Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23813
Total
1705
Critical
7468
High
7599
Medium
CVE ID Severity Score Description Published
CVE-2026-10694 HIGH 7.3 A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation … Jun 03, 2026
CVE-2026-10693 MEDIUM 6.3 A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative … Jun 03, 2026
CVE-2026-9732 MEDIUM 4.3 The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, … Jun 03, 2026
CVE-2026-7421 MEDIUM 4.4 The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the … Jun 03, 2026
CVE-2026-10692 MEDIUM 4.3 A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_code_advanced. Executing a manipulation of the … Jun 03, 2026
CVE-2026-10691 MEDIUM 4.3 A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. … Jun 03, 2026
CVE-2026-10690 MEDIUM 6.3 A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation of the … Jun 03, 2026
CVE-2026-44654 UNKNOWN LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records … Jun 02, 2026
CVE-2026-44653 MEDIUM 6.5 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an … Jun 02, 2026
CVE-2026-42507 MEDIUM 5.3 When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading … Jun 02, 2026
CVE-2026-42504 HIGH 7.5 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. Jun 02, 2026
CVE-2026-41412 MEDIUM 4.9 alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a … Jun 02, 2026
CVE-2026-40108 UNKNOWN GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL … Jun 02, 2026
CVE-2026-35482 HIGH 8.0 alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the … Jun 02, 2026
CVE-2026-32625 CRITICAL 9.6 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration … Jun 02, 2026
CVE-2026-31942 HIGH 7.1 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability … Jun 02, 2026
CVE-2026-27145 UNKNOWN (*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same … Jun 02, 2026
CVE-2026-25861 MEDIUM 5.9 QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of … Jun 02, 2026
CVE-2026-10719 UNKNOWN Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra byte outside of allocated memory … Jun 02, 2026
CVE-2026-10718 UNKNOWN Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of … Jun 02, 2026
CVE-2026-10717 UNKNOWN Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of bounds … Jun 02, 2026
CVE-2026-10688 MEDIUM 5.5 A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute_blender_code of the file /src/blender_mcp/server.py. This manipulation of the … Jun 02, 2026
CVE-2026-10662 MEDIUM 6.3 A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blender_mcp/server.py of the component ZIP … Jun 02, 2026
CVE-2026-8936 UNKNOWN Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder … Jun 02, 2026
CVE-2026-42029 UNKNOWN Rejected reason: This CVE is a duplicate of another CVE. Jun 02, 2026