| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-12862 | — | 0.00 | — | 0.00 | Jun 22, 2026 | Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file. | ||
| CVE-2025-4994 | 0.00 | — | 0.00 | Jun 22, 2026 | The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy… | |||
| CVE-2025-62198 | 0.00 | — | 0.00 | Jun 22, 2026 | An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue. | |||
| CVE-2026-44914 | 0.00 | — | 0.00 | Jun 22, 2026 | Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework… | |||
| CVE-2026-44911 | 0.00 | — | 0.00 | Jun 22, 2026 | Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed properties override current configuration, enabling users with read access to… | |||
| CVE-2026-44913 | 0.00 | — | 0.00 | Jun 22, 2026 | Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. Manual quoted boundaries added in Apache NiFi 1.8.0 narrowed the scope of potential injection… | |||
| CVE-2026-54665 | 0.00 | — | 0.00 | Jun 22, 2026 | Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict… | |||
| CVE-2025-66336 | 0.00 | — | 0.00 | Jun 22, 2026 | Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated… | |||
| CVE-2026-8157 | 0.00 | — | 0.00 | Jun 22, 2026 | The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to… | |||
| CVE-2026-7859 | 0.00 | — | 0.00 | Jun 22, 2026 | The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices. | |||
| CVE-2026-6858 | 0.00 | — | 0.00 | Jun 22, 2026 | The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator | |||
| CVE-2026-4259 | 0.00 | — | 0.00 | Jun 22, 2026 | The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||
| CVE-2026-4110 | 0.00 | — | 0.00 | Jun 22, 2026 | The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||
| CVE-2026-10530 | 0.00 | — | 0.00 | Jun 22, 2026 | The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox. | |||
| CVE-2026-6645 | 0.00 | — | 0.00 | Jun 22, 2026 | An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an internal validation check by invoking a… | |||
| CVE-2026-11748 | 0.00 | — | 0.00 | Jun 22, 2026 | A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated… | |||
| CVE-2026-11746 | 0.00 | — | 0.00 | Jun 22, 2026 | A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the… | |||
| CVE-2026-11745 | 0.00 | — | 0.00 | Jun 22, 2026 | A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored… | |||
| CVE-2026-8918 | — | 0.00 | — | 0.00 | Jun 22, 2026 | A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash (BSOD) by bypassing the validation mechanism.Refer to the ' Security Update for Armoury Crate App ' section on the… | ||
| CVE-2025-66389 | 0.00 | — | 0.01 | Jun 22, 2026 | GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection. | |||
| CVE-2026-12892 | — | mod | 0.29 | 4.4 | 0.00 | Jun 22, 2026 | gstreamer1-plugins-bad: gstreamer1-plugins-bad: 1-byte heap out-of-bounds read in H.264 NAL extension slice parser | |
| CVE-2026-12823 | 0.00 | — | 0.00 | Jun 21, 2026 | A security flaw has been discovered in Browserbase up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released… | |||
| CVE-2026-12822 | 0.00 | — | 0.00 | Jun 21, 2026 | A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but… | |||
| CVE-2026-12821 | 0.00 | — | 0.00 | Jun 21, 2026 | A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to… | |||
| CVE-2026-12815 | 0.00 | — | 0.01 | Jun 21, 2026 | A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did… | |||
| CVE-2026-12814 | 0.00 | — | 0.01 | Jun 21, 2026 | A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=ping_config of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is… | |||
| CVE-2026-12813 | 0.00 | — | 0.00 | Jun 21, 2026 | A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery.… | |||
| CVE-2026-12812 | 0.00 | — | 0.00 | Jun 21, 2026 | A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed… | |||
| CVE-2026-12811 | 0.00 | — | 0.00 | Jun 21, 2026 | A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/router.push of the file apps/frontend/src/app/auth/page.tsx of the component Auth Endpoint. Executing a manipulation of the argument returnURL can lead to cross… | |||
| CVE-2026-12810 | 0.00 | — | 0.01 | Jun 21, 2026 | A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be… | |||
| CVE-2026-12809 | 0.00 | — | 0.01 | Jun 21, 2026 | A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz_5in1_redirect of the file /goform/wiz_5in1_redirect of the component POST Request Handler. Such manipulation of the argument newpass leads to command injection. The attack can be launched… | |||
