Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23329
Total
1657
Critical
7330
High
7410
Medium
CVE ID Severity Score Description Published
CVE-2026-26422 HIGH 8.4 clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation. Jun 06, 2026
CVE-2026-36229 UNKNOWN Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not … Jun 06, 2026
CVE-2026-11441 MEDIUM 6.3 A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request … Jun 06, 2026
CVE-2026-11440 MEDIUM 6.3 A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/{projectId}/default-branch of the component REST API. This … Jun 06, 2026
CVE-2026-11439 MEDIUM 6.3 A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component … Jun 06, 2026
CVE-2026-11438 MEDIUM 6.3 A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation … Jun 06, 2026
CVE-2026-11437 HIGH 7.3 A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. … Jun 06, 2026
CVE-2026-11436 MEDIUM 4.3 A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mage_ai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing … Jun 06, 2026
CVE-2026-11435 HIGH 7.3 A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID … Jun 06, 2026
CVE-2026-11434 LOW 2.4 A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This … Jun 06, 2026
CVE-2026-11413 HIGH 8.8 A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The … Jun 06, 2026
CVE-2026-11412 MEDIUM 6.3 A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the … Jun 06, 2026
CVE-2026-11411 MEDIUM 4.4 A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing … Jun 06, 2026
CVE-2026-11408 MEDIUM 6.3 A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer … Jun 06, 2026
CVE-2026-11406 MEDIUM 6.3 A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import … Jun 06, 2026
CVE-2026-10725 UNKNOWN Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 … Jun 06, 2026
CVE-2026-9851 HIGH 7.2 The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to … Jun 06, 2026
CVE-2026-9829 MEDIUM 6.5 The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compact_album_order_by' Shortcode Parameter in all versions … Jun 06, 2026
CVE-2026-9594 MEDIUM 4.4 The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'location_messages' parameter in all versions … Jun 06, 2026
CVE-2026-9016 MEDIUM 5.3 The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up … Jun 06, 2026
CVE-2026-8839 MEDIUM 5.3 The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This … Jun 06, 2026
CVE-2026-8611 MEDIUM 4.3 The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the … Jun 06, 2026
CVE-2026-7624 MEDIUM 4.3 The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due … Jun 06, 2026
CVE-2026-9280 MEDIUM 6.1 The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in … Jun 06, 2026
CVE-2026-9197 MEDIUM 4.9 The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This … Jun 06, 2026