Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21925
Total
1562
Critical
6664
High
7012
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6040 | UNKNOWN | — | A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against … | Jun 15, 2026 |
| CVE-2026-6039 | UNKNOWN | — | LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count … | Jun 15, 2026 |
| CVE-2026-49294 | MEDIUM | 6.1 | Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting … | Jun 15, 2026 |
| CVE-2026-47777 | HIGH | 7.5 | Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented … | Jun 15, 2026 |
| CVE-2026-20262 | MEDIUM | 6.5 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or … | Jun 15, 2026 |
| CVE-2026-9863 | HIGH | 7.5 | Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised … | Jun 15, 2026 |
| CVE-2026-9862 | CRITICAL | 9.8 | Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service … | Jun 15, 2026 |
| CVE-2026-9595 | MEDIUM | 5.3 | Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR WebSocket … | Jun 15, 2026 |
| CVE-2026-8683 | MEDIUM | 6.5 | Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious … | Jun 15, 2026 |
| CVE-2026-5038 | MEDIUM | 5.3 | Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned … | Jun 15, 2026 |
| CVE-2026-10634 | MEDIUM | 4.8 | Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CONTAINER_SAFE macro, which caches a pointer to the next list node. … | Jun 15, 2026 |
| CVE-2025-15659 | MEDIUM | 6.5 | Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions. | Jun 15, 2026 |
| CVE-2025-15658 | MEDIUM | 5.9 | Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions. | Jun 15, 2026 |
| CVE-2026-6517 | MEDIUM | 6.3 | Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop … | Jun 15, 2026 |
| CVE-2026-5242 | HIGH | 8.8 | Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from … | Jun 15, 2026 |
| CVE-2026-5233 | HIGH | 7.1 | Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250. | Jun 15, 2026 |
| CVE-2026-5230 | HIGH | 7.1 | Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: … | Jun 15, 2026 |
| CVE-2026-5079 | HIGH | 7.5 | Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The … | Jun 15, 2026 |
| CVE-2026-52704 | CRITICAL | 10.0 | Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF … | Jun 15, 2026 |
| CVE-2026-49111 | HIGH | 8.8 | Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0. | Jun 15, 2026 |
| CVE-2026-49064 | HIGH | 7.5 | Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49. | Jun 15, 2026 |
| CVE-2026-49062 | HIGH | 8.8 | Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue affects Faust.Js: from n/a through 1.8.7. | Jun 15, 2026 |
| CVE-2026-48969 | MEDIUM | 6.5 | Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 versions. | Jun 15, 2026 |
| CVE-2025-64215 | MEDIUM | 6.5 | Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before … | Jun 15, 2026 |
| CVE-2019-25746 | HIGH | 7.1 | WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' … | Jun 15, 2026 |