Tue, Jun 09 · 04:16 PM CDTCVE-2026-10520
10.0/10 · Must read/watchNVDvuln
Summary
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
CVECVE-2026-10520
SeverityCRITICAL
TypeUPDATED
PublishedTue, Jun 09 · 04:16 PM CDT
ModifiedFri, Jun 12 · 12:42 PM CDT
Tue, Jun 09 · 09:17 PM CDTCVE-2026-48303
10.0/10 · Must read/watchNVDvuln
Summary
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
CVECVE-2026-48303
SeverityCRITICAL
TypeUPDATED
PublishedTue, Jun 09 · 09:17 PM CDT
ModifiedFri, Jun 12 · 03:02 PM CDT
Wed, Jun 10 · 06:17 PM CDTCVE-2026-50566
9.9/10 · Must read/watchNVDvuln
Summary
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability containers in the Fission f
CVECVE-2026-50566
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 10 · 06:17 PM CDT
ModifiedFri, Jun 12 · 02:16 PM CDT
Wed, Sep 20 · 10:15 PM CDTCVE-2023-34575
9.8/10 · Must read/watchNVDvuln
Summary
SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods.
CVECVE-2023-34575
SeverityCRITICAL
TypeUPDATED
PublishedWed, Sep 20 · 10:15 PM CDT
ModifiedFri, Jun 12 · 02:27 PM CDT
Thu, Sep 21 · 08:15 PM CDTCVE-2023-34576
9.8/10 · Must read/watchNVDvuln
Summary
SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.
CVECVE-2023-34576
SeverityCRITICAL
TypeUPDATED
PublishedThu, Sep 21 · 08:15 PM CDT
ModifiedFri, Jun 12 · 02:56 PM CDT
Tue, Oct 31 · 05:15 AM CDTCVE-2023-36263
9.8/10 · Must read/watchNVDvuln
Summary
Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
CVECVE-2023-36263
SeverityCRITICAL
TypeUPDATED
PublishedTue, Oct 31 · 05:15 AM CDT
ModifiedFri, Jun 12 · 02:20 PM CDT
Wed, Jun 10 · 03:16 AM CDTCVE-2025-66276
9.8/10 · Must read/watchNVDvuln
Summary
QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later
CVECVE-2025-66276
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 10 · 03:16 AM CDT
ModifiedFri, Jun 12 · 08:25 PM CDT
Thu, Jun 11 · 04:16 AM CDTCVE-2026-35273
9.8/10 · Must read/watchNVDvuln
Summary
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise Peopl
CVECVE-2026-35273
SeverityCRITICAL
TypeUPDATED
PublishedThu, Jun 11 · 04:16 AM CDT
ModifiedFri, Jun 12 · 07:15 PM CDT
Tue, Jun 09 · 08:16 AM CDTCVE-2026-44083
9.8/10 · Must read/watchNVDvuln
Summary
An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later
CVECVE-2026-44083
SeverityCRITICAL
TypeUPDATED
PublishedTue, Jun 09 · 08:16 AM CDT
ModifiedFri, Jun 12 · 03:47 PM CDT
Wed, Jun 10 · 05:16 AM CDTCVE-2026-26240
9.1/10 · Must read/watchNVDvuln
Summary
A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later
CVECVE-2026-26240
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 10 · 05:16 AM CDT
ModifiedFri, Jun 12 · 12:52 PM CDT
Wed, Jun 10 · 05:16 AM CDTCVE-2026-26241
9.1/10 · Must read/watchNVDvuln
Summary
A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later
CVECVE-2026-26241
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 10 · 05:16 AM CDT
ModifiedFri, Jun 12 · 12:51 PM CDT
Tue, Jun 09 · 05:17 PM CDTCVE-2026-45602
9.1/10 · Must read/watchNVDvuln
Summary
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
CVECVE-2026-45602
SeverityCRITICAL
TypeUPDATED
PublishedTue, Jun 09 · 05:17 PM CDT
ModifiedFri, Jun 12 · 05:56 PM CDT
Tue, Jun 09 · 05:17 PM CDTCVE-2026-45484
8.8/10 · Worth your timeNVDvuln
Summary
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVECVE-2026-45484
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 05:17 PM CDT
ModifiedFri, Jun 12 · 03:57 PM CDT
Tue, Jun 09 · 05:17 PM CDTCVE-2026-45504
8.8/10 · Worth your timeNVDvuln
Summary
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVECVE-2026-45504
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 05:17 PM CDT
ModifiedFri, Jun 12 · 07:39 PM CDT
Mon, Jun 08 · 04:16 PM CDTCVE-2026-46475
8.8/10 · Worth your timeNVDvuln
Summary
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2.
