Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22971
Total
1632
Critical
7220
High
7324
Medium
CVE ID Severity Score Description Published
CVE-2026-49738 UNKNOWN The path allowance check in GeneralUtility::isAllowedAbsPath() performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be … Jun 09, 2026
CVE-2026-47352 UNKNOWN Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted … Jun 09, 2026
CVE-2026-47351 UNKNOWN Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information … Jun 09, 2026
CVE-2026-47350 UNKNOWN Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions … Jun 09, 2026
CVE-2026-47349 UNKNOWN Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. … Jun 09, 2026
CVE-2026-47348 UNKNOWN Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index … Jun 09, 2026
CVE-2026-47347 UNKNOWN Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the … Jun 09, 2026
CVE-2026-47346 UNKNOWN Backend users with file write permissions were able to upload form definition files with mixed-case extensions (e.g., .FORM.YAML) to bypass the Form Framework's upload restriction. … Jun 09, 2026
CVE-2026-47343 UNKNOWN Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file … Jun 09, 2026
CVE-2026-11607 UNKNOWN Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying … Jun 09, 2026
CVE-2026-52902 MEDIUM 4.7 A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker … Jun 09, 2026
CVE-2026-4058 MEDIUM 4.3 The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due … Jun 09, 2026
CVE-2026-46749 HIGH 7.5 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a … Jun 09, 2026
CVE-2026-46748 HIGH 8.8 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with … Jun 09, 2026
CVE-2026-46747 MEDIUM 4.3 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in … Jun 09, 2026
CVE-2026-46746 HIGH 8.8 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input in the … Jun 09, 2026
CVE-2026-41031 HIGH 8.7 A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to … Jun 09, 2026
CVE-2026-24349 HIGH 7.1 A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified … Jun 09, 2026
CVE-2026-10731 UNKNOWN SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication (2FA) functionality can be accessed without prior … Jun 09, 2026
CVE-2025-40808 MEDIUM 6.1 A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC … Jun 09, 2026
CVE-2025-10263 CRITICAL 9.1 Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, … Jun 09, 2026
CVE-2026-8677 MEDIUM 6.4 The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings … Jun 09, 2026
CVE-2026-8599 MEDIUM 6.4 The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field … Jun 09, 2026
CVE-2026-8365 HIGH 8.8 The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 … Jun 09, 2026
CVE-2026-7542 MEDIUM 6.5 The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 7.0.10. This is due to three compounding … Jun 09, 2026