Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23813
Total
1705
Critical
7468
High
7599
Medium
CVE ID Severity Score Description Published
CVE-2026-3514 HIGH 7.5 In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the … Jun 02, 2026
CVE-2026-2425 MEDIUM 6.1 The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new_domain' parameter in all versions up to, and including, 2.0.0.1 … Jun 02, 2026
CVE-2026-2382 MEDIUM 6.4 The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpw_fs_get_file' AJAX action in all versions … Jun 02, 2026
CVE-2026-1784 HIGH 8.8 The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on … Jun 02, 2026
CVE-2026-1451 MEDIUM 6.1 The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6.2 due to insufficient … Jun 02, 2026
CVE-2026-1450 MEDIUM 6.1 The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient … Jun 02, 2026
CVE-2025-5085 MEDIUM 5.5 The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole_link’ parameter in all versions up to, and including, 1.31 … Jun 02, 2026
CVE-2026-8293 HIGH 7.5 The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker … Jun 02, 2026
CVE-2026-8206 CRITICAL 9.8 The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 … Jun 02, 2026
CVE-2026-3198 MEDIUM 6.5 MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlflow/server/auth/__init__.py` does not … Jun 02, 2026
CVE-2026-10583 MEDIUM 4.7 A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of … Jun 02, 2026
CVE-2026-10581 MEDIUM 6.3 A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument … Jun 02, 2026
CVE-2026-3871 MEDIUM 6.5 A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary … Jun 02, 2026
CVE-2026-3870 MEDIUM 6.5 A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary … Jun 02, 2026
CVE-2026-3722 MEDIUM 6.4 The Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) plugin for WordPress is vulnerable to Stored Cross-Site … Jun 02, 2026
CVE-2026-10568 MEDIUM 6.3 A vulnerability was detected in itsourcecode Fees Management System 1.0. Affected is an unknown function of the file /manage_payment.php. The manipulation of the argument ID … Jun 02, 2026
CVE-2026-10567 LOW 3.5 A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. … Jun 02, 2026
CVE-2026-10566 MEDIUM 5.3 A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the … Jun 02, 2026
CVE-2026-10565 LOW 3.1 A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component … Jun 02, 2026
CVE-2026-10510 MEDIUM 6.1 Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute arbitrary JavaScript in … Jun 02, 2026
CVE-2026-10100 MEDIUM 4.4 The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields (Page Background, Form Background, Text Color, … Jun 02, 2026
CVE-2026-10559 MEDIUM 6.3 A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation … Jun 02, 2026
CVE-2026-10558 MEDIUM 6.3 A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the argument … Jun 02, 2026
CVE-2026-10550 MEDIUM 6.3 A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment … Jun 02, 2026
CVE-2026-10548 MEDIUM 5.3 A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential … Jun 02, 2026