Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21910
Total
1562
Critical
6654
High
7007
Medium
CVE ID Severity Score Description Published
CVE-2026-50876 UNKNOWN A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Jun 15, 2026
CVE-2026-50875 UNKNOWN Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted … Jun 15, 2026
CVE-2026-50874 UNKNOWN An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input. Jun 15, 2026
CVE-2026-50873 CRITICAL 9.8 An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or … Jun 15, 2026
CVE-2026-50872 CRITICAL 9.8 An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a … Jun 15, 2026
CVE-2026-50871 CRITICAL 9.8 An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying … Jun 15, 2026
CVE-2026-50870 HIGH 7.5 An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request. Jun 15, 2026
CVE-2026-50869 CRITICAL 9.8 An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request. Jun 15, 2026
CVE-2026-49954 HIGH 7.2 Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted … Jun 15, 2026
CVE-2026-49953 MEDIUM 6.5 Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and … Jun 15, 2026
CVE-2026-49952 CRITICAL 9.1 Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore … Jun 15, 2026
CVE-2026-48114 CRITICAL 9.8 Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the … Jun 15, 2026
CVE-2026-47835 HIGH 8.6 In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: … Jun 15, 2026
CVE-2026-45390 CRITICAL 9.1 In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, … Jun 15, 2026
CVE-2026-45389 CRITICAL 9.1 In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with … Jun 15, 2026
CVE-2026-45388 CRITICAL 9.1 In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not … Jun 15, 2026
CVE-2026-41708 HIGH 7.5 In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is … Jun 15, 2026
CVE-2026-39197 UNKNOWN An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service (DoS) via a crafted request or … Jun 15, 2026
CVE-2026-39196 CRITICAL 9.8 Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the set_uri_query parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to … Jun 15, 2026
CVE-2026-39118 UNKNOWN An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent … Jun 15, 2026
CVE-2026-39007 HIGH 7.5 An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component. Jun 15, 2026
CVE-2026-39006 CRITICAL 9.8 An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component. Jun 15, 2026
CVE-2026-38812 CRITICAL 9.8 RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with … Jun 15, 2026
CVE-2026-38329 CRITICAL 9.8 Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails to perform authorization checks … Jun 15, 2026
CVE-2026-38065 UNKNOWN Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter. Jun 15, 2026