Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23889
Total
1707
Critical
7494
High
7633
Medium
CVE ID Severity Score Description Published
CVE-2019-25733 HIGH 8.4 NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft … Jun 04, 2026
CVE-2019-25732 HIGH 8.2 PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search … Jun 04, 2026
CVE-2019-25731 HIGH 7.2 Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can … Jun 04, 2026
CVE-2019-25730 HIGH 8.2 Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id … Jun 04, 2026
CVE-2019-25729 CRITICAL 9.8 PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie … Jun 04, 2026
CVE-2019-25728 HIGH 8.2 Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject … Jun 04, 2026
CVE-2019-25727 CRITICAL 9.8 WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. … Jun 04, 2026
CVE-2019-25726 HIGH 8.2 All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through … Jun 04, 2026
CVE-2026-4104 CRITICAL 9.8 Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: … Jun 04, 2026
CVE-2026-45432 UNKNOWN This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A … Jun 04, 2026
CVE-2026-45431 UNKNOWN This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An … Jun 04, 2026
CVE-2026-10843 HIGH 7.2 A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions … Jun 04, 2026
CVE-2026-10840 CRITICAL 9.6 A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via … Jun 04, 2026
CVE-2026-10804 LOW 3.6 A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such … Jun 04, 2026
CVE-2026-10803 LOW 3.6 A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of the component Dataset Digest … Jun 04, 2026
CVE-2026-10802 MEDIUM 4.3 A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. … Jun 04, 2026
CVE-2025-52612 HIGH 7.1 HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an … Jun 04, 2026
CVE-2025-52611 LOW 3.1 HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the … Jun 04, 2026
CVE-2025-52609 LOW 3.7 HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern … Jun 04, 2026
CVE-2025-52608 LOW 3.1 HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. … Jun 04, 2026
CVE-2025-52606 MEDIUM 4.3 HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected … Jun 04, 2026
CVE-2025-12694 UNKNOWN A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN … Jun 04, 2026
CVE-2026-49077 MEDIUM 5.3 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue … Jun 04, 2026
CVE-2026-10801 LOW 3.6 A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the component PIL … Jun 04, 2026
CVE-2026-8916 MEDIUM 6.1 Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635. Jun 04, 2026