Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22971
Total
1632
Critical
7220
High
7324
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40984 | HIGH | 7.5 | In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Affected versions: micrometer-core 1.16.0 … | Jun 09, 2026 |
| CVE-2026-40983 | HIGH | 7.5 | In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition. Affected versions: Micrometer 1.16.0 … | Jun 09, 2026 |
| CVE-2026-26236 | UNKNOWN | — | A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized … | Jun 09, 2026 |
| CVE-2026-11623 | MEDIUM | 4.5 | A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free of the file image.c. Such manipulation leads to use … | Jun 09, 2026 |
| CVE-2026-11603 | MEDIUM | 6.1 | The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter in all versions up to, and including, … | Jun 09, 2026 |
| CVE-2026-10738 | MEDIUM | 6.4 | The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax) in all versions up to, and including, … | Jun 09, 2026 |
| CVE-2026-10553 | MEDIUM | 4.3 | The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to … | Jun 09, 2026 |
| CVE-2026-10024 | MEDIUM | 6.4 | The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versions up to, and including, 1.0.0 … | Jun 09, 2026 |
| CVE-2026-7556 | HIGH | 7.2 | The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, … | Jun 09, 2026 |
| CVE-2026-5714 | MEDIUM | 6.4 | The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘location_dir’ parameter in all versions up to, and including, 4.1.8 … | Jun 09, 2026 |
| CVE-2026-11621 | MEDIUM | 4.7 | A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. … | Jun 09, 2026 |
| CVE-2026-11620 | MEDIUM | 5.3 | A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation … | Jun 09, 2026 |
| CVE-2026-11619 | MEDIUM | 6.3 | A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component … | Jun 09, 2026 |
| CVE-2026-11618 | HIGH | 7.3 | A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source … | Jun 09, 2026 |
| CVE-2026-10862 | MEDIUM | 6.4 | The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due … | Jun 09, 2026 |
| CVE-2026-8795 | HIGH | 7.8 | A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is … | Jun 09, 2026 |
| CVE-2026-44757 | MEDIUM | 4.7 | SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected … | Jun 09, 2026 |
| CVE-2026-44755 | MEDIUM | 4.3 | SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has … | Jun 09, 2026 |
| CVE-2026-44754 | MEDIUM | 6.6 | The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are … | Jun 09, 2026 |
| CVE-2026-44751 | HIGH | 7.1 | Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite … | Jun 09, 2026 |
| CVE-2026-44750 | MEDIUM | 4.3 | SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions … | Jun 09, 2026 |
| CVE-2026-44748 | CRITICAL | 9.9 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed … | Jun 09, 2026 |
| CVE-2026-44746 | MEDIUM | 6.1 | Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver JAVA (JDBC Test Servlet), an unauthenticated attacker could craft a URL that embeds a … | Jun 09, 2026 |
| CVE-2026-44744 | MEDIUM | 6.5 | SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database … | Jun 09, 2026 |
| CVE-2026-44743 | LOW | 3.7 | Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the … | Jun 09, 2026 |