Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22796
Total
1628
Critical
7094
High
7273
Medium
CVE ID Severity Score Description Published
CVE-2026-52752 HIGH 7.8 Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious … Jun 10, 2026
CVE-2026-52751 HIGH 8.8 Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious … Jun 10, 2026
CVE-2026-52750 HIGH 7.8 Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary … Jun 10, 2026
CVE-2026-49498 HIGH 8.8 Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into … Jun 10, 2026
CVE-2026-49497 LOW 3.3 Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers … Jun 10, 2026
CVE-2026-49496 MEDIUM 6.1 Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by … Jun 10, 2026
CVE-2026-49495 MEDIUM 5.5 Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O … Jun 10, 2026
CVE-2026-49069 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through … Jun 10, 2026
CVE-2025-71330 HIGH 7.5 image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted … Jun 10, 2026
CVE-2025-71329 HIGH 7.5 image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted … Jun 10, 2026
CVE-2024-58350 LOW 2.9 Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. … Jun 10, 2026
CVE-2026-24067 HIGH 8.4 Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by … Jun 10, 2026
CVE-2026-24066 HIGH 8.4 Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by … Jun 10, 2026
CVE-2026-11859 UNKNOWN An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that … Jun 10, 2026
CVE-2026-3018 HIGH 7.5 The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in all versions up to, and including, 4.13 due to … Jun 10, 2026
CVE-2026-11853 MEDIUM 6.5 Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that … Jun 10, 2026
CVE-2026-11852 MEDIUM 6.5 Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create … Jun 10, 2026
CVE-2025-6254 CRITICAL 9.8 The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() … Jun 10, 2026
CVE-2026-9019 MEDIUM 6.4 The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'grid[properties][borderColor]' and 'grid[images][N][attachment_url]' Parameters in all versions up to, and including, … Jun 10, 2026
CVE-2026-8853 MEDIUM 4.4 The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 … Jun 10, 2026
CVE-2026-8613 MEDIUM 6.4 The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'title_tag' Widget Setting in all versions up to, and including, … Jun 10, 2026
CVE-2026-10721 UNKNOWN Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components. An unauthenticated attacker may … Jun 10, 2026
CVE-2026-9067 CRITICAL 9.1 The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and … Jun 10, 2026
CVE-2026-9060 LOW 3.5 The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store … Jun 10, 2026
CVE-2026-8071 HIGH 8.8 The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing … Jun 10, 2026