Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20679
Total
1492
Critical
6280
High
6554
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-52701 | MEDIUM | 6.5 | Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions. | Jun 26, 2026 |
| CVE-2026-4339 | MEDIUM | 6.5 | Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost … | Jun 26, 2026 |
| CVE-2026-45257 | HIGH | 7.8 | The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does … | Jun 26, 2026 |
| CVE-2026-45256 | MEDIUM | 5.5 | When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the … | Jun 26, 2026 |
| CVE-2026-3472 | LOW | 3.5 | Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, … | Jun 26, 2026 |
| CVE-2026-30041 | HIGH | 7.5 | An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service … | Jun 26, 2026 |
| CVE-2026-30040 | MEDIUM | 6.5 | A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the … | Jun 26, 2026 |
| CVE-2026-24547 | MEDIUM | 5.3 | Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions. | Jun 26, 2026 |
| CVE-2025-68075 | MEDIUM | 6.5 | Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 versions. | Jun 26, 2026 |
| CVE-2025-68074 | MEDIUM | 6.5 | Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions. | Jun 26, 2026 |
| CVE-2025-68064 | HIGH | 7.5 | Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions. | Jun 26, 2026 |
| CVE-2025-68063 | HIGH | 7.5 | Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions. | Jun 26, 2026 |
| CVE-2025-68052 | HIGH | 8.8 | Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions. | Jun 26, 2026 |
| CVE-2025-66123 | MEDIUM | 5.3 | Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions. | Jun 26, 2026 |
| CVE-2025-64637 | MEDIUM | 5.3 | Unauthenticated Content Injection in Auros Core <= 5.3.1 versions. | Jun 26, 2026 |
| CVE-2025-64636 | MEDIUM | 5.3 | Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions. | Jun 26, 2026 |
| CVE-2025-63079 | MEDIUM | 4.3 | Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions. | Jun 26, 2026 |
| CVE-2025-63078 | MEDIUM | 4.3 | Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions. | Jun 26, 2026 |
| CVE-2025-63041 | MEDIUM | 5.4 | Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions. | Jun 26, 2026 |
| CVE-2026-57940 | UNKNOWN | — | HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed import functionality. The function get_feed() in system/admin/admin.php passes user-supplied $feed_url directly to … | Jun 26, 2026 |
| CVE-2026-57926 | LOW | 2.6 | In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack | Jun 26, 2026 |
| CVE-2026-57925 | MEDIUM | 4.3 | In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags | Jun 26, 2026 |
| CVE-2026-57924 | MEDIUM | 4.3 | In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details | Jun 26, 2026 |
| CVE-2026-57923 | MEDIUM | 5.3 | In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings | Jun 26, 2026 |
| CVE-2026-57922 | LOW | 3.1 | In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible | Jun 26, 2026 |