Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21903
Total
1562
Critical
6654
High
7000
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-48708 | HIGH | 7.5 | OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance … | Jun 15, 2026 |
| CVE-2026-48518 | MEDIUM | 4.3 | MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, … | Jun 15, 2026 |
| CVE-2026-48124 | UNKNOWN | — | Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from … | Jun 15, 2026 |
| CVE-2026-47825 | HIGH | 8.6 | Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway … | Jun 15, 2026 |
| CVE-2026-47261 | HIGH | 7.5 | Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, … | Jun 15, 2026 |
| CVE-2026-45441 | HIGH | 7.5 | Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions. | Jun 15, 2026 |
| CVE-2026-45439 | CRITICAL | 9.3 | Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 versions. | Jun 15, 2026 |
| CVE-2026-45437 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions. | Jun 15, 2026 |
| CVE-2026-42775 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions. | Jun 15, 2026 |
| CVE-2026-42752 | MEDIUM | 6.5 | Unauthenticated Bypass Vulnerability in Stripe Payments <= 2.0.98 versions. | Jun 15, 2026 |
| CVE-2026-42743 | MEDIUM | 6.5 | Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions. | Jun 15, 2026 |
| CVE-2026-42688 | MEDIUM | 6.5 | Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions. | Jun 15, 2026 |
| CVE-2026-42687 | HIGH | 8.1 | Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions. | Jun 15, 2026 |
| CVE-2026-42686 | HIGH | 7.1 | Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions. | Jun 15, 2026 |
| CVE-2026-42668 | HIGH | 7.5 | Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions. | Jun 15, 2026 |
| CVE-2026-42667 | HIGH | 7.5 | Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions. | Jun 15, 2026 |
| CVE-2026-42666 | HIGH | 7.5 | Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions. | Jun 15, 2026 |
| CVE-2026-42665 | CRITICAL | 9.3 | Unauthenticated SQL Injection in WP Data Access <= 5.5.70 versions. | Jun 15, 2026 |
| CVE-2026-42664 | HIGH | 8.2 | Unauthenticated Broken Access Control in AI Product Search for WooCommerce – Motive Commerce Search <= 1.38.2 versions. | Jun 15, 2026 |
| CVE-2026-42663 | MEDIUM | 6.5 | Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions. | Jun 15, 2026 |
| CVE-2026-42662 | MEDIUM | 6.5 | Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions. | Jun 15, 2026 |
| CVE-2026-42661 | HIGH | 8.8 | Custom role Path Traversal in WP Customer Area <= 8.3.4 versions. | Jun 15, 2026 |
| CVE-2026-42660 | MEDIUM | 6.5 | Subscriber Sensitive Data Exposure in Contest Gallery <= 28.1.7 versions. | Jun 15, 2026 |
| CVE-2026-42659 | MEDIUM | 6.5 | Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions. | Jun 15, 2026 |
| CVE-2026-42658 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions. | Jun 15, 2026 |