Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22296
Total
1591
Critical
6822
High
7139
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40992 | MEDIUM | 5.0 | Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions: Spring … | Jun 11, 2026 |
| CVE-2026-40987 | HIGH | 7.1 | A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content. Affected versions: Spring … | Jun 11, 2026 |
| CVE-2026-40986 | MEDIUM | 4.8 | Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can result in … | Jun 11, 2026 |
| CVE-2026-10795 | HIGH | 8.1 | The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the … | Jun 11, 2026 |
| CVE-2026-40985 | MEDIUM | 6.4 | Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 … | Jun 11, 2026 |
| CVE-2026-35273 | CRITICAL | 9.8 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable … | Jun 11, 2026 |
| CVE-2026-2827 | MEDIUM | 4.7 | The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum_location_notification' parameter in versions up to, and including, 1.4.31 … | Jun 11, 2026 |
| CVE-2026-53465 | MEDIUM | 6.2 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap … | Jun 10, 2026 |
| CVE-2026-53464 | MEDIUM | 4.0 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, when providing invalid options to the wand option … | Jun 10, 2026 |
| CVE-2026-53463 | MEDIUM | 4.3 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the … | Jun 10, 2026 |
| CVE-2026-53462 | MEDIUM | 5.9 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when an allocation fails in CheckPrimitiveExtent … | Jun 10, 2026 |
| CVE-2026-53461 | HIGH | 7.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON … | Jun 10, 2026 |
| CVE-2026-53460 | HIGH | 7.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory … | Jun 10, 2026 |
| CVE-2026-52726 | HIGH | 7.5 | Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, `dulwich.porcelain.submodule_update`, and by extension … | Jun 10, 2026 |
| CVE-2026-50223 | HIGH | 8.8 | Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection … | Jun 10, 2026 |
| CVE-2026-49219 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename … | Jun 10, 2026 |
| CVE-2026-49218 | HIGH | 7.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM … | Jun 10, 2026 |
| CVE-2026-48994 | MEDIUM | 5.9 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return … | Jun 10, 2026 |
| CVE-2026-48734 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result … | Jun 10, 2026 |
| CVE-2026-48733 | MEDIUM | 4.7 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search … | Jun 10, 2026 |
| CVE-2026-48724 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg … | Jun 10, 2026 |
| CVE-2026-47734 | MEDIUM | 5.7 | Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push … | Jun 10, 2026 |
| CVE-2026-47712 | LOW | 3.3 | Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.format_patch(outdir=...) derives each patch … | Jun 10, 2026 |
| CVE-2026-47342 | UNKNOWN | — | A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are … | Jun 10, 2026 |
| CVE-2026-47213 | MEDIUM | 6.5 | Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. In … | Jun 10, 2026 |