Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22193
Total
1583
Critical
6780
High
7106
Medium
CVE ID Severity Score Description Published
CVE-2026-47366 HIGH 7.2 Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized … Jun 12, 2026
CVE-2026-47365 CRITICAL 9.9 Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary … Jun 12, 2026
CVE-2026-20746 UNKNOWN Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled … Jun 12, 2026
CVE-2026-9125 MEDIUM 6.4 The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_url' parameter of the [presto_player_overlay] shortcode in versions up to, and … Jun 12, 2026
CVE-2026-45170 UNKNOWN Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17 Jun 12, 2026
CVE-2026-11933 HIGH 8.8 A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is … Jun 12, 2026
CVE-2026-49482 MEDIUM 4.3 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters … Jun 12, 2026
CVE-2026-10676 UNKNOWN Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis determined that the addressed defect is not reachable in any … Jun 12, 2026
CVE-2026-47238 MEDIUM 6.5 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal authenticated user can edit another user's video subtitles … Jun 11, 2026
CVE-2026-45418 HIGH 8.8 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #132, any authenticated user who can upload videos can add multiple … Jun 11, 2026
CVE-2026-45060 CRITICAL 9.8 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress_video.php endpoint is vulnerable to blind SQL injection. Any … Jun 11, 2026
CVE-2026-42846 CRITICAL 9.8 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated user to add … Jun 11, 2026
CVE-2026-6250 UNKNOWN An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is … Jun 11, 2026
CVE-2026-49060 CRITICAL 9.8 Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4. Jun 11, 2026
CVE-2026-45174 UNKNOWN Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19 Jun 11, 2026
CVE-2026-45173 UNKNOWN Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If … Jun 11, 2026
CVE-2026-45172 UNKNOWN Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user … Jun 11, 2026
CVE-2026-45171 UNKNOWN Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged … Jun 11, 2026
CVE-2026-44890 HIGH 7.5 Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause … Jun 11, 2026
CVE-2026-44250 HIGH 7.5 Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause … Jun 11, 2026
CVE-2026-44249 HIGH 8.1 Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass … Jun 11, 2026
CVE-2026-42653 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS. This issue affects SliceWP: from n/a through 1.2.6. Jun 11, 2026
CVE-2026-42647 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from … Jun 11, 2026
CVE-2026-39494 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This … Jun 11, 2026
CVE-2026-12035 HIGH 8.8 Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted … Jun 11, 2026