Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21987
Total
1565
Critical
6684
High
7043
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-49482 | MEDIUM | 4.3 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters … | Jun 12, 2026 |
| CVE-2026-10676 | UNKNOWN | — | Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis determined that the addressed defect is not reachable in any … | Jun 12, 2026 |
| CVE-2026-47238 | MEDIUM | 6.5 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal authenticated user can edit another user's video subtitles … | Jun 11, 2026 |
| CVE-2026-45418 | HIGH | 8.8 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #132, any authenticated user who can upload videos can add multiple … | Jun 11, 2026 |
| CVE-2026-45060 | CRITICAL | 9.8 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress_video.php endpoint is vulnerable to blind SQL injection. Any … | Jun 11, 2026 |
| CVE-2026-42846 | CRITICAL | 9.8 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated user to add … | Jun 11, 2026 |
| CVE-2026-6250 | UNKNOWN | — | An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is … | Jun 11, 2026 |
| CVE-2026-49060 | CRITICAL | 9.8 | Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4. | Jun 11, 2026 |
| CVE-2026-45174 | UNKNOWN | — | Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19 | Jun 11, 2026 |
| CVE-2026-45173 | UNKNOWN | — | Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If … | Jun 11, 2026 |
| CVE-2026-45172 | UNKNOWN | — | Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user … | Jun 11, 2026 |
| CVE-2026-45171 | UNKNOWN | — | Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged … | Jun 11, 2026 |
| CVE-2026-44890 | HIGH | 7.5 | Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause … | Jun 11, 2026 |
| CVE-2026-44250 | HIGH | 7.5 | Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause … | Jun 11, 2026 |
| CVE-2026-44249 | HIGH | 8.1 | Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass … | Jun 11, 2026 |
| CVE-2026-42653 | HIGH | 7.1 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS. This issue affects SliceWP: from n/a through 1.2.6. | Jun 11, 2026 |
| CVE-2026-42647 | CRITICAL | 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from … | Jun 11, 2026 |
| CVE-2026-39494 | CRITICAL | 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This … | Jun 11, 2026 |
| CVE-2026-12035 | HIGH | 8.8 | Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted … | Jun 11, 2026 |
| CVE-2026-12034 | HIGH | 8.3 | Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the … | Jun 11, 2026 |
| CVE-2026-12033 | MEDIUM | 5.3 | Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially … | Jun 11, 2026 |
| CVE-2026-12032 | LOW | 3.1 | Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site … | Jun 11, 2026 |
| CVE-2026-12031 | HIGH | 8.3 | Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform … | Jun 11, 2026 |
| CVE-2026-12030 | HIGH | 8.3 | Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to … | Jun 11, 2026 |
| CVE-2026-12029 | HIGH | 8.3 | Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially … | Jun 11, 2026 |