CVECVE-2026-46475
SeverityHIGH
TypeUPDATED
PublishedMon, Jun 08 · 04:16 PM CDT
ModifiedFri, Jun 12 · 05:47 PM CDT
Tue, Jun 09 · 10:16 AM CDTCVE-2026-46746
8.8/10 · Worth your timeNVDvuln
Summary
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when directory listings a
CVECVE-2026-46746
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 10:16 AM CDT
ModifiedFri, Jun 12 · 06:08 PM CDT
Tue, Jun 09 · 10:16 AM CDTCVE-2026-46748
8.8/10 · Worth your timeNVDvuln
Summary
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a
CVECVE-2026-46748
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 10:16 AM CDT
ModifiedFri, Jun 12 · 03:33 PM CDT
Tue, Jun 09 · 05:17 PM CDTCVE-2026-47289
8.8/10 · Worth your timeNVDvuln
Summary
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVECVE-2026-47289
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 05:17 PM CDT
ModifiedFri, Jun 12 · 05:39 PM CDT
Wed, Jun 10 · 11:16 PM CDTCVE-2026-47342
8.8/10 · Worth your timeNVDvuln
Summary
A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue.
CVECVE-2026-47342
SeverityHIGH
TypeUPDATED
PublishedWed, Jun 10 · 11:16 PM CDT
ModifiedFri, Jun 12 · 07:31 PM CDT
Tue, Jun 09 · 05:17 PM CDTCVE-2026-47653
8.8/10 · Worth your timeNVDvuln
Summary
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVECVE-2026-47653
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 05:17 PM CDT
ModifiedFri, Jun 12 · 05:32 PM CDT
Wed, Jun 10 · 11:16 PM CDTCVE-2026-50223
8.8/10 · Worth your timeNVDvuln
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before 24.09.07. Users are reco
CVECVE-2026-50223
SeverityHIGH
TypeUPDATED
PublishedWed, Jun 10 · 11:16 PM CDT
ModifiedFri, Jun 12 · 07:30 PM CDT
Wed, Jun 10 · 04:17 AM CDTCVE-2026-24724
8.1/10 · Worth your timeNVDvuln
Summary
An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later
CVECVE-2026-24724
SeverityHIGH
TypeUPDATED
PublishedWed, Jun 10 · 04:17 AM CDT
ModifiedFri, Jun 12 · 01:47 PM CDT
Wed, Jun 10 · 04:17 AM CDTCVE-2026-26239
8.1/10 · Worth your timeNVDvuln
Summary
A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later
CVECVE-2026-26239
SeverityHIGH
TypeUPDATED
PublishedWed, Jun 10 · 04:17 AM CDT
ModifiedFri, Jun 12 · 12:53 PM CDT
Thu, Jun 11 · 07:16 AM CDTCVE-2026-41699
8.1/10 · Worth your timeNVDvuln
Summary
Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated (Connection) field and the classpath contains specific classes that can be
CVECVE-2026-41699
SeverityHIGH
TypeUPDATED
PublishedThu, Jun 11 · 07:16 AM CDT
ModifiedFri, Jun 12 · 07:28 PM CDT
Thu, Jun 11 · 07:16 AM CDTCVE-2026-41700
8.1/10 · Worth your timeNVDvuln
Summary
Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials. Affected versions: Spring f
CVECVE-2026-41700
SeverityHIGH
TypeUPDATED
PublishedThu, Jun 11 · 07:16 AM CDT
ModifiedFri, Jun 12 · 02:13 PM CDT