| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-53755 | hig | 0.38 | — | 0.00 | Jun 16, 2026 | ### Summary The Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and… | ||
| CVE-2026-53754 | hig | 0.38 | — | 0.00 | Jun 16, 2026 | ### Summary The Docker API server's SSRF protection (`validate_webhook_url` / `validate_url_destination` in `deploy/docker/utils.py`) used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata… | ||
| CVE-2026-50023 | hig | 0.39 | — | 0.01 | Jun 16, 2026 | ### Summary A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such as `.desktop`, `.url`, `.webloc`) to the user's filesystem, bypassing the remediation for `CVE-2024-38519`. ### Details The fix for `CVE-2024-38519` enforced… | ||
| CVE-2026-49113 | 0.00 | — | 0.00 | Jun 16, 2026 | Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions. | |||
| CVE-2026-49080 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions. | |||
| CVE-2026-49057 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions. | |||
| CVE-2026-48869 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions. | |||
| CVE-2026-40761 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions. | |||
| CVE-2026-40760 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in Behold <= 1.5 versions. | |||
| CVE-2026-40759 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in Esmée <= 1.4 versions. | |||
| CVE-2026-40758 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions. | |||
| CVE-2026-40755 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in TechLink <= 1.3 versions. | |||
| CVE-2026-40754 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in Roisin <= 1.4 versions. | |||
| CVE-2026-40751 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions. | |||
| CVE-2026-40739 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions. | |||
| CVE-2026-40736 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions. | |||
| CVE-2026-39580 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions. | |||
| CVE-2026-39578 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in Valiance <= 1.2 versions. | |||
| CVE-2026-39577 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions. | |||
| CVE-2026-39568 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions. | |||
| CVE-2026-39567 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions. | |||
| CVE-2026-39557 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions. | |||
| CVE-2026-39554 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions. | |||
| CVE-2026-39549 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions. | |||
| CVE-2026-39548 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions. | |||
| CVE-2026-39547 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in Getaway < 1.8 versions. | |||
| CVE-2026-39539 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions. | |||
| CVE-2026-39529 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions. | |||
| CVE-2026-39522 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in Solene <= 3.4 versions. | |||
| CVE-2026-39446 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions. | |||
| CVE-2026-39443 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions. | |||
| CVE-2026-39438 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions. | |||
| CVE-2026-39433 | 0.00 | — | 0.00 | Jun 16, 2026 | Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions. | |||
| CVE-2026-34895 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions. | |||
| CVE-2026-34894 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions. | |||
| CVE-2026-34893 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions. | |||
| CVE-2026-27429 | 0.00 | — | 0.01 | Jun 16, 2026 | Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions. | |||
| CVE-2026-27395 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions. | |||
| CVE-2026-12256 | 0.00 | — | 0.00 | Jun 16, 2026 | Contributor PHP Object Injection in Avada <= 3.15.3 versions. | |||
| CVE-2025-69178 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions. | |||
| CVE-2025-69177 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions. | |||
| CVE-2025-69176 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in ITactics <= 1.0 versions. | |||
| CVE-2025-69168 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in Spike <= 1.2 versions. | |||
| CVE-2025-69167 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in Eros <= 1.3 versions. | |||
| CVE-2025-69165 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in Choreo <= 1.6 versions. | |||
| CVE-2025-69163 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in WineShop <= 3.17 versions. | |||
| CVE-2025-69162 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in Grecko <= 5.17 versions. | |||
| CVE-2025-69160 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in Gita <= 1.11 versions. | |||
| CVE-2025-69159 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Local File Inclusion in Printo <= 1.11 versions. | |||
| CVE-2025-69151 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions. |
- risk 0.38cvss —epss 0.00
### Summary The Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and…
- risk 0.38cvss —epss 0.00
### Summary The Docker API server's SSRF protection (`validate_webhook_url` / `validate_url_destination` in `deploy/docker/utils.py`) used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata…
- risk 0.39cvss —epss 0.01
### Summary A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such as `.desktop`, `.url`, `.webloc`) to the user's filesystem, bypassing the remediation for `CVE-2024-38519`. ### Details The fix for `CVE-2024-38519` enforced…
- CVE-2026-49113Jun 16, 2026risk 0.00cvss —epss 0.00
Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
- CVE-2026-49080Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.
- CVE-2026-49057Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.
- CVE-2026-48869Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
- CVE-2026-40761Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
- CVE-2026-40760Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
- CVE-2026-40759Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.
- CVE-2026-40758Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.
- CVE-2026-40755Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.
- CVE-2026-40754Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.
- CVE-2026-40751Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.
- CVE-2026-40739Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.
- CVE-2026-40736Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.
- CVE-2026-39580Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.
- CVE-2026-39578Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.
- CVE-2026-39577Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.
- CVE-2026-39568Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.
- CVE-2026-39567Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.
- CVE-2026-39557Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.
- CVE-2026-39554Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.
- CVE-2026-39549Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.
- CVE-2026-39548Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.
- CVE-2026-39547Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Getaway < 1.8 versions.
- CVE-2026-39539Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
- CVE-2026-39529Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.
- CVE-2026-39522Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Solene <= 3.4 versions.
- CVE-2026-39446Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.
- CVE-2026-39443Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.
- CVE-2026-39438Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
- CVE-2026-39433Jun 16, 2026risk 0.00cvss —epss 0.00
Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.
- CVE-2026-34895Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.
- CVE-2026-34894Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.
- CVE-2026-34893Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.
- CVE-2026-27429Jun 16, 2026risk 0.00cvss —epss 0.01
Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.
- CVE-2026-27395Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.
- CVE-2026-12256Jun 16, 2026risk 0.00cvss —epss 0.00
Contributor PHP Object Injection in Avada <= 3.15.3 versions.
- CVE-2025-69178Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions.
- CVE-2025-69177Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions.
- CVE-2025-69176Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in ITactics <= 1.0 versions.
- CVE-2025-69168Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Spike <= 1.2 versions.
- CVE-2025-69167Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Eros <= 1.3 versions.
- CVE-2025-69165Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Choreo <= 1.6 versions.
- CVE-2025-69163Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in WineShop <= 3.17 versions.
- CVE-2025-69162Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Grecko <= 5.17 versions.
- CVE-2025-69160Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Gita <= 1.11 versions.
- CVE-2025-69159Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Printo <= 1.11 versions.
- CVE-2025-69151Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions.