Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22296
Total
1591
Critical
6822
High
7139
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-47166 | MEDIUM | 5.7 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to … | Jun 10, 2026 |
| CVE-2026-47165 | MEDIUM | 4.1 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally … | Jun 10, 2026 |
| CVE-2026-46703 | CRITICAL | 9.6 | Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior … | Jun 10, 2026 |
| CVE-2026-46695 | CRITICAL | 10.0 | Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior … | Jun 10, 2026 |
| CVE-2026-46693 | MEDIUM | 4.1 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to … | Jun 10, 2026 |
| CVE-2026-46692 | MEDIUM | 4.1 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to … | Jun 10, 2026 |
| CVE-2026-46645 | MEDIUM | 4.3 | SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_accessible() access control check that … | Jun 10, 2026 |
| CVE-2026-46559 | MEDIUM | 4.0 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 … | Jun 10, 2026 |
| CVE-2026-46557 | MEDIUM | 6.2 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack … | Jun 10, 2026 |
| CVE-2026-46521 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the … | Jun 10, 2026 |
| CVE-2026-44693 | HIGH | 8.8 | Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability … | Jun 10, 2026 |
| CVE-2026-42568 | MEDIUM | 4.3 | Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username … | Jun 10, 2026 |
| CVE-2026-42563 | UNKNOWN | — | Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's `ProcessMergeDriver` substitutes the … | Jun 10, 2026 |
| CVE-2026-42558 | HIGH | 7.6 | Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain … | Jun 10, 2026 |
| CVE-2026-42305 | HIGH | 8.8 | Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write … | Jun 10, 2026 |
| CVE-2024-21944 | MEDIUM | 5.3 | Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant … | Jun 10, 2026 |
| CVE-2026-53742 | MEDIUM | 5.4 | Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft … | Jun 10, 2026 |
| CVE-2026-53741 | MEDIUM | 5.4 | Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks … | Jun 10, 2026 |
| CVE-2026-53740 | MEDIUM | 5.4 | Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy … | Jun 10, 2026 |
| CVE-2026-53739 | MEDIUM | 4.3 | Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any … | Jun 10, 2026 |
| CVE-2026-53738 | HIGH | 8.1 | Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can … | Jun 10, 2026 |
| CVE-2026-53737 | MEDIUM | 6.1 | Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data … | Jun 10, 2026 |
| CVE-2026-53736 | MEDIUM | 4.3 | Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonce verification. Attackers can trick an authenticated … | Jun 10, 2026 |
| CVE-2026-53634 | MEDIUM | 4.3 | Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of … | Jun 10, 2026 |
| CVE-2026-50131 | HIGH | 8.6 | Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL … | Jun 10, 2026 |