Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22296
Total
1591
Critical
6822
High
7139
Medium
CVE ID Severity Score Description Published
CVE-2026-47166 MEDIUM 5.7 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to … Jun 10, 2026
CVE-2026-47165 MEDIUM 4.1 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally … Jun 10, 2026
CVE-2026-46703 CRITICAL 9.6 Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior … Jun 10, 2026
CVE-2026-46695 CRITICAL 10.0 Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior … Jun 10, 2026
CVE-2026-46693 MEDIUM 4.1 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to … Jun 10, 2026
CVE-2026-46692 MEDIUM 4.1 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to … Jun 10, 2026
CVE-2026-46645 MEDIUM 4.3 SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_accessible() access control check that … Jun 10, 2026
CVE-2026-46559 MEDIUM 4.0 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 … Jun 10, 2026
CVE-2026-46557 MEDIUM 6.2 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack … Jun 10, 2026
CVE-2026-46521 MEDIUM 5.5 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the … Jun 10, 2026
CVE-2026-44693 HIGH 8.8 Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability … Jun 10, 2026
CVE-2026-42568 MEDIUM 4.3 Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username … Jun 10, 2026
CVE-2026-42563 UNKNOWN Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's `ProcessMergeDriver` substitutes the … Jun 10, 2026
CVE-2026-42558 HIGH 7.6 Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain … Jun 10, 2026
CVE-2026-42305 HIGH 8.8 Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write … Jun 10, 2026
CVE-2024-21944 MEDIUM 5.3 Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant … Jun 10, 2026
CVE-2026-53742 MEDIUM 5.4 Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft … Jun 10, 2026
CVE-2026-53741 MEDIUM 5.4 Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks … Jun 10, 2026
CVE-2026-53740 MEDIUM 5.4 Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy … Jun 10, 2026
CVE-2026-53739 MEDIUM 4.3 Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any … Jun 10, 2026
CVE-2026-53738 HIGH 8.1 Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can … Jun 10, 2026
CVE-2026-53737 MEDIUM 6.1 Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data … Jun 10, 2026
CVE-2026-53736 MEDIUM 4.3 Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonce verification. Attackers can trick an authenticated … Jun 10, 2026
CVE-2026-53634 MEDIUM 4.3 Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of … Jun 10, 2026
CVE-2026-50131 HIGH 8.6 Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL … Jun 10, 2026