Vulnerabilities
Recent vulnerabilities
Recent vulnerabilities from
Select from 78 available sources using the dropdown above.
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-9508 |
10 (4.0)
|
Incorrect Permission Assignment for Critical Resource … |
Suprema |
BioStar 2 (server) |
2026-05-29T12:09:02.026Z | 2026-05-29T13:33:31.937Z |
| CVE-2026-9152 |
10 (4.0)
|
Unauthenticated SOAP Endpoint in Altium 365 SearchServ… |
Altium |
Altium 365 |
2026-05-21T00:47:24.365Z | 2026-05-21T12:41:39.633Z |
| CVE-2026-8326 |
10 (4.0)
|
Remote Spark SparkView Path Traversal in RDP Drive Red… |
Remote Spark (https://www.remotespark.com/) |
SparkView |
2026-05-29T11:47:02.652Z | 2026-05-29T13:34:00.474Z |
| CVE-2026-8054 |
10 (4.0)
|
Unauthenticated SQL Injection in dotCMS Publish Audit API |
dotCMS |
dotCMS Core |
2026-05-27T07:55:25.905Z | 2026-05-27T13:40:13.159Z |
| CVE-2026-7411 |
10 (3.1)
|
In Eclipse BaSyx Java Server SDK versions prior t… |
Eclipse Foundation |
Eclipse BaSyx |
2026-05-05T14:07:53.476Z | 2026-05-06T15:25:50.007Z |
| CVE-2026-7312 |
10 (3.1)
|
CWE‑522: Insufficiently Protected Credentials in web s… |
Progress Software |
Sitefinity |
2026-06-02T13:09:06.250Z | 2026-06-03T12:55:14.770Z |
| CVE-2026-6213 |
10 (4.0)
|
Remote Spark SparkView RCE |
Remote Spark (https://www.remotespark.com/) |
SparkView |
2026-05-08T09:04:24.188Z | 2026-05-11T07:48:23.801Z |
| CVE-2026-61447 |
10 (4.0)
10 (3.1)
|
PraisonAI before 1.6.78 Remote Code Execution via CodeAgent |
MervinPraison |
PraisonAI |
2026-07-11T13:01:05.162Z | 2026-07-11T13:01:05.162Z |
| CVE-2026-59726 |
10 (3.1)
|
Ruflo: Unauthenticated RCE in MCP bridge default docke… |
ruvnet |
ruflo |
2026-07-09T17:31:20.627Z | 2026-07-09T18:43:24.749Z |
| CVE-2026-57827 |
10 (4.0)
|
Joomla Extension - rsjoomla.com - Unauthenticated file… |
rsjoomla.com |
rsjoomla.com RSFiles extension for Joomla |
2026-07-11T09:29:03.863Z | 2026-07-11T09:29:03.863Z |
| CVE-2026-57700 |
10 (3.1)
|
WordPress OMGF Pro plugin <= 5.2.6 - Arbitrary File Up… |
Daan.dev |
OMGF Pro |
2026-06-25T17:29:31.795Z | 2026-06-29T17:43:48.914Z |
| CVE-2026-57624 |
10 (3.1)
|
WordPress Blocksy Companion Pro plugin <= 2.1.46 - Rem… |
Creative Themes |
Blocksy Companion Pro |
2026-07-02T11:15:26.664Z | 2026-07-02T19:39:14.229Z |
| CVE-2026-57572 |
10 (3.1)
|
Crawl4AI: Unauthenticated RCE via Chromium launch-argu… |
unclecode |
crawl4ai |
2026-07-06T20:16:21.597Z | 2026-07-08T19:42:13.954Z |
| CVE-2026-56415 |
10 (4.0)
10 (3.1)
|
OS Command Injection in StoneFly Storage Concentrator |
Stonefly |
Storage Concentrator |
2026-06-30T22:40:55.582Z | 2026-07-01T12:42:03.699Z |
| CVE-2026-56413 |
10 (4.0)
10 (3.1)
|
OS Command Injection in StoneFly Storage Concentrator |
