Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22193
Total
1583
Critical
6780
High
7106
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-47366 | HIGH | 7.2 | Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized … | Jun 12, 2026 |
| CVE-2026-47365 | CRITICAL | 9.9 | Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary … | Jun 12, 2026 |
| CVE-2026-20746 | UNKNOWN | — | Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled … | Jun 12, 2026 |
| CVE-2026-9125 | MEDIUM | 6.4 | The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_url' parameter of the [presto_player_overlay] shortcode in versions up to, and … | Jun 12, 2026 |
| CVE-2026-45170 | UNKNOWN | — | Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17 | Jun 12, 2026 |
| CVE-2026-11933 | HIGH | 8.8 | A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is … | Jun 12, 2026 |
| CVE-2026-49482 | MEDIUM | 4.3 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters … | Jun 12, 2026 |
| CVE-2026-10676 | UNKNOWN | — | Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis determined that the addressed defect is not reachable in any … | Jun 12, 2026 |
| CVE-2026-47238 | MEDIUM | 6.5 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal authenticated user can edit another user's video subtitles … | Jun 11, 2026 |
| CVE-2026-45418 | HIGH | 8.8 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #132, any authenticated user who can upload videos can add multiple … | Jun 11, 2026 |
| CVE-2026-45060 | CRITICAL | 9.8 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress_video.php endpoint is vulnerable to blind SQL injection. Any … | Jun 11, 2026 |
| CVE-2026-42846 | CRITICAL | 9.8 | ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated user to add … | Jun 11, 2026 |
| CVE-2026-6250 | UNKNOWN | — | An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is … | Jun 11, 2026 |
| CVE-2026-49060 | CRITICAL | 9.8 | Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4. | Jun 11, 2026 |
| CVE-2026-45174 | UNKNOWN | — | Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19 | Jun 11, 2026 |
| CVE-2026-45173 | UNKNOWN | — | Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If … | Jun 11, 2026 |
| CVE-2026-45172 | UNKNOWN | — | Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user … | Jun 11, 2026 |
| CVE-2026-45171 | UNKNOWN | — | Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged … | Jun 11, 2026 |
| CVE-2026-44890 | HIGH | 7.5 | Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause … | Jun 11, 2026 |
| CVE-2026-44250 | HIGH | 7.5 | Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause … | Jun 11, 2026 |
| CVE-2026-44249 | HIGH | 8.1 | Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass … | Jun 11, 2026 |
| CVE-2026-42653 | HIGH | 7.1 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS. This issue affects SliceWP: from n/a through 1.2.6. | Jun 11, 2026 |
| CVE-2026-42647 | CRITICAL | 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from … | Jun 11, 2026 |
| CVE-2026-39494 | CRITICAL | 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This … | Jun 11, 2026 |
| CVE-2026-12035 | HIGH | 8.8 | Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted … | Jun 11, 2026 |