Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23287
Total
1655
Critical
7324
High
7394
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5714 | MEDIUM | 6.4 | The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘location_dir’ parameter in all versions up to, and including, 4.1.8 … | Jun 09, 2026 |
| CVE-2026-11621 | MEDIUM | 4.7 | A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. … | Jun 09, 2026 |
| CVE-2026-11620 | MEDIUM | 5.3 | A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation … | Jun 09, 2026 |
| CVE-2026-11619 | MEDIUM | 6.3 | A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component … | Jun 09, 2026 |
| CVE-2026-11618 | HIGH | 7.3 | A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source … | Jun 09, 2026 |
| CVE-2026-10862 | MEDIUM | 6.4 | The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due … | Jun 09, 2026 |
| CVE-2026-8795 | HIGH | 7.8 | A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is … | Jun 09, 2026 |
| CVE-2026-44757 | MEDIUM | 4.7 | SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected … | Jun 09, 2026 |
| CVE-2026-44755 | MEDIUM | 4.3 | SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has … | Jun 09, 2026 |
| CVE-2026-44754 | MEDIUM | 6.6 | The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are … | Jun 09, 2026 |
| CVE-2026-44751 | HIGH | 7.1 | Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite … | Jun 09, 2026 |
| CVE-2026-44750 | MEDIUM | 4.3 | SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions … | Jun 09, 2026 |
| CVE-2026-44748 | CRITICAL | 9.9 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed … | Jun 09, 2026 |
| CVE-2026-44746 | MEDIUM | 6.1 | Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver JAVA (JDBC Test Servlet), an unauthenticated attacker could craft a URL that embeds a … | Jun 09, 2026 |
| CVE-2026-44744 | MEDIUM | 6.5 | SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database … | Jun 09, 2026 |
| CVE-2026-44743 | LOW | 3.7 | Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the … | Jun 09, 2026 |
| CVE-2026-40128 | CRITICAL | 9.0 | SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path … | Jun 09, 2026 |
| CVE-2026-27671 | CRITICAL | 9.8 | Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker … | Jun 09, 2026 |
| CVE-2026-24315 | MEDIUM | 4.2 | SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could … | Jun 09, 2026 |
| CVE-2026-11701 | MEDIUM | 5.4 | Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium … | Jun 09, 2026 |
| CVE-2026-11700 | HIGH | 8.3 | Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a … | Jun 09, 2026 |
| CVE-2026-11699 | HIGH | 8.8 | Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted … | Jun 09, 2026 |
| CVE-2026-11698 | HIGH | 8.8 | Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted … | Jun 09, 2026 |
| CVE-2026-11697 | CRITICAL | 9.6 | Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a … | Jun 09, 2026 |
| CVE-2026-11696 | MEDIUM | 5.3 | Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially … | Jun 09, 2026 |