Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21910
Total
1562
Critical
6654
High
7007
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-50876 | UNKNOWN | — | A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | Jun 15, 2026 |
| CVE-2026-50875 | UNKNOWN | — | Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted … | Jun 15, 2026 |
| CVE-2026-50874 | UNKNOWN | — | An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input. | Jun 15, 2026 |
| CVE-2026-50873 | CRITICAL | 9.8 | An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or … | Jun 15, 2026 |
| CVE-2026-50872 | CRITICAL | 9.8 | An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a … | Jun 15, 2026 |
| CVE-2026-50871 | CRITICAL | 9.8 | An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying … | Jun 15, 2026 |
| CVE-2026-50870 | HIGH | 7.5 | An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request. | Jun 15, 2026 |
| CVE-2026-50869 | CRITICAL | 9.8 | An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request. | Jun 15, 2026 |
| CVE-2026-49954 | HIGH | 7.2 | Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted … | Jun 15, 2026 |
| CVE-2026-49953 | MEDIUM | 6.5 | Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and … | Jun 15, 2026 |
| CVE-2026-49952 | CRITICAL | 9.1 | Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore … | Jun 15, 2026 |
| CVE-2026-48114 | CRITICAL | 9.8 | Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the … | Jun 15, 2026 |
| CVE-2026-47835 | HIGH | 8.6 | In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: … | Jun 15, 2026 |
| CVE-2026-45390 | CRITICAL | 9.1 | In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, … | Jun 15, 2026 |
| CVE-2026-45389 | CRITICAL | 9.1 | In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with … | Jun 15, 2026 |
| CVE-2026-45388 | CRITICAL | 9.1 | In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not … | Jun 15, 2026 |
| CVE-2026-41708 | HIGH | 7.5 | In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is … | Jun 15, 2026 |
| CVE-2026-39197 | UNKNOWN | — | An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service (DoS) via a crafted request or … | Jun 15, 2026 |
| CVE-2026-39196 | CRITICAL | 9.8 | Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the set_uri_query parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to … | Jun 15, 2026 |
| CVE-2026-39118 | UNKNOWN | — | An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent … | Jun 15, 2026 |
| CVE-2026-39007 | HIGH | 7.5 | An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component. | Jun 15, 2026 |
| CVE-2026-39006 | CRITICAL | 9.8 | An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component. | Jun 15, 2026 |
| CVE-2026-38812 | CRITICAL | 9.8 | RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with … | Jun 15, 2026 |
| CVE-2026-38329 | CRITICAL | 9.8 | Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails to perform authorization checks … | Jun 15, 2026 |
| CVE-2026-38065 | UNKNOWN | — | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter. | Jun 15, 2026 |