Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23813
Total
1705
Critical
7468
High
7599
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-10694 | HIGH | 7.3 | A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation … | Jun 03, 2026 |
| CVE-2026-10693 | MEDIUM | 6.3 | A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative … | Jun 03, 2026 |
| CVE-2026-9732 | MEDIUM | 4.3 | The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, … | Jun 03, 2026 |
| CVE-2026-7421 | MEDIUM | 4.4 | The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the … | Jun 03, 2026 |
| CVE-2026-10692 | MEDIUM | 4.3 | A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_code_advanced. Executing a manipulation of the … | Jun 03, 2026 |
| CVE-2026-10691 | MEDIUM | 4.3 | A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. … | Jun 03, 2026 |
| CVE-2026-10690 | MEDIUM | 6.3 | A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation of the … | Jun 03, 2026 |
| CVE-2026-44654 | UNKNOWN | — | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records … | Jun 02, 2026 |
| CVE-2026-44653 | MEDIUM | 6.5 | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an … | Jun 02, 2026 |
| CVE-2026-42507 | MEDIUM | 5.3 | When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading … | Jun 02, 2026 |
| CVE-2026-42504 | HIGH | 7.5 | Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. | Jun 02, 2026 |
| CVE-2026-41412 | MEDIUM | 4.9 | alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a … | Jun 02, 2026 |
| CVE-2026-40108 | UNKNOWN | — | GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL … | Jun 02, 2026 |
| CVE-2026-35482 | HIGH | 8.0 | alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the … | Jun 02, 2026 |
| CVE-2026-32625 | CRITICAL | 9.6 | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration … | Jun 02, 2026 |
| CVE-2026-31942 | HIGH | 7.1 | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability … | Jun 02, 2026 |
| CVE-2026-27145 | UNKNOWN | — | (*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same … | Jun 02, 2026 |
| CVE-2026-25861 | MEDIUM | 5.9 | QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of … | Jun 02, 2026 |
| CVE-2026-10719 | UNKNOWN | — | Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra byte outside of allocated memory … | Jun 02, 2026 |
| CVE-2026-10718 | UNKNOWN | — | Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of … | Jun 02, 2026 |
| CVE-2026-10717 | UNKNOWN | — | Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of bounds … | Jun 02, 2026 |
| CVE-2026-10688 | MEDIUM | 5.5 | A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute_blender_code of the file /src/blender_mcp/server.py. This manipulation of the … | Jun 02, 2026 |
| CVE-2026-10662 | MEDIUM | 6.3 | A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blender_mcp/server.py of the component ZIP … | Jun 02, 2026 |
| CVE-2026-8936 | UNKNOWN | — | Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder … | Jun 02, 2026 |
| CVE-2026-42029 | UNKNOWN | — | Rejected reason: This CVE is a duplicate of another CVE. | Jun 02, 2026 |