| CVE-2026-12808 | 0.00 | — | 0.01 | Jun 21, 2026 | A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainfo of the component POST Request Handler. This manipulation of the argument interface causes command injection. The attack can be initiated remotely. The… | |||
| CVE-2026-12807 | 0.00 | — | 0.01 | Jun 21, 2026 | A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of the component POST Request Handler. The manipulation of the argument pppUserName/pptpUserName/L2TPUserName results in command injection. It is possible to launch… | |||
| CVE-2026-12806 | 0.00 | — | 0.00 | Jun 21, 2026 | A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. It is possible to… | |||
| CVE-2026-12805 | 0.00 | — | 0.00 | Jun 21, 2026 | A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been… | |||
| CVE-2026-12804 | 0.00 | — | 0.00 | Jun 21, 2026 | A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open… | |||
| CVE-2026-56412 | 0.00 | — | 0.00 | Jun 21, 2026 | libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix… | |||
| CVE-2026-56411 | 0.00 | — | 0.00 | Jun 21, 2026 | xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations. | |||
| CVE-2026-56410 | 0.00 | — | 0.00 | Jun 21, 2026 | xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId. | |||
| CVE-2026-56409 | 0.00 | — | 0.00 | Jun 21, 2026 | xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used. | |||
| CVE-2026-56408 | 0.00 | — | 0.00 | Jun 21, 2026 | libexpat before 2.8.2 has an integer overflow in copyString. | |||
| CVE-2026-56407 | 0.00 | — | 0.00 | Jun 21, 2026 | libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. | |||
| CVE-2026-56406 | 0.00 | — | 0.00 | Jun 21, 2026 | libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse. | |||
| CVE-2026-56405 | 0.00 | — | 0.00 | Jun 21, 2026 | libexpat before 2.8.2 has an integer overflow in getAttributeId. | |||
| CVE-2026-56404 | 0.00 | — | 0.00 | Jun 21, 2026 | libexpat before 2.8.2 has an integer overflow in addBinding. | |||
| CVE-2026-56403 | 0.00 | — | 0.00 | Jun 21, 2026 | libexpat before 2.8.2 has an integer overflow in storeAtts. | |||
| CVE-2026-56397 | 0.00 | — | 0.00 | Jun 21, 2026 | SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads… | |||
| CVE-2026-56396 | 0.00 | — | 0.00 | Jun 21, 2026 | phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can set is_superadmin flag or grant arbitrary rights… | |||
| CVE-2026-56395 | 0.00 | — | 0.00 | Jun 21, 2026 | SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads… | |||
| CVE-2026-56394 | 0.00 | — | 0.00 | Jun 21, 2026 | Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to… |
- CVE-2026-12862Jun 22, 2026risk 0.00cvss —epss 0.00
Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file.
- CVE-2025-4994Jun 22, 2026risk 0.00cvss —epss 0.00
The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy…
- CVE-2025-62198Jun 22, 2026risk 0.00cvss —epss 0.00
An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue.
- CVE-2026-44914Jun 22, 2026risk 0.00cvss —epss 0.00
Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework…
- CVE-2026-44911Jun 22, 2026risk 0.00cvss —epss 0.00
Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed properties override current configuration, enabling users with read access to…
- CVE-2026-44913Jun 22, 2026risk 0.00cvss —epss 0.00
Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. Manual quoted boundaries added in Apache NiFi 1.8.0 narrowed the scope of potential injection…
- CVE-2026-54665Jun 22, 2026risk 0.00cvss —epss 0.00
Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict…
- CVE-2025-66336Jun 22, 2026risk 0.00cvss —epss 0.00
Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated…
- CVE-2026-8157Jun 22, 2026risk 0.00cvss —epss 0.00
The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to…
- CVE-2026-7859Jun 22, 2026risk 0.00cvss —epss 0.00
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices.
- CVE-2026-6858Jun 22, 2026risk 0.00cvss —epss 0.00
The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator
- CVE-2026-4259Jun 22, 2026risk 0.00cvss —epss 0.00
The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- CVE-2026-4110Jun 22, 2026risk 0.00cvss —epss 0.00
The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- CVE-2026-10530Jun 22, 2026risk 0.00cvss —epss 0.00
The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox.
