Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23830
Total
1706
Critical
7474
High
7609
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-45154 | LOW | 2.6 | Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective … | Jun 01, 2026 |
| CVE-2026-45153 | MEDIUM | 4.6 | Nextcloud is an open source content collaboration platform. From version 33.0.0 to before version 33.1.0, after unlocking a locked Android phone the back-button could be … | Jun 01, 2026 |
| CVE-2026-45132 | CRITICAL | 10.0 | CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposes sensitive credentials (Personal Access … | Jun 01, 2026 |
| CVE-2026-45131 | CRITICAL | 10.0 | CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork … | Jun 01, 2026 |
| CVE-2026-44740 | MEDIUM | 6.5 | Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in … | Jun 01, 2026 |
| CVE-2026-44211 | CRITICAL | 9.6 | Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack … | Jun 01, 2026 |
| CVE-2026-42679 | MEDIUM | 6.5 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: … | Jun 01, 2026 |
| CVE-2026-42678 | HIGH | 7.1 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS. This issue affects GiveWP: from … | Jun 01, 2026 |
| CVE-2026-42677 | HIGH | 7.5 | Missing Authorization vulnerability in Ben Balter WP Document Revisions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Document Revisions: from n/a … | Jun 01, 2026 |
| CVE-2026-42676 | MEDIUM | 6.5 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4. | Jun 01, 2026 |
| CVE-2026-42675 | HIGH | 7.3 | Missing Authorization vulnerability in Themefic Hydra Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hydra Booking: from n/a through 1.1.41. | Jun 01, 2026 |
| CVE-2026-42674 | HIGH | 7.5 | Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0. | Jun 01, 2026 |
| CVE-2026-42673 | HIGH | 7.5 | Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded … | Jun 01, 2026 |
| CVE-2026-42672 | CRITICAL | 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This … | Jun 01, 2026 |
| CVE-2026-42671 | MEDIUM | 6.5 | Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GeoDirectory: from n/a through 2.8.157. | Jun 01, 2026 |
| CVE-2026-38950 | HIGH | 7.8 | An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from … | Jun 01, 2026 |
| CVE-2026-37227 | HIGH | 7.5 | FlexRIC v2.0.0 contains reachable assert(0) calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker … | Jun 01, 2026 |
| CVE-2026-37225 | HIGH | 7.5 | FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP … | Jun 01, 2026 |
| CVE-2026-37224 | HIGH | 7.5 | FlexRIC v2.0.0 crashes when receiving a duplicate E2_SETUP_REQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert() rather … | Jun 01, 2026 |
| CVE-2026-37223 | HIGH | 7.5 | FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert(). A remote … | Jun 01, 2026 |
| CVE-2026-37222 | HIGH | 7.5 | FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element (IE) counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU … | Jun 01, 2026 |
| CVE-2026-10275 | MEDIUM | 5.0 | A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation … | Jun 01, 2026 |
| CVE-2026-10274 | MEDIUM | 6.3 | A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. … | Jun 01, 2026 |
| CVE-2026-10273 | HIGH | 7.3 | A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a … | Jun 01, 2026 |
| CVE-2026-10272 | MEDIUM | 6.5 | A vulnerability has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The impacted element is an unknown function of the file admin/deleteform.php. Such manipulation of … | Jun 01, 2026 |