Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20470
Total
1466
Critical
6212
High
6509
Medium
CVE ID Severity Score Description Published
CVE-2026-53692 UNKNOWN Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, … Jun 30, 2026
CVE-2026-53691 UNKNOWN An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST "/admin/index.php?module=pages&mode=FileAdd" endpoint. The application … Jun 30, 2026
CVE-2026-53690 UNKNOWN An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize … Jun 30, 2026
CVE-2026-41053 HIGH 8.8 Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, … Jun 30, 2026
CVE-2026-14162 CRITICAL 9.8 Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation. Jun 30, 2026
CVE-2026-14161 HIGH 7.5 Hospital Quening Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation. Jun 30, 2026
CVE-2026-13766 CRITICAL 9.8 DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subclass, sets bindtype in its constructor … Jun 30, 2026
CVE-2026-54475 HIGH 7.5 Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection … Jun 30, 2026
CVE-2026-53917 HIGH 7.5 Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a … Jun 30, 2026
CVE-2026-53916 HIGH 7.5 Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection … Jun 30, 2026
CVE-2026-52760 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console … Jun 30, 2026
CVE-2026-50750 HIGH 7.5 Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker … Jun 30, 2026
CVE-2026-50734 HIGH 7.5 Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS … Jun 30, 2026
CVE-2026-49877 HIGH 8.1 Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/* paths in the Web Console. The default Jetty … Jun 30, 2026
CVE-2026-49434 HIGH 7.5 Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP … Jun 30, 2026
CVE-2026-49432 HIGH 7.5 Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can … Jun 30, 2026
CVE-2026-13316 MEDIUM 4.4 A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal … Jun 30, 2026
CVE-2026-9711 CRITICAL 9.8 The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress (full) is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up … Jun 30, 2026
CVE-2026-8141 HIGH 7.2 The Ajax Load More - Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'taxonomy_include_children' parameter in all versions up to, and … Jun 30, 2026
CVE-2026-6954 UNKNOWN Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into … Jun 30, 2026
CVE-2026-6953 UNKNOWN HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim … Jun 30, 2026
CVE-2026-13149 UNKNOWN brace-expansion through 5.0.6 is vulnerable to denial of service. The expand() function exhibits exponential-time complexity in the number of consecutive non-expanding '{}' brace groups. An … Jun 30, 2026
CVE-2026-12610 MEDIUM 6.4 A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory … Jun 30, 2026
CVE-2026-12076 UNKNOWN Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline. The vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL statements … Jun 30, 2026
CVE-2026-10763 UNKNOWN PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server. Jun 30, 2026