- CVE-2026-6645Jun 22, 2026risk 0.00cvss —epss 0.00
An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an internal validation check by invoking a…
- CVE-2026-11748Jun 22, 2026risk 0.00cvss —epss 0.00
A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated…
- CVE-2026-11746Jun 22, 2026risk 0.00cvss —epss 0.00
A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the…
- CVE-2026-11745Jun 22, 2026risk 0.00cvss —epss 0.00
A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored…
- CVE-2026-8918Jun 22, 2026risk 0.00cvss —epss 0.00
A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash (BSOD) by bypassing the validation mechanism.Refer to the ' Security Update for Armoury Crate App ' section on the…
- CVE-2025-66389Jun 22, 2026risk 0.00cvss —epss 0.01
GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection.
- risk 0.29cvss 4.4epss 0.00
gstreamer1-plugins-bad: gstreamer1-plugins-bad: 1-byte heap out-of-bounds read in H.264 NAL extension slice parser
- CVE-2026-12823Jun 21, 2026risk 0.00cvss —epss 0.00
A security flaw has been discovered in Browserbase up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released…
- CVE-2026-12822Jun 21, 2026risk 0.00cvss —epss 0.00
A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but…
- CVE-2026-12821Jun 21, 2026risk 0.00cvss —epss 0.00
A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to…
- CVE-2026-12815Jun 21, 2026risk 0.00cvss —epss 0.01
A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did…
- CVE-2026-12814Jun 21, 2026risk 0.00cvss —epss 0.01
A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=ping_config of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is…
- CVE-2026-12813Jun 21, 2026risk 0.00cvss —epss 0.00
A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery.…
- CVE-2026-12812Jun 21, 2026risk 0.00cvss —epss 0.00
A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed…
- CVE-2026-12811Jun 21, 2026risk 0.00cvss —epss 0.00
A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/router.push of the file apps/frontend/src/app/auth/page.tsx of the component Auth Endpoint. Executing a manipulation of the argument returnURL can lead to cross…
- CVE-2026-12810Jun 21, 2026risk 0.00cvss —epss 0.01
A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be…
- CVE-2026-12809Jun 21, 2026risk 0.00cvss —epss 0.01
A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz_5in1_redirect of the file /goform/wiz_5in1_redirect of the component POST Request Handler. Such manipulation of the argument newpass leads to command injection. The attack can be launched…
- CVE-2026-12808Jun 21, 2026risk 0.00cvss —epss 0.01
A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainfo of the component POST Request Handler. This manipulation of the argument interface causes command injection. The attack can be initiated remotely. The…
- CVE-2026-12807Jun 21, 2026risk 0.00cvss —epss 0.01
A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of the component POST Request Handler. The manipulation of the argument pppUserName/pptpUserName/L2TPUserName results in command injection. It is possible to launch…
- CVE-2026-12806Jun 21, 2026risk 0.00cvss —epss 0.00
A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. It is possible to…
- CVE-2026-12805Jun 21, 2026risk 0.00cvss —epss 0.00
A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been…
- CVE-2026-12804Jun 21, 2026risk 0.00cvss —epss 0.00
A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open…
- CVE-2026-56412Jun 21, 2026risk 0.00cvss —epss 0.00
libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix…
- CVE-2026-56411Jun 21, 2026risk 0.00cvss —epss 0.00
xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.
- CVE-2026-56410Jun 21, 2026risk 0.00cvss —epss 0.00
xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.
- CVE-2026-56409Jun 21, 2026risk 0.00cvss —epss 0.00
xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.
- CVE-2026-56408Jun 21, 2026risk 0.00cvss —epss 0.00
libexpat before 2.8.2 has an integer overflow in copyString.
- CVE-2026-56407Jun 21, 2026risk 0.00cvss —epss 0.00
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.
- CVE-2026-56406Jun 21, 2026risk 0.00cvss —epss 0.00
libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.
- CVE-2026-56405Jun 21, 2026risk 0.00cvss —epss 0.00
libexpat before 2.8.2 has an integer overflow in getAttributeId.
- CVE-2026-56404Jun 21, 2026risk 0.00cvss —epss 0.00
libexpat before 2.8.2 has an integer overflow in addBinding.
- CVE-2026-56403Jun 21, 2026risk 0.00cvss —epss 0.00
libexpat before 2.8.2 has an integer overflow in storeAtts.
- CVE-2026-56397Jun 21, 2026risk 0.00cvss —epss 0.00
SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads…
- CVE-2026-56396Jun 21, 2026risk 0.00cvss —epss 0.00
phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can set is_superadmin flag or grant arbitrary rights…
- CVE-2026-56395Jun 21, 2026risk 0.00cvss —epss 0.00
SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads…
- CVE-2026-56394Jun 21, 2026risk 0.00cvss —epss 0.00
Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to…