Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23813
Total
1705
Critical
7468
High
7599
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40780 | HIGH | 7.5 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a … | Jun 02, 2026 |
| CVE-2026-40619 | HIGH | 7.8 | A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main … | Jun 02, 2026 |
| CVE-2026-38978 | UNKNOWN | — | transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths. | Jun 02, 2026 |
| CVE-2026-35718 | UNKNOWN | — | A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via … | Jun 02, 2026 |
| CVE-2026-35716 | UNKNOWN | — | A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an … | Jun 02, 2026 |
| CVE-2026-34460 | MEDIUM | 5.4 | NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging … | Jun 02, 2026 |
| CVE-2026-33398 | UNKNOWN | — | NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/pages/forum/get_quotes.php` only checks whether the caller is logged in, then reads a post by attacker-controlled … | Jun 02, 2026 |
| CVE-2026-30652 | UNKNOWN | — | A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows … | Jun 02, 2026 |
| CVE-2026-30650 | UNKNOWN | — | A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw … | Jun 02, 2026 |
| CVE-2026-30649 | UNKNOWN | — | Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component | Jun 02, 2026 |
| CVE-2026-10629 | CRITICAL | 9.1 | SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path … | Jun 02, 2026 |
| CVE-2026-10591 | HIGH | 8.8 | Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands … | Jun 02, 2026 |
| CVE-2026-10047 | UNKNOWN | — | The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset … | Jun 02, 2026 |
| CVE-2026-10046 | UNKNOWN | — | Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler computes … | Jun 02, 2026 |
| CVE-2026-9844 | UNKNOWN | — | Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology (RabbitMQ Management interface modules) allows Default Usernames and Passwords. This issue affects navify Digital … | Jun 02, 2026 |
| CVE-2026-7313 | HIGH | 8.7 | CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used … | Jun 02, 2026 |
| CVE-2026-7312 | CRITICAL | 10.0 | CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to … | Jun 02, 2026 |
| CVE-2026-7201 | HIGH | 8.8 | CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote … | Jun 02, 2026 |
| CVE-2026-7198 | CRITICAL | 9.8 | CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, … | Jun 02, 2026 |
| CVE-2026-7195 | HIGH | 8.8 | CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, … | Jun 02, 2026 |
| CVE-2026-49782 | MEDIUM | 5.4 | Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through … | Jun 02, 2026 |
| CVE-2026-43965 | UNKNOWN | — | Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read from build/packages/packages.toml by LocalPackages::read_from_disc are passed without … | Jun 02, 2026 |
| CVE-2026-42795 | UNKNOWN | — | Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection … | Jun 02, 2026 |
| CVE-2026-41918 | MEDIUM | 5.7 | A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive information in the browser cache when an … | Jun 02, 2026 |
| CVE-2026-39555 | HIGH | 8.1 | Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1. | Jun 02, 2026 |