Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21951
Total
1564
Critical
6675
High
7022
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34029 | UNKNOWN | — | The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse … | Jun 15, 2026 |
| CVE-2026-34028 | UNKNOWN | — | The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP … | Jun 15, 2026 |
| CVE-2026-34027 | UNKNOWN | — | The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled … | Jun 15, 2026 |
| CVE-2026-34026 | UNKNOWN | — | Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using … | Jun 15, 2026 |
| CVE-2026-34025 | UNKNOWN | — | The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP … | Jun 15, 2026 |
| CVE-2026-34024 | UNKNOWN | — | The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that … | Jun 15, 2026 |
| CVE-2026-34023 | UNKNOWN | — | The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid … | Jun 15, 2026 |
| CVE-2026-34022 | UNKNOWN | — | The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in … | Jun 15, 2026 |
| CVE-2026-34021 | UNKNOWN | — | The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access … | Jun 15, 2026 |
| CVE-2026-12057 | HIGH | 8.6 | When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts … | Jun 15, 2026 |
| CVE-2026-50100 | HIGH | 7.8 | Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker … | Jun 15, 2026 |
| CVE-2026-44188 | MEDIUM | 5.3 | A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible … | Jun 15, 2026 |
| CVE-2026-11860 | UNKNOWN | — | Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject … | Jun 15, 2026 |
| CVE-2026-9278 | MEDIUM | 5.4 | The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of … | Jun 15, 2026 |
| CVE-2026-8935 | CRITICAL | 9.8 | The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend … | Jun 15, 2026 |
| CVE-2026-8386 | MEDIUM | 5.3 | The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve … | Jun 15, 2026 |
| CVE-2026-8385 | MEDIUM | 5.3 | The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing … | Jun 15, 2026 |
| CVE-2026-12223 | MEDIUM | 5.5 | A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI … | Jun 15, 2026 |
| CVE-2026-12222 | HIGH | 8.0 | A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a … | Jun 15, 2026 |
| CVE-2026-12221 | HIGH | 8.0 | A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing … | Jun 15, 2026 |
| CVE-2026-12220 | HIGH | 8.0 | A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. … | Jun 15, 2026 |
| CVE-2026-12219 | MEDIUM | 6.3 | A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod_diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI … | Jun 15, 2026 |
| CVE-2026-12218 | HIGH | 8.0 | A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. … | Jun 15, 2026 |
| CVE-2026-12217 | HIGH | 7.8 | A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel … | Jun 15, 2026 |
| CVE-2026-12216 | MEDIUM | 5.3 | A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file duk_api_bytecode.c. Executing a manipulation of … | Jun 15, 2026 |