Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23596
Total
1679
Critical
7415
High
7509
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2019-25740 | MEDIUM | 6.5 | Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST … | Jun 04, 2026 |
| CVE-2019-25739 | MEDIUM | 6.4 | GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers … | Jun 04, 2026 |
| CVE-2019-25738 | CRITICAL | 9.8 | WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option action. Attackers can … | Jun 04, 2026 |
| CVE-2019-25737 | HIGH | 7.2 | Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can … | Jun 04, 2026 |
| CVE-2019-25736 | HIGH | 8.4 | LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the … | Jun 04, 2026 |
| CVE-2019-25735 | HIGH | 8.4 | AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long … | Jun 04, 2026 |
| CVE-2019-25734 | MEDIUM | 4.0 | Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by … | Jun 04, 2026 |
| CVE-2019-25733 | HIGH | 8.4 | NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft … | Jun 04, 2026 |
| CVE-2019-25732 | HIGH | 8.2 | PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search … | Jun 04, 2026 |
| CVE-2019-25731 | HIGH | 7.2 | Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can … | Jun 04, 2026 |
| CVE-2019-25730 | HIGH | 8.2 | Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id … | Jun 04, 2026 |
| CVE-2019-25729 | CRITICAL | 9.8 | PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie … | Jun 04, 2026 |
| CVE-2019-25728 | HIGH | 8.2 | Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject … | Jun 04, 2026 |
| CVE-2019-25727 | CRITICAL | 9.8 | WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. … | Jun 04, 2026 |
| CVE-2019-25726 | HIGH | 8.2 | All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through … | Jun 04, 2026 |
| CVE-2026-4104 | CRITICAL | 9.8 | Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: … | Jun 04, 2026 |
| CVE-2026-45432 | UNKNOWN | — | This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A … | Jun 04, 2026 |
| CVE-2026-45431 | UNKNOWN | — | This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An … | Jun 04, 2026 |
| CVE-2026-10843 | HIGH | 7.2 | A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions … | Jun 04, 2026 |
| CVE-2026-10840 | CRITICAL | 9.6 | A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via … | Jun 04, 2026 |
| CVE-2026-10804 | LOW | 3.6 | A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such … | Jun 04, 2026 |
| CVE-2026-10803 | LOW | 3.6 | A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of the component Dataset Digest … | Jun 04, 2026 |
| CVE-2026-10802 | MEDIUM | 4.3 | A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. … | Jun 04, 2026 |
| CVE-2025-52612 | HIGH | 7.1 | HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an … | Jun 04, 2026 |
| CVE-2025-52611 | LOW | 3.1 | HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the … | Jun 04, 2026 |