Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22296
Total
1591
Critical
6822
High
7139
Medium
CVE ID Severity Score Description Published
CVE-2026-40992 MEDIUM 5.0 Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions: Spring … Jun 11, 2026
CVE-2026-40987 HIGH 7.1 A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content. Affected versions: Spring … Jun 11, 2026
CVE-2026-40986 MEDIUM 4.8 Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can result in … Jun 11, 2026
CVE-2026-10795 HIGH 8.1 The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the … Jun 11, 2026
CVE-2026-40985 MEDIUM 6.4 Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 … Jun 11, 2026
CVE-2026-35273 CRITICAL 9.8 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable … Jun 11, 2026
CVE-2026-2827 MEDIUM 4.7 The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum_location_notification' parameter in versions up to, and including, 1.4.31 … Jun 11, 2026
CVE-2026-53465 MEDIUM 6.2 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap … Jun 10, 2026
CVE-2026-53464 MEDIUM 4.0 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, when providing invalid options to the wand option … Jun 10, 2026
CVE-2026-53463 MEDIUM 4.3 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the … Jun 10, 2026
CVE-2026-53462 MEDIUM 5.9 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when an allocation fails in CheckPrimitiveExtent … Jun 10, 2026
CVE-2026-53461 HIGH 7.5 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON … Jun 10, 2026
CVE-2026-53460 HIGH 7.5 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory … Jun 10, 2026
CVE-2026-52726 HIGH 7.5 Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, `dulwich.porcelain.submodule_update`, and by extension … Jun 10, 2026
CVE-2026-50223 HIGH 8.8 Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection … Jun 10, 2026
CVE-2026-49219 MEDIUM 5.5 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename … Jun 10, 2026
CVE-2026-49218 HIGH 7.5 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM … Jun 10, 2026
CVE-2026-48994 MEDIUM 5.9 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return … Jun 10, 2026
CVE-2026-48734 MEDIUM 5.5 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result … Jun 10, 2026
CVE-2026-48733 MEDIUM 4.7 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search … Jun 10, 2026
CVE-2026-48724 MEDIUM 5.5 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg … Jun 10, 2026
CVE-2026-47734 MEDIUM 5.7 Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push … Jun 10, 2026
CVE-2026-47712 LOW 3.3 Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.format_patch(outdir=...) derives each patch … Jun 10, 2026
CVE-2026-47342 UNKNOWN A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are … Jun 10, 2026
CVE-2026-47213 MEDIUM 6.5 Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. In … Jun 10, 2026