Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21951
Total
1564
Critical
6675
High
7022
Medium
CVE ID Severity Score Description Published
CVE-2026-34029 UNKNOWN The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse … Jun 15, 2026
CVE-2026-34028 UNKNOWN The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP … Jun 15, 2026
CVE-2026-34027 UNKNOWN The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled … Jun 15, 2026
CVE-2026-34026 UNKNOWN Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using … Jun 15, 2026
CVE-2026-34025 UNKNOWN The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP … Jun 15, 2026
CVE-2026-34024 UNKNOWN The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that … Jun 15, 2026
CVE-2026-34023 UNKNOWN The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid … Jun 15, 2026
CVE-2026-34022 UNKNOWN The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in … Jun 15, 2026
CVE-2026-34021 UNKNOWN The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access … Jun 15, 2026
CVE-2026-12057 HIGH 8.6 When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts … Jun 15, 2026
CVE-2026-50100 HIGH 7.8 Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker … Jun 15, 2026
CVE-2026-44188 MEDIUM 5.3 A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible … Jun 15, 2026
CVE-2026-11860 UNKNOWN Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject … Jun 15, 2026
CVE-2026-9278 MEDIUM 5.4 The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of … Jun 15, 2026
CVE-2026-8935 CRITICAL 9.8 The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend … Jun 15, 2026
CVE-2026-8386 MEDIUM 5.3 The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve … Jun 15, 2026
CVE-2026-8385 MEDIUM 5.3 The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing … Jun 15, 2026
CVE-2026-12223 MEDIUM 5.5 A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI … Jun 15, 2026
CVE-2026-12222 HIGH 8.0 A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a … Jun 15, 2026
CVE-2026-12221 HIGH 8.0 A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing … Jun 15, 2026
CVE-2026-12220 HIGH 8.0 A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. … Jun 15, 2026
CVE-2026-12219 MEDIUM 6.3 A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod_diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI … Jun 15, 2026
CVE-2026-12218 HIGH 8.0 A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. … Jun 15, 2026
CVE-2026-12217 HIGH 7.8 A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel … Jun 15, 2026
CVE-2026-12216 MEDIUM 5.3 A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file duk_api_bytecode.c. Executing a manipulation of … Jun 15, 2026