Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21987
Total
1565
Critical
6684
High
7043
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-11846 | HIGH | 8.1 | The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to … | Jun 12, 2026 |
| CVE-2026-11845 | HIGH | 7.2 | The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands … | Jun 12, 2026 |
| CVE-2026-11844 | MEDIUM | 4.9 | The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the … | Jun 12, 2026 |
| CVE-2026-12058 | UNKNOWN | — | The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed. | Jun 12, 2026 |
| CVE-2026-11535 | UNKNOWN | — | An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device. | Jun 12, 2026 |
| CVE-2026-9271 | MEDIUM | 5.9 | Vulnerability Title | Jun 12, 2026 |
| CVE-2026-9269 | LOW | 3.5 | The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high … | Jun 12, 2026 |
| CVE-2026-12060 | MEDIUM | 6.5 | Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a … | Jun 12, 2026 |
| CVE-2026-12059 | HIGH | 8.8 | The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and … | Jun 12, 2026 |
| CVE-2026-45169 | UNKNOWN | — | Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, … | Jun 12, 2026 |
| CVE-2026-44892 | HIGH | 7.5 | Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the `Http3ConnectionHandler` in the … | Jun 12, 2026 |
| CVE-2026-48613 | MEDIUM | 5.9 | SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. … | Jun 12, 2026 |
| CVE-2026-48612 | HIGH | 8.0 | Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to … | Jun 12, 2026 |
| CVE-2026-48611 | CRITICAL | 9.8 | Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations. | Jun 12, 2026 |
| CVE-2026-48610 | HIGH | 8.1 | Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS … | Jun 12, 2026 |
| CVE-2026-47370 | CRITICAL | 9.9 | A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS … | Jun 12, 2026 |
| CVE-2026-47369 | CRITICAL | 9.9 | A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS … | Jun 12, 2026 |
| CVE-2026-47368 | HIGH | 8.6 | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from … | Jun 12, 2026 |
| CVE-2026-47367 | CRITICAL | 9.9 | A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute … | Jun 12, 2026 |
| CVE-2026-47366 | HIGH | 7.2 | Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized … | Jun 12, 2026 |
| CVE-2026-47365 | CRITICAL | 9.9 | Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary … | Jun 12, 2026 |
| CVE-2026-20746 | UNKNOWN | — | Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled … | Jun 12, 2026 |
| CVE-2026-9125 | MEDIUM | 6.4 | The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_url' parameter of the [presto_player_overlay] shortcode in versions up to, and … | Jun 12, 2026 |
| CVE-2026-45170 | UNKNOWN | — | Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17 | Jun 12, 2026 |
| CVE-2026-11933 | HIGH | 8.8 | A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is … | Jun 12, 2026 |