Search
497 CVEs · High severity
CVEs (497)
Showing 1–25 of 497
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-49141 | HIGH | 7.1 | 2026-06-08 | WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belon… | |
| CVE-2026-48507 | HIGH | 7.1 | 2026-06-08 | Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to l… | |
| CVE-2026-46657 | HIGH | 7.1 | 2026-06-08 | Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via pe… | |
| CVE-2026-34194 | HIGH | 7.1 | 2026-06-08 | Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocatio… | |
| CVE-2026-11422 | HIGH | 7.1 | 2026-06-05 | Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arb… | |
| CVE-2026-11269 | HIGH | Patched | 7.1 | 2026-06-05 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to execute arbitrary code inside a s… |
| CVE-2025-67448 | HIGH | 7.1 | 2026-06-04 | The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before… | |
| CVE-2026-36176 | HIGH | 7.1 | 2026-06-04 | GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers t… | |
| CVE-2025-52612 | HIGH | 7.1 | 2026-06-04 | HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficien… | |
| CVE-2026-8874 | HIGH | 7.1 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpo… | |
| CVE-2026-36606 | HIGH | 7.1 | 2026-06-03 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtain… | |
| CVE-2025-15654 | HIGH | 7.1 | 2026-06-03 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: fr… | |
| CVE-2026-31942 | HIGH | Patched | 7.1 | 2026-06-02 | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability … |
| CVE-2026-8035 | HIGH | Patched | 7.1 | 2026-06-02 | Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer derefere… |
| CVE-2026-8036 | HIGH | Patched | 7.1 | 2026-06-02 | Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability … |
| CVE-2026-42654 | HIGH | 7.1 | 2026-06-02 | Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects… | |
| CVE-2026-42685 | HIGH | 7.1 | 2026-06-02 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job P… | |
| CVE-2025-52759 | HIGH | 7.1 | 2026-06-02 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects … | |
| CVE-2026-11577 | HIGH | 7.2 | 2026-06-08 | A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This al… | |
| CVE-2023-54351 | HIGH | 7.2 | 2026-06-08 | WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment… | |
| CVE-2026-9851 | HIGH | 7.2 | 2026-06-06 | The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capab… | |
| CVE-2026-7537 | HIGH | 7.2 | 2026-06-06 | The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_send_comm_email function. T… | |
| CVE-2026-8901 | HIGH | 7.2 | 2026-06-06 | The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submi… | |
| CVE-2026-8438 | HIGH | 7.2 | 2026-06-06 | The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due … | |
| CVE-2026-50231 | HIGH | 7.2 | 2026-06-05 | Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by explo… |