| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42530 | — | 0.00 | — | 0.03 | Jun 17, 2026 | NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK… | ||
| CVE-2026-54236 | 0.00 | — | 0.01 | Jun 17, 2026 | # vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via the Anthropic API router **Researcher:** Kai Aizen — SnailSploit (@SnailSploit), Adversarial & Offensive Security Research **Severity:** CVSS 3.1 5.3 (Medium) `AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N` **Target:**… | |||
| CVE-2026-53923 | 0.00 | — | 0.00 | Jun 17, 2026 | ## Summary Integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels (`csrc/quantization/gguf/gguf_kernel.cu`) causes partial tensor processing. The output tensor is allocated at full size via `torch::empty` (uninitialized memory), but the dequantize CUDA kernel… | |||
| CVE-2026-48117 | 0.00 | — | 0.00 | Jun 17, 2026 | DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register an account using a victim's email address with an attacker-controlled password before the… | |||
| CVE-2026-54235 | 0.00 | — | 0.00 | Jun 17, 2026 | ## Summary All temperature validation gates use comparison operators (`<`, `>`), which silently evaluate to `False` for `NaN` and for positive `Infinity` in Python's IEEE 754 float semantics. Both values pass every guard and propagate to GPU sampling kernels, where they produce… | |||
| CVE-2026-54761 | 0.00 | — | 0.00 | Jun 17, 2026 | ## Summary There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the `crossProviderNamespaces` allowlist. For `HTTPRoute` rules that declare multiple (WRR) backendRefs, Traefik evaluates the allowlist against the target `backendRef.namespace`… | |||
| CVE-2026-53765 | 0.00 | — | 0.00 | Jun 17, 2026 | ### Summary The chrome-devtools-mcp daemon writes its PID file with `fs.writeFileSync()` to a deterministic runtime path. On typical macOS environments, and on Linux sessions where `$XDG_RUNTIME_DIR` is unset, that runtime path falls back to… | |||
| CVE-2026-54325 | 0.00 | — | 0.00 | Jun 17, 2026 | # Pi loads project-local extensions without approval Pi before 0.79.0 loaded project-local configuration and resources from a repository's `.pi` directory without first asking the user to trust that repository. This included project-local extensions, which are executable… | |||
| CVE-2026-54328 | hig | 0.39 | — | 0.00 | Jun 17, 2026 | # Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a… | ||
| CVE-2026-54327 | low | 0.00 | — | 0.00 | Jun 17, 2026 | # Pi auth.json writes could briefly expose stored credentials to local users Pi stored API keys and OAuth credentials in `auth.json`. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before… | ||
| CVE-2026-54809 | 0.00 | — | 0.00 | Jun 17, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10. | |||
| CVE-2026-54808 | 0.00 | — | 0.00 | Jun 17, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4. | |||
| CVE-2025-69189 | 0.00 | — | 0.00 | Jun 17, 2026 | Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3. | |||
| CVE-2025-69128 | 0.00 | — | 0.00 | Jun 17, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3. | |||
| CVE-2025-60236 | 0.00 | — | 0.00 | Jun 17, 2026 | Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5. | |||
| CVE-2025-60231 | 0.00 | — | 0.00 | Jun 17, 2026 | Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1. | |||
| CVE-2026-55738 | 0.00 | — | 0.01 | Jun 17, 2026 | A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy() without guaranteeing null termination of the source. The POSIX ustar format… | |||
| CVE-2026-54813 | 0.00 | — | 0.00 | Jun 17, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0. | |||
| CVE-2026-9591 | 0.00 | — | 0.00 | Jun 17, 2026 | Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a crafted form submitted to `/api/news-items`, due to missing anti-CSRF… | |||
| CVE-2026-54814 | 0.00 | — | 0.00 | Jun 17, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109. | |||
| CVE-2026-54815 | 0.00 | — | 0.00 | Jun 17, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6. | |||
| CVE-2026-54816 | 0.00 | — | 0.00 | Jun 17, 2026 | Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21. | |||
| CVE-2026-54817 | 0.00 | — | 0.00 | Jun 17, 2026 | Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4. | |||
| CVE-2026-54818 | 0.00 | — | 0.00 | Jun 17, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11. | |||
| CVE-2026-54417 | 0.00 | — | 0.00 | Jun 17, 2026 | An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a crafted tar archive. mtar_next() computes the offset to the next record as… | |||
| CVE-2026-54819 | 0.00 | — | 0.00 | Jun 17, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0. | |||
| CVE-2025-60230 | 0.00 | — | 0.00 | Jun 17, 2026 | Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9. | |||
| CVE-2026-10641 | 0.00 | — | 0.00 | Jun 17, 2026 | Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/classic/hfp_hf.c) contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cind_handle(), which assigns a… | |||
| CVE-2025-60229 | 0.00 | — | 0.00 | Jun 17, 2026 | Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0. | |||
| CVE-2026-49268 | 0.00 | — | 0.00 | Jun 17, 2026 | A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an… | |||
| CVE-2026-52716 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions. | |||
| CVE-2026-52707 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. | |||
| CVE-2026-49108 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Moderno < 1.43 versions. | |||
| CVE-2026-40757 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Château <= 1.2.1 versions. | |||
| CVE-2026-40756 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Zoya <= 1.4 versions. | |||
| CVE-2026-40752 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions. | |||
| CVE-2026-40738 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions. | |||
| CVE-2026-40733 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions. | |||
| CVE-2026-40720 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions. | |||
| CVE-2026-39590 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions. | |||
| CVE-2026-39576 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions. | |||
| CVE-2026-39560 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions. | |||
| CVE-2026-39559 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions. | |||
| CVE-2026-39556 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Konsept <= 1.9 versions. | |||
| CVE-2026-39523 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions. | |||
| CVE-2026-39445 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions. | |||
| CVE-2026-39442 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions. | |||
