Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21987
Total
1565
Critical
6684
High
7043
Medium
CVE ID Severity Score Description Published
CVE-2026-49482 MEDIUM 4.3 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters … Jun 12, 2026
CVE-2026-10676 UNKNOWN Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis determined that the addressed defect is not reachable in any … Jun 12, 2026
CVE-2026-47238 MEDIUM 6.5 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal authenticated user can edit another user's video subtitles … Jun 11, 2026
CVE-2026-45418 HIGH 8.8 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #132, any authenticated user who can upload videos can add multiple … Jun 11, 2026
CVE-2026-45060 CRITICAL 9.8 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress_video.php endpoint is vulnerable to blind SQL injection. Any … Jun 11, 2026
CVE-2026-42846 CRITICAL 9.8 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated user to add … Jun 11, 2026
CVE-2026-6250 UNKNOWN An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is … Jun 11, 2026
CVE-2026-49060 CRITICAL 9.8 Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4. Jun 11, 2026
CVE-2026-45174 UNKNOWN Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19 Jun 11, 2026
CVE-2026-45173 UNKNOWN Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If … Jun 11, 2026
CVE-2026-45172 UNKNOWN Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user … Jun 11, 2026
CVE-2026-45171 UNKNOWN Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged … Jun 11, 2026
CVE-2026-44890 HIGH 7.5 Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause … Jun 11, 2026
CVE-2026-44250 HIGH 7.5 Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause … Jun 11, 2026
CVE-2026-44249 HIGH 8.1 Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass … Jun 11, 2026
CVE-2026-42653 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS. This issue affects SliceWP: from n/a through 1.2.6. Jun 11, 2026
CVE-2026-42647 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from … Jun 11, 2026
CVE-2026-39494 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This … Jun 11, 2026
CVE-2026-12035 HIGH 8.8 Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted … Jun 11, 2026
CVE-2026-12034 HIGH 8.3 Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the … Jun 11, 2026
CVE-2026-12033 MEDIUM 5.3 Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially … Jun 11, 2026
CVE-2026-12032 LOW 3.1 Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site … Jun 11, 2026
CVE-2026-12031 HIGH 8.3 Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform … Jun 11, 2026
CVE-2026-12030 HIGH 8.3 Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to … Jun 11, 2026
CVE-2026-12029 HIGH 8.3 Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially … Jun 11, 2026