StoneFly |
Storage Concentrator |
2026-06-30T22:50:58.131Z | 2026-07-01T12:41:07.971Z |
| CVE-2026-56291 |
10 (4.0)
|
Joomla Extension - balbooa.com - Unauthenticated file … |
balbooa.com |
balbooa.com Balbooa Forms extension for Joomla |
2026-07-09T09:53:57.886Z | 2026-07-11T05:28:12.683Z |
| CVE-2026-56290 |
10 (4.0)
|
Joomla Extension - joomlack.fr - Unauthenticated file … |
joomlack.fr |
JoomlaCK.fr Page Builder CK extension for Joomla |
2026-06-29T14:31:37.952Z | 2026-07-08T09:53:18.704Z |
| CVE-2026-56004 |
10 (3.1)
|
obs-service-tar_scm: command injection via mercurial handler |
openSUSE |
buildservice |
2026-07-02T14:54:02.119Z | 2026-07-02T16:11:28.338Z |
| CVE-2026-54782 |
10 (3.1)
|
CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2… |
CoreWCF |
CoreWCF |
2026-07-08T22:20:37.401Z | 2026-07-10T03:55:37.656Z |
| CVE-2026-54769 |
10 (3.1)
|
Langroid: Sandbox Escape to Remote Code Execution via … |
langroid |
langroid |
2026-07-09T23:51:10.855Z | 2026-07-10T14:12:23.422Z |
| CVE-2026-54350 |
10 (3.1)
|
Budibase: Anonymous NoSQL operator injection via publi… |
Budibase |
budibase |
2026-06-26T20:44:00.337Z | 2026-06-30T19:31:58.021Z |
| CVE-2026-53576 |
10 (3.1)
|
Kestra: Unauthenticated RCE via /configs path-suffix a… |
kestra-io |
kestra |
2026-06-26T20:54:08.282Z | 2026-06-29T15:19:50.974Z |
| CVE-2026-52813 |
10 (3.1)
|
Gogs: Path Traversal in organization name results in R… |
gogs |
gogs |
2026-06-24T20:33:42.162Z | 2026-06-26T03:55:38.322Z |
| CVE-2026-52704 |
10 (3.1)
|
WordPress WooCommerce PDF Invoice Builder plugin <= 2.… |
Edgar Rojas |
WooCommerce PDF Invoice Builder |
2026-06-15T12:49:49.160Z | 2026-06-15T15:54:11.621Z |
| CVE-2026-50746 |
10 (3.1)
|
A malicious actor with access to the network coul… |
Ubiquiti Inc |
UniFi Connect Application |
2026-07-02T14:49:16.907Z | 2026-07-02T15:52:15.315Z |
| CVE-2026-50242 |
10 (3.1)
|
In JetBrains Hub before 2026.1.13757, 2025.3.1480… |
JetBrains |
Hub |
2026-06-19T11:49:42.383Z | 2026-06-24T03:56:16.426Z |
| CVE-2026-50160 |
10 (3.1)
|
Mass Assignment via Onboarding Endpoint Allows Unauthe… |
hoppscotch |
hoppscotch |
2026-07-01T17:48:49.381Z | 2026-07-02T03:57:34.538Z |
| CVE-2026-50086 |
10 (3.1)
|
Aqara unauthenticated AES oracle |
Aqara |
Aqara IAM/SSO Gateway |
2026-06-12T15:01:26.055Z | 2026-06-12T15:48:59.149Z |
| CVE-2026-49869 |
10 (3.1)
|
Kestra: Unauthenticated Remote Code Execution via Auth… |
kestra-io |
kestra |
2026-06-26T20:58:19.576Z | 2026-06-29T13:20:38.655Z |
| CVE-2026-49777 |
10 (3.1)
|
WordPress Product Slider Pro for WooCommerce plugin < … |
ShapedPlugin, LLC |
Product Slider Pro for WooCommerce |
2026-06-05T08:59:53.320Z | 2026-06-08T16:18:18.074Z |