| CVE-2025-69175 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions. | |||
| CVE-2025-69174 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Etude <= 1.6 versions. | |||
| CVE-2025-69170 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions. |
- CVE-2026-42530Jun 17, 2026risk 0.00cvss —epss 0.03
NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK…
- CVE-2026-54236Jun 17, 2026risk 0.00cvss —epss 0.01
# vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via the Anthropic API router **Researcher:** Kai Aizen — SnailSploit (@SnailSploit), Adversarial & Offensive Security Research **Severity:** CVSS 3.1 5.3 (Medium) `AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N` **Target:**…
- CVE-2026-53923Jun 17, 2026risk 0.00cvss —epss 0.00
## Summary Integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels (`csrc/quantization/gguf/gguf_kernel.cu`) causes partial tensor processing. The output tensor is allocated at full size via `torch::empty` (uninitialized memory), but the dequantize CUDA kernel…
- CVE-2026-48117Jun 17, 2026risk 0.00cvss —epss 0.00
DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register an account using a victim's email address with an attacker-controlled password before the…
- CVE-2026-54235Jun 17, 2026risk 0.00cvss —epss 0.00
## Summary All temperature validation gates use comparison operators (`<`, `>`), which silently evaluate to `False` for `NaN` and for positive `Infinity` in Python's IEEE 754 float semantics. Both values pass every guard and propagate to GPU sampling kernels, where they produce…
- CVE-2026-54761Jun 17, 2026risk 0.00cvss —epss 0.00
## Summary There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the `crossProviderNamespaces` allowlist. For `HTTPRoute` rules that declare multiple (WRR) backendRefs, Traefik evaluates the allowlist against the target `backendRef.namespace`…
- CVE-2026-53765Jun 17, 2026risk 0.00cvss —epss 0.00
### Summary The chrome-devtools-mcp daemon writes its PID file with `fs.writeFileSync()` to a deterministic runtime path. On typical macOS environments, and on Linux sessions where `$XDG_RUNTIME_DIR` is unset, that runtime path falls back to…
- CVE-2026-54325Jun 17, 2026risk 0.00cvss —epss 0.00
# Pi loads project-local extensions without approval Pi before 0.79.0 loaded project-local configuration and resources from a repository's `.pi` directory without first asking the user to trust that repository. This included project-local extensions, which are executable…
- risk 0.39cvss —epss 0.00
# Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a…
- risk 0.00cvss —epss 0.00
# Pi auth.json writes could briefly expose stored credentials to local users Pi stored API keys and OAuth credentials in `auth.json`. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before…
- CVE-2026-54809Jun 17, 2026risk 0.00cvss —epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10.
- CVE-2026-54808Jun 17, 2026risk 0.00cvss —epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4.
- CVE-2025-69189Jun 17, 2026risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3.
- CVE-2025-69128Jun 17, 2026risk 0.00cvss —epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3.
- CVE-2025-60236Jun 17, 2026risk 0.00cvss —epss 0.00
Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5.
- CVE-2025-60231Jun 17, 2026risk 0.00cvss —epss 0.00
Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1.
- CVE-2026-55738Jun 17, 2026risk 0.00cvss —epss 0.01
A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy() without guaranteeing null termination of the source. The POSIX ustar format…
- CVE-2026-54813Jun 17, 2026risk 0.00cvss —epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0.
- CVE-2026-9591Jun 17, 2026risk 0.00cvss —epss 0.00
Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a crafted form submitted to `/api/news-items`, due to missing anti-CSRF…
- CVE-2026-54814Jun 17, 2026risk 0.00cvss —epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109.
- CVE-2026-54815Jun 17, 2026risk 0.00cvss —epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6.
- CVE-2026-54816Jun 17, 2026risk 0.00cvss —epss 0.00
Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21.
- CVE-2026-54817Jun 17, 2026risk 0.00cvss —epss 0.00
Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4.
- CVE-2026-54818Jun 17, 2026risk 0.00cvss —epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11.
- CVE-2026-54417Jun 17, 2026risk 0.00cvss —epss 0.00
An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a crafted tar archive. mtar_next() computes the offset to the next record as…
- CVE-2026-54819Jun 17, 2026risk 0.00cvss —epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0.
- CVE-2025-60230Jun 17, 2026risk 0.00cvss —epss 0.00
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9.
- CVE-2026-10641Jun 17, 2026risk 0.00cvss —epss 0.00
Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/classic/hfp_hf.c) contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cind_handle(), which assigns a…
- CVE-2025-60229Jun 17, 2026risk 0.00cvss —epss 0.00
Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0.
- CVE-2026-49268Jun 17, 2026risk 0.00cvss —epss 0.00
A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an…
- CVE-2026-52716Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions.
- CVE-2026-52707Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.
- CVE-2026-49108Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Moderno < 1.43 versions.
- CVE-2026-40757Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
- CVE-2026-40756Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
- CVE-2026-40752Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
- CVE-2026-40738Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
- CVE-2026-40733Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.
- CVE-2026-40720Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
- CVE-2026-39590Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.
- CVE-2026-39576Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
- CVE-2026-39560Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.
- CVE-2026-39559Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.
- CVE-2026-39556Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.
- CVE-2026-39523Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.
- CVE-2026-39445Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.
- CVE-2026-39442Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
- CVE-2025-69175Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.
- CVE-2025-69174Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Etude <= 1.6 versions.
- CVE-2025-69170Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.