Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23657
Total
1684
Critical
7428
High
7547
Medium
CVE ID Severity Score Description Published
CVE-2025-41259 UNKNOWN SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted … Jun 03, 2026
CVE-2026-47065 CRITICAL 9.8 ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TC_PROXYCLASSDESC (the marker for a java.lang.reflect.Proxy … Jun 03, 2026
CVE-2026-41032 HIGH 7.5 It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information. Jun 03, 2026
CVE-2025-15656 HIGH 8.8 Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0. Jun 03, 2026
CVE-2025-15655 HIGH 7.6 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: … Jun 03, 2026
CVE-2025-14774 HIGH 7.4 Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. Jun 03, 2026
CVE-2025-14773 HIGH 8.0 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. Jun 03, 2026
CVE-2025-14772 HIGH 8.8 Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. Jun 03, 2026
CVE-2025-14771 CRITICAL 9.9 Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. Jun 03, 2026
CVE-2026-4035 CRITICAL 9.1 A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate … Jun 03, 2026
CVE-2025-15654 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8. Jun 03, 2026
CVE-2026-5078 MEDIUM 5.3 Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without … Jun 03, 2026
CVE-2026-50052 UNKNOWN In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync … Jun 03, 2026
CVE-2026-50031 HIGH 7.5 ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for … Jun 03, 2026
CVE-2026-10705 LOW 3.1 A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the component … Jun 03, 2026
CVE-2026-10704 HIGH 7.3 A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/admin_class_novo.php of the component … Jun 03, 2026
CVE-2026-10703 MEDIUM 6.3 A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData … Jun 03, 2026
CVE-2026-9516 HIGH 7.5 Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading … Jun 03, 2026
CVE-2026-9334 HIGH 7.3 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled. decode_hv() collapses duplicate object keys into an array … Jun 03, 2026
CVE-2026-10694 HIGH 7.3 A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation … Jun 03, 2026
CVE-2026-10693 MEDIUM 6.3 A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative … Jun 03, 2026
CVE-2026-9732 MEDIUM 4.3 The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, … Jun 03, 2026
CVE-2026-7421 MEDIUM 4.4 The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the … Jun 03, 2026
CVE-2026-10692 MEDIUM 4.3 A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_code_advanced. Executing a manipulation of the … Jun 03, 2026
CVE-2026-10691 MEDIUM 4.3 A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. … Jun 03, 2026