Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23830
Total
1706
Critical
7474
High
7609
Medium
CVE ID Severity Score Description Published
CVE-2026-45154 LOW 2.6 Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective … Jun 01, 2026
CVE-2026-45153 MEDIUM 4.6 Nextcloud is an open source content collaboration platform. From version 33.0.0 to before version 33.1.0, after unlocking a locked Android phone the back-button could be … Jun 01, 2026
CVE-2026-45132 CRITICAL 10.0 CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposes sensitive credentials (Personal Access … Jun 01, 2026
CVE-2026-45131 CRITICAL 10.0 CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork … Jun 01, 2026
CVE-2026-44740 MEDIUM 6.5 Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in … Jun 01, 2026
CVE-2026-44211 CRITICAL 9.6 Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack … Jun 01, 2026
CVE-2026-42679 MEDIUM 6.5 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: … Jun 01, 2026
CVE-2026-42678 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS. This issue affects GiveWP: from … Jun 01, 2026
CVE-2026-42677 HIGH 7.5 Missing Authorization vulnerability in Ben Balter WP Document Revisions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Document Revisions: from n/a … Jun 01, 2026
CVE-2026-42676 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4. Jun 01, 2026
CVE-2026-42675 HIGH 7.3 Missing Authorization vulnerability in Themefic Hydra Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hydra Booking: from n/a through 1.1.41. Jun 01, 2026
CVE-2026-42674 HIGH 7.5 Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0. Jun 01, 2026
CVE-2026-42673 HIGH 7.5 Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded … Jun 01, 2026
CVE-2026-42672 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This … Jun 01, 2026
CVE-2026-42671 MEDIUM 6.5 Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GeoDirectory: from n/a through 2.8.157. Jun 01, 2026
CVE-2026-38950 HIGH 7.8 An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from … Jun 01, 2026
CVE-2026-37227 HIGH 7.5 FlexRIC v2.0.0 contains reachable assert(0) calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker … Jun 01, 2026
CVE-2026-37225 HIGH 7.5 FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP … Jun 01, 2026
CVE-2026-37224 HIGH 7.5 FlexRIC v2.0.0 crashes when receiving a duplicate E2_SETUP_REQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert() rather … Jun 01, 2026
CVE-2026-37223 HIGH 7.5 FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert(). A remote … Jun 01, 2026
CVE-2026-37222 HIGH 7.5 FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element (IE) counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU … Jun 01, 2026
CVE-2026-10275 MEDIUM 5.0 A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation … Jun 01, 2026
CVE-2026-10274 MEDIUM 6.3 A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. … Jun 01, 2026
CVE-2026-10273 HIGH 7.3 A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a … Jun 01, 2026
CVE-2026-10272 MEDIUM 6.5 A vulnerability has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The impacted element is an unknown function of the file admin/deleteform.php. Such manipulation of … Jun 01, 2026