Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23329
Total
1657
Critical
7330
High
7410
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-26422 | HIGH | 8.4 | clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation. | Jun 06, 2026 |
| CVE-2026-36229 | UNKNOWN | — | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not … | Jun 06, 2026 |
| CVE-2026-11441 | MEDIUM | 6.3 | A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request … | Jun 06, 2026 |
| CVE-2026-11440 | MEDIUM | 6.3 | A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/{projectId}/default-branch of the component REST API. This … | Jun 06, 2026 |
| CVE-2026-11439 | MEDIUM | 6.3 | A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component … | Jun 06, 2026 |
| CVE-2026-11438 | MEDIUM | 6.3 | A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation … | Jun 06, 2026 |
| CVE-2026-11437 | HIGH | 7.3 | A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. … | Jun 06, 2026 |
| CVE-2026-11436 | MEDIUM | 4.3 | A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mage_ai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing … | Jun 06, 2026 |
| CVE-2026-11435 | HIGH | 7.3 | A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID … | Jun 06, 2026 |
| CVE-2026-11434 | LOW | 2.4 | A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This … | Jun 06, 2026 |
| CVE-2026-11413 | HIGH | 8.8 | A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The … | Jun 06, 2026 |
| CVE-2026-11412 | MEDIUM | 6.3 | A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the … | Jun 06, 2026 |
| CVE-2026-11411 | MEDIUM | 4.4 | A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing … | Jun 06, 2026 |
| CVE-2026-11408 | MEDIUM | 6.3 | A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer … | Jun 06, 2026 |
| CVE-2026-11406 | MEDIUM | 6.3 | A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import … | Jun 06, 2026 |
| CVE-2026-10725 | UNKNOWN | — | Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 … | Jun 06, 2026 |
| CVE-2026-9851 | HIGH | 7.2 | The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to … | Jun 06, 2026 |
| CVE-2026-9829 | MEDIUM | 6.5 | The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compact_album_order_by' Shortcode Parameter in all versions … | Jun 06, 2026 |
| CVE-2026-9594 | MEDIUM | 4.4 | The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'location_messages' parameter in all versions … | Jun 06, 2026 |
| CVE-2026-9016 | MEDIUM | 5.3 | The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up … | Jun 06, 2026 |
| CVE-2026-8839 | MEDIUM | 5.3 | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This … | Jun 06, 2026 |
| CVE-2026-8611 | MEDIUM | 4.3 | The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the … | Jun 06, 2026 |
| CVE-2026-7624 | MEDIUM | 4.3 | The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due … | Jun 06, 2026 |
| CVE-2026-9280 | MEDIUM | 6.1 | The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in … | Jun 06, 2026 |
| CVE-2026-9197 | MEDIUM | 4.9 | The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This … | Jun 06, 2026 |