Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23287
Total
1655
Critical
7324
High
7394
Medium
CVE ID Severity Score Description Published
CVE-2026-5714 MEDIUM 6.4 The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘location_dir’ parameter in all versions up to, and including, 4.1.8 … Jun 09, 2026
CVE-2026-11621 MEDIUM 4.7 A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. … Jun 09, 2026
CVE-2026-11620 MEDIUM 5.3 A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation … Jun 09, 2026
CVE-2026-11619 MEDIUM 6.3 A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component … Jun 09, 2026
CVE-2026-11618 HIGH 7.3 A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source … Jun 09, 2026
CVE-2026-10862 MEDIUM 6.4 The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due … Jun 09, 2026
CVE-2026-8795 HIGH 7.8 A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is … Jun 09, 2026
CVE-2026-44757 MEDIUM 4.7 SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected … Jun 09, 2026
CVE-2026-44755 MEDIUM 4.3 SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has … Jun 09, 2026
CVE-2026-44754 MEDIUM 6.6 The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are … Jun 09, 2026
CVE-2026-44751 HIGH 7.1 Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite … Jun 09, 2026
CVE-2026-44750 MEDIUM 4.3 SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions … Jun 09, 2026
CVE-2026-44748 CRITICAL 9.9 SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed … Jun 09, 2026
CVE-2026-44746 MEDIUM 6.1 Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver JAVA (JDBC Test Servlet), an unauthenticated attacker could craft a URL that embeds a … Jun 09, 2026
CVE-2026-44744 MEDIUM 6.5 SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database … Jun 09, 2026
CVE-2026-44743 LOW 3.7 Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the … Jun 09, 2026
CVE-2026-40128 CRITICAL 9.0 SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path … Jun 09, 2026
CVE-2026-27671 CRITICAL 9.8 Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker … Jun 09, 2026
CVE-2026-24315 MEDIUM 4.2 SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could … Jun 09, 2026
CVE-2026-11701 MEDIUM 5.4 Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium … Jun 09, 2026
CVE-2026-11700 HIGH 8.3 Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a … Jun 09, 2026
CVE-2026-11699 HIGH 8.8 Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted … Jun 09, 2026
CVE-2026-11698 HIGH 8.8 Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted … Jun 09, 2026
CVE-2026-11697 CRITICAL 9.6 Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a … Jun 09, 2026
CVE-2026-11696 MEDIUM 5.3 Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially … Jun 09, 2026