Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23596
Total
1679
Critical
7415
High
7509
Medium
CVE ID Severity Score Description Published
CVE-2026-10860 UNKNOWN A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to … Jun 04, 2026
CVE-2026-10812 LOW 3.6 A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component … Jun 04, 2026
CVE-2026-10811 MEDIUM 6.3 A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. Such … Jun 04, 2026
CVE-2026-8762 UNKNOWN Rejected reason: After analysis, the originally reported behaviour was determined not to constitute a security vulnerability. The findings were parser-strictness defects without an exploitable framing-disagreement … Jun 04, 2026
CVE-2026-8037 CRITICAL 9.6 OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance … Jun 04, 2026
CVE-2026-45433 UNKNOWN This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker … Jun 04, 2026
CVE-2026-43926 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint `/client/reset-password-confirm/:hash` is handled by a non-API … Jun 04, 2026
CVE-2026-40605 UNKNOWN Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion … Jun 04, 2026
CVE-2026-10861 UNKNOWN An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-login redirect destination without … Jun 04, 2026
CVE-2026-10856 UNKNOWN A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted … Jun 04, 2026
CVE-2026-10855 UNKNOWN An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a … Jun 04, 2026
CVE-2026-10854 UNKNOWN A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder … Jun 04, 2026
CVE-2026-10810 MEDIUM 4.3 A weakness has been identified in itsourcecode Fees Management System up to 1.0. Affected is an unknown function of the file /navbar.php. This manipulation of … Jun 04, 2026
CVE-2026-10809 MEDIUM 6.3 A security flaw has been discovered in itsourcecode Fees Management System 1.0. This impacts an unknown function of the file /manage_user.php. The manipulation of the … Jun 04, 2026
CVE-2026-10808 MEDIUM 6.3 A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown function of the file /manage_student.php. The manipulation of the argument ID … Jun 04, 2026
CVE-2026-10807 MEDIUM 6.3 A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of the argument pr_profile_image … Jun 04, 2026
CVE-2026-10806 MEDIUM 6.3 A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_file_to_post … Jun 04, 2026
CVE-2025-62338 LOW 3.3 HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure. Jun 04, 2026
CVE-2025-59874 HIGH 8.1 HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing … Jun 04, 2026
CVE-2025-46638 HIGH 7.5 Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to a … Jun 04, 2026
CVE-2019-25745 HIGH 8.2 WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code … Jun 04, 2026
CVE-2019-25744 MEDIUM 6.4 WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in … Jun 04, 2026
CVE-2019-25743 MEDIUM 6.4 WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post … Jun 04, 2026
CVE-2019-25742 MEDIUM 6.4 WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field … Jun 04, 2026
CVE-2019-25741 CRITICAL 9.8 Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to … Jun 04, 2026