Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23596
Total
1679
Critical
7415
High
7509
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-10860 | UNKNOWN | — | A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to … | Jun 04, 2026 |
| CVE-2026-10812 | LOW | 3.6 | A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component … | Jun 04, 2026 |
| CVE-2026-10811 | MEDIUM | 6.3 | A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. Such … | Jun 04, 2026 |
| CVE-2026-8762 | UNKNOWN | — | Rejected reason: After analysis, the originally reported behaviour was determined not to constitute a security vulnerability. The findings were parser-strictness defects without an exploitable framing-disagreement … | Jun 04, 2026 |
| CVE-2026-8037 | CRITICAL | 9.6 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance … | Jun 04, 2026 |
| CVE-2026-45433 | UNKNOWN | — | This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker … | Jun 04, 2026 |
| CVE-2026-43926 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint `/client/reset-password-confirm/:hash` is handled by a non-API … | Jun 04, 2026 |
| CVE-2026-40605 | UNKNOWN | — | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion … | Jun 04, 2026 |
| CVE-2026-10861 | UNKNOWN | — | An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-login redirect destination without … | Jun 04, 2026 |
| CVE-2026-10856 | UNKNOWN | — | A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted … | Jun 04, 2026 |
| CVE-2026-10855 | UNKNOWN | — | An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a … | Jun 04, 2026 |
| CVE-2026-10854 | UNKNOWN | — | A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder … | Jun 04, 2026 |
| CVE-2026-10810 | MEDIUM | 4.3 | A weakness has been identified in itsourcecode Fees Management System up to 1.0. Affected is an unknown function of the file /navbar.php. This manipulation of … | Jun 04, 2026 |
| CVE-2026-10809 | MEDIUM | 6.3 | A security flaw has been discovered in itsourcecode Fees Management System 1.0. This impacts an unknown function of the file /manage_user.php. The manipulation of the … | Jun 04, 2026 |
| CVE-2026-10808 | MEDIUM | 6.3 | A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown function of the file /manage_student.php. The manipulation of the argument ID … | Jun 04, 2026 |
| CVE-2026-10807 | MEDIUM | 6.3 | A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of the argument pr_profile_image … | Jun 04, 2026 |
| CVE-2026-10806 | MEDIUM | 6.3 | A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_file_to_post … | Jun 04, 2026 |
| CVE-2025-62338 | LOW | 3.3 | HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure. | Jun 04, 2026 |
| CVE-2025-59874 | HIGH | 8.1 | HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing … | Jun 04, 2026 |
| CVE-2025-46638 | HIGH | 7.5 | Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to a … | Jun 04, 2026 |
| CVE-2019-25745 | HIGH | 8.2 | WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code … | Jun 04, 2026 |
| CVE-2019-25744 | MEDIUM | 6.4 | WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in … | Jun 04, 2026 |
| CVE-2019-25743 | MEDIUM | 6.4 | WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post … | Jun 04, 2026 |
| CVE-2019-25742 | MEDIUM | 6.4 | WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field … | Jun 04, 2026 |
| CVE-2019-25741 | CRITICAL | 9.8 | Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to … | Jun 04, 2026 |