Jun 16, 2026 |
| CVE-2026-42014 | MEDIUM | 6.6 | A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when … | Jun 16, 2026 |
| CVE-2026-1767 | MEDIUM | 5.6 | A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow … | Jun 16, 2026 |
| CVE-2026-1766 | MEDIUM | 5.6 | A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when … | Jun 16, 2026 |
| CVE-2026-1765 | MEDIUM | 5.6 | A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners). This vulnerability, a heap buffer overflow, occurs when processing specially … | Jun 16, 2026 |
| CVE-2026-1764 | MEDIUM | 5.6 | A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds … | Jun 16, 2026 |
| CVE-2026-12162 | MEDIUM | 5.5 | Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via … | Jun 16, 2026 |
| CVE-2026-12161 | HIGH | 8.8 | Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify … | Jun 16, 2026 |
| CVE-2026-9262 | MEDIUM | 6.5 | Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier | Jun 16, 2026 |
| CVE-2026-9261 | MEDIUM | 6.8 | Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier | Jun 16, 2026 |
| CVE-2026-9260 | MEDIUM | 6.2 | Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier | Jun 16, 2026 |
| CVE-2026-9259 | MEDIUM | 6.5 | Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier | Jun 16, 2026 |
| CVE-2026-9258 | MEDIUM | 6.5 | Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier | Jun 16, 2026 |
| CVE-2026-53430 | UNKNOWN | — | Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. … | Jun 15, 2026 |
| CVE-2026-48854 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming … | Jun 15, 2026 |
| CVE-2026-48853 | UNKNOWN | — | Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via … | Jun 15, 2026 |
| CVE-2026-48723 | HIGH | 7.8 | The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via … | Jun 15, 2026 |
| CVE-2026-48599 | UNKNOWN | — | Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting … | Jun 15, 2026 |