Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21925
Total
1562
Critical
6664
High
7012
Medium
CVE ID Severity Score Description Published
CVE-2026-6040 UNKNOWN A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against … Jun 15, 2026
CVE-2026-6039 UNKNOWN LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count … Jun 15, 2026
CVE-2026-49294 MEDIUM 6.1 Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting … Jun 15, 2026
CVE-2026-47777 HIGH 7.5 Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented … Jun 15, 2026
CVE-2026-20262 MEDIUM 6.5 A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or … Jun 15, 2026
CVE-2026-9863 HIGH 7.5 Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised … Jun 15, 2026
CVE-2026-9862 CRITICAL 9.8 Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service … Jun 15, 2026
CVE-2026-9595 MEDIUM 5.3 Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR WebSocket … Jun 15, 2026
CVE-2026-8683 MEDIUM 6.5 Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious … Jun 15, 2026
CVE-2026-5038 MEDIUM 5.3 Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned … Jun 15, 2026
CVE-2026-10634 MEDIUM 4.8 Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CONTAINER_SAFE macro, which caches a pointer to the next list node. … Jun 15, 2026
CVE-2025-15659 MEDIUM 6.5 Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions. Jun 15, 2026
CVE-2025-15658 MEDIUM 5.9 Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions. Jun 15, 2026
CVE-2026-6517 MEDIUM 6.3 Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop … Jun 15, 2026
CVE-2026-5242 HIGH 8.8 Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from … Jun 15, 2026
CVE-2026-5233 HIGH 7.1 Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250. Jun 15, 2026
CVE-2026-5230 HIGH 7.1 Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: … Jun 15, 2026
CVE-2026-5079 HIGH 7.5 Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The … Jun 15, 2026
CVE-2026-52704 CRITICAL 10.0 Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF … Jun 15, 2026
CVE-2026-49111 HIGH 8.8 Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0. Jun 15, 2026
CVE-2026-49064 HIGH 7.5 Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49. Jun 15, 2026
CVE-2026-49062 HIGH 8.8 Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue affects Faust.Js: from n/a through 1.8.7. Jun 15, 2026
CVE-2026-48969 MEDIUM 6.5 Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 versions. Jun 15, 2026
CVE-2025-64215 MEDIUM 6.5 Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before … Jun 15, 2026
CVE-2019-25746 HIGH 7.1 WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' … Jun 15, 2026