Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23379
Total
1666
Critical
7346
High
7432
Medium
CVE ID Severity Score Description Published
CVE-2026-6240 UNKNOWN A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion … Jun 06, 2026
CVE-2026-6239 UNKNOWN A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of … Jun 06, 2026
CVE-2026-34123 UNKNOWN On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a logic … Jun 06, 2026
CVE-2026-10038 MEDIUM 4.3 The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / … Jun 06, 2026
CVE-2025-12656 LOW 3.8 The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in … Jun 06, 2026
CVE-2026-7654 HIGH 8.8 The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This … Jun 05, 2026
CVE-2026-7523 MEDIUM 4.3 The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin … Jun 05, 2026
CVE-2026-45409 UNKNOWN Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior … Jun 05, 2026
CVE-2026-11431 UNKNOWN A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a … Jun 05, 2026
CVE-2026-11429 UNKNOWN A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone … Jun 05, 2026
CVE-2026-11424 UNKNOWN A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit … Jun 05, 2026
CVE-2026-11416 HIGH 8.1 MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating … Jun 05, 2026
CVE-2026-36785 UNKNOWN Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability … Jun 05, 2026
CVE-2026-11423 UNKNOWN A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file … Jun 05, 2026
CVE-2026-11422 HIGH 7.1 Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript … Jun 05, 2026
CVE-2026-46493 HIGH 7.5 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use `uniqid` for generating salts, which is unsuitable. Version 26.0.1 … Jun 05, 2026
CVE-2026-46401 UNKNOWN HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens … Jun 05, 2026
CVE-2026-46400 UNKNOWN HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in … Jun 05, 2026
CVE-2026-46398 UNKNOWN HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcms_refresh_token cookie is set … Jun 05, 2026
CVE-2026-46397 MEDIUM 6.5 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS … Jun 05, 2026
CVE-2026-46357 MEDIUM 6.5 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker … Jun 05, 2026
CVE-2026-45779 UNKNOWN OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows … Jun 05, 2026
CVE-2026-45778 UNKNOWN OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open … Jun 05, 2026
CVE-2026-45777 UNKNOWN OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute … Jun 05, 2026
CVE-2026-45776 UNKNOWN OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an … Jun 05, 2026