Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20679
Total
1492
Critical
6280
High
6554
Medium
CVE ID Severity Score Description Published
CVE-2026-52701 MEDIUM 6.5 Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions. Jun 26, 2026
CVE-2026-4339 MEDIUM 6.5 Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost … Jun 26, 2026
CVE-2026-45257 HIGH 7.8 The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does … Jun 26, 2026
CVE-2026-45256 MEDIUM 5.5 When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the … Jun 26, 2026
CVE-2026-3472 LOW 3.5 Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, … Jun 26, 2026
CVE-2026-30041 HIGH 7.5 An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service … Jun 26, 2026
CVE-2026-30040 MEDIUM 6.5 A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the … Jun 26, 2026
CVE-2026-24547 MEDIUM 5.3 Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions. Jun 26, 2026
CVE-2025-68075 MEDIUM 6.5 Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 versions. Jun 26, 2026
CVE-2025-68074 MEDIUM 6.5 Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions. Jun 26, 2026
CVE-2025-68064 HIGH 7.5 Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions. Jun 26, 2026
CVE-2025-68063 HIGH 7.5 Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions. Jun 26, 2026
CVE-2025-68052 HIGH 8.8 Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions. Jun 26, 2026
CVE-2025-66123 MEDIUM 5.3 Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions. Jun 26, 2026
CVE-2025-64637 MEDIUM 5.3 Unauthenticated Content Injection in Auros Core <= 5.3.1 versions. Jun 26, 2026
CVE-2025-64636 MEDIUM 5.3 Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions. Jun 26, 2026
CVE-2025-63079 MEDIUM 4.3 Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions. Jun 26, 2026
CVE-2025-63078 MEDIUM 4.3 Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions. Jun 26, 2026
CVE-2025-63041 MEDIUM 5.4 Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions. Jun 26, 2026
CVE-2026-57940 UNKNOWN HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed import functionality. The function get_feed() in system/admin/admin.php passes user-supplied $feed_url directly to … Jun 26, 2026
CVE-2026-57926 LOW 2.6 In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack Jun 26, 2026
CVE-2026-57925 MEDIUM 4.3 In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags Jun 26, 2026
CVE-2026-57924 MEDIUM 4.3 In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details Jun 26, 2026
CVE-2026-57923 MEDIUM 5.3 In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings Jun 26, 2026
CVE-2026-57922 LOW 3.1 In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible Jun 26, 2026