Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23830
Total
1706
Critical
7474
High
7609
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-10289 | MEDIUM | 4.3 | A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a … | Jun 01, 2026 |
| CVE-2026-10288 | HIGH | 7.3 | A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password_verify of the file /admin/login.php of the component … | Jun 01, 2026 |
| CVE-2026-10287 | HIGH | 7.3 | A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function get_headers of the file /index.php. This manipulation of the … | Jun 01, 2026 |
| CVE-2026-10286 | MEDIUM | 6.3 | A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /home_employee.php. The manipulation of the argument emp_id results … | Jun 01, 2026 |
| CVE-2026-10285 | MEDIUM | 5.4 | A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the … | Jun 01, 2026 |
| CVE-2026-10284 | MEDIUM | 5.4 | A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the … | Jun 01, 2026 |
| CVE-2025-70099 | HIGH | 7.5 | A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially … | Jun 01, 2026 |
| CVE-2021-46747 | UNKNOWN | — | Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System … | Jun 01, 2026 |
| CVE-2026-9614 | HIGH | 8.8 | An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticated attacker to gain administrative access. | Jun 01, 2026 |
| CVE-2026-9330 | HIGH | 8.5 | IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. … | Jun 01, 2026 |
| CVE-2026-9319 | CRITICAL | 9.0 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security. | Jun 01, 2026 |
| CVE-2026-9311 | CRITICAL | 9.0 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. | Jun 01, 2026 |
| CVE-2026-8644 | CRITICAL | 9.1 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. | Jun 01, 2026 |
| CVE-2026-7770 | HIGH | 8.8 | IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests … | Jun 01, 2026 |
| CVE-2026-49121 | HIGH | 8.1 | AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote … | Jun 01, 2026 |
| CVE-2026-47294 | HIGH | 8.0 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | Jun 01, 2026 |
| CVE-2026-45810 | MEDIUM | 6.8 | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check … | Jun 01, 2026 |
| CVE-2026-45729 | MEDIUM | 4.3 | Thor Vector Graphics (ThorVG) is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run() allows any caller that passes … | Jun 01, 2026 |
| CVE-2026-45727 | UNKNOWN | — | CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as … | Jun 01, 2026 |
| CVE-2026-45722 | HIGH | 7.1 | Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables … | Jun 01, 2026 |
| CVE-2026-45691 | MEDIUM | 5.9 | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session … | Jun 01, 2026 |
| CVE-2026-45690 | MEDIUM | 5.9 | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass … | Jun 01, 2026 |
| CVE-2026-45545 | HIGH | 8.2 | Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to … | Jun 01, 2026 |
| CVE-2026-45544 | MEDIUM | 4.3 | Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only … | Jun 01, 2026 |
| CVE-2026-45543 | MEDIUM | 5.3 | Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent … | Jun 01, 2026 |