Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20470
Total
1466
Critical
6212
High
6509
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-53692 | UNKNOWN | — | Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, … | Jun 30, 2026 |
| CVE-2026-53691 | UNKNOWN | — | An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST "/admin/index.php?module=pages&mode=FileAdd" endpoint. The application … | Jun 30, 2026 |
| CVE-2026-53690 | UNKNOWN | — | An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize … | Jun 30, 2026 |
| CVE-2026-41053 | HIGH | 8.8 | Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, … | Jun 30, 2026 |
| CVE-2026-14162 | CRITICAL | 9.8 | Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation. | Jun 30, 2026 |
| CVE-2026-14161 | HIGH | 7.5 | Hospital Quening Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation. | Jun 30, 2026 |
| CVE-2026-13766 | CRITICAL | 9.8 | DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subclass, sets bindtype in its constructor … | Jun 30, 2026 |
| CVE-2026-54475 | HIGH | 7.5 | Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection … | Jun 30, 2026 |
| CVE-2026-53917 | HIGH | 7.5 | Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a … | Jun 30, 2026 |
| CVE-2026-53916 | HIGH | 7.5 | Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection … | Jun 30, 2026 |
| CVE-2026-52760 | MEDIUM | 6.1 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console … | Jun 30, 2026 |
| CVE-2026-50750 | HIGH | 7.5 | Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker … | Jun 30, 2026 |
| CVE-2026-50734 | HIGH | 7.5 | Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS … | Jun 30, 2026 |
| CVE-2026-49877 | HIGH | 8.1 | Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/* paths in the Web Console. The default Jetty … | Jun 30, 2026 |
| CVE-2026-49434 | HIGH | 7.5 | Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP … | Jun 30, 2026 |
| CVE-2026-49432 | HIGH | 7.5 | Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can … | Jun 30, 2026 |
| CVE-2026-13316 | MEDIUM | 4.4 | A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal … | Jun 30, 2026 |
| CVE-2026-9711 | CRITICAL | 9.8 | The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress (full) is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up … | Jun 30, 2026 |
| CVE-2026-8141 | HIGH | 7.2 | The Ajax Load More - Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'taxonomy_include_children' parameter in all versions up to, and … | Jun 30, 2026 |
| CVE-2026-6954 | UNKNOWN | — | Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into … | Jun 30, 2026 |
| CVE-2026-6953 | UNKNOWN | — | HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim … | Jun 30, 2026 |
| CVE-2026-13149 | UNKNOWN | — | brace-expansion through 5.0.6 is vulnerable to denial of service. The expand() function exhibits exponential-time complexity in the number of consecutive non-expanding '{}' brace groups. An … | Jun 30, 2026 |
| CVE-2026-12610 | MEDIUM | 6.4 | A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory … | Jun 30, 2026 |
| CVE-2026-12076 | UNKNOWN | — | Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline. The vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL statements … | Jun 30, 2026 |
| CVE-2026-10763 | UNKNOWN | — | PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server. | Jun 30, 2026 |