Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23379
Total
1666
Critical
7346
High
7432
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-10580 | CRITICAL | 9.8 | The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and … | Jun 05, 2026 |
| CVE-2026-50733 | HIGH | 8.8 | Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScript execution. The flaw affects every render path … | Jun 05, 2026 |
| CVE-2026-49493 | HIGH | 8.8 | Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS(), which evaluates the block content as code via vm.runInNewContext(), allowing arbitrary code execution. … | Jun 05, 2026 |
| CVE-2026-49492 | HIGH | 8.8 | Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the … | Jun 05, 2026 |
| CVE-2026-45750 | CRITICAL | 9.0 | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in the … | Jun 05, 2026 |
| CVE-2026-45749 | HIGH | 8.1 | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /users/totp/disable` and `POST /users/totp/backup-codes` endpoints in Termix prior … | Jun 05, 2026 |
| CVE-2026-45748 | CRITICAL | 9.8 | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /ssh/tunnel/connect` endpoint in Termix prior to version 2.3.2 … | Jun 05, 2026 |
| CVE-2026-45746 | CRITICAL | 9.0 | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix … | Jun 05, 2026 |
| CVE-2026-45745 | HIGH | 8.0 | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop (Electron) disables TLS certificate … | Jun 05, 2026 |
| CVE-2026-45744 | CRITICAL | 9.9 | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in Termix … | Jun 05, 2026 |
| CVE-2026-45743 | HIGH | 8.1 | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do … | Jun 05, 2026 |
| CVE-2026-45327 | HIGH | 8.2 | TinyIce is a streaming server for audio and video. In versions 0.8.95 through 2.4.1, missing authentication on WebRTC ingest endpoint allows unauthenticated stream injection. Version … | Jun 05, 2026 |
| CVE-2026-45291 | HIGH | 7.5 | Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR3-20260418.124334-32` impacts publicly accessible software depending on the affected versions … | Jun 05, 2026 |
| CVE-2026-45290 | HIGH | 7.5 | Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR3-20260417.085727-30` impacts publicly accessible software depending on the affected versions … | Jun 05, 2026 |
| CVE-2026-36501 | UNKNOWN | — | An issue in the Externalizable.readExternal() component of Controller v12.0.5 allows attackers to cause a Denial of Service (DoS) via a crafted input. | Jun 05, 2026 |
| CVE-2026-36500 | UNKNOWN | — | An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request. | Jun 05, 2026 |
| CVE-2026-2379 | MEDIUM | 5.9 | On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface … | Jun 05, 2026 |
| CVE-2026-11344 | HIGH | 7.3 | A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown function of the file newdriver.php of the component New Driver Registration … | Jun 05, 2026 |
| CVE-2026-11342 | HIGH | 7.3 | A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of … | Jun 05, 2026 |
| CVE-2026-11341 | MEDIUM | 6.3 | A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of … | Jun 05, 2026 |
| CVE-2025-71318 | CRITICAL | 9.8 | NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages (such as administration.html, … | Jun 05, 2026 |
| CVE-2025-71317 | CRITICAL | 9.8 | NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the … | Jun 05, 2026 |
| CVE-2026-8714 | UNKNOWN | — | A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input. Crafted inputs can … | Jun 05, 2026 |
| CVE-2026-7473 | MEDIUM | 5.8 | On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is … | Jun 05, 2026 |
| CVE-2026-48112 | MEDIUM | 6.5 | 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF … | Jun 05, 2026 |