Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22971
Total
1632
Critical
7220
High
7324
Medium
CVE ID Severity Score Description Published
CVE-2026-40984 HIGH 7.5 In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Affected versions: micrometer-core 1.16.0 … Jun 09, 2026
CVE-2026-40983 HIGH 7.5 In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition. Affected versions: Micrometer 1.16.0 … Jun 09, 2026
CVE-2026-26236 UNKNOWN A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized … Jun 09, 2026
CVE-2026-11623 MEDIUM 4.5 A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free of the file image.c. Such manipulation leads to use … Jun 09, 2026
CVE-2026-11603 MEDIUM 6.1 The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter in all versions up to, and including, … Jun 09, 2026
CVE-2026-10738 MEDIUM 6.4 The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax) in all versions up to, and including, … Jun 09, 2026
CVE-2026-10553 MEDIUM 4.3 The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to … Jun 09, 2026
CVE-2026-10024 MEDIUM 6.4 The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versions up to, and including, 1.0.0 … Jun 09, 2026
CVE-2026-7556 HIGH 7.2 The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, … Jun 09, 2026
CVE-2026-5714 MEDIUM 6.4 The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘location_dir’ parameter in all versions up to, and including, 4.1.8 … Jun 09, 2026
CVE-2026-11621 MEDIUM 4.7 A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. … Jun 09, 2026
CVE-2026-11620 MEDIUM 5.3 A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation … Jun 09, 2026
CVE-2026-11619 MEDIUM 6.3 A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component … Jun 09, 2026
CVE-2026-11618 HIGH 7.3 A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source … Jun 09, 2026
CVE-2026-10862 MEDIUM 6.4 The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due … Jun 09, 2026
CVE-2026-8795 HIGH 7.8 A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is … Jun 09, 2026
CVE-2026-44757 MEDIUM 4.7 SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected … Jun 09, 2026
CVE-2026-44755 MEDIUM 4.3 SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has … Jun 09, 2026
CVE-2026-44754 MEDIUM 6.6 The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are … Jun 09, 2026
CVE-2026-44751 HIGH 7.1 Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite … Jun 09, 2026
CVE-2026-44750 MEDIUM 4.3 SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions … Jun 09, 2026
CVE-2026-44748 CRITICAL 9.9 SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed … Jun 09, 2026
CVE-2026-44746 MEDIUM 6.1 Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver JAVA (JDBC Test Servlet), an unauthenticated attacker could craft a URL that embeds a … Jun 09, 2026
CVE-2026-44744 MEDIUM 6.5 SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database … Jun 09, 2026
CVE-2026-44743 LOW 3.7 Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the … Jun 09, 2026