Total
2284 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27892 | 2026-06-05 | N/A | 9.6 CRITICAL | ||
| Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch. | |||||
| CVE-2024-27890 | 2026-06-05 | N/A | 9.6 CRITICAL | ||
| Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch. | |||||
| CVE-2026-4312 | 1 Dragonsoft | 1 Gcb\/fcb Government Financial Cybersecurity Configuration Audit Software | 2026-06-05 | N/A | 9.8 CRITICAL |
| GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account. | |||||
| CVE-2025-8025 | 2026-06-05 | N/A | 9.8 CRITICAL | ||
| Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dinosoft ERP: from < 3.0.1 through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1662 | 1 Porty | 1 Powerbank | 2026-06-05 | N/A | 7.5 HIGH |
| Missing Authentication for Critical Function, Missing Authorization vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data. This issue affects PowerBank Application: before 2.02. | |||||
| CVE-2025-8350 | 2026-06-05 | N/A | 9.8 CRITICAL | ||
| Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting. This issue affects BiEticaret CMS: from 2.1.13 through 19022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-36603 | 2026-06-05 | N/A | 8.1 HIGH | ||
| Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary port forwarding rules and access WAN traffic statistics. | |||||
| CVE-2026-1341 | 2026-06-04 | N/A | N/A | ||
| Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control. | |||||
| CVE-2026-25550 | 2026-06-04 | N/A | 9.8 CRITICAL | ||
| Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 <= R9, and DataServiceSingleton for BarTender 2019 <= R10 — configured with BinaryServerFormatterSinkProvider and TypeFilterLevel set to Full. An unauthenticated remote attacker can exploit .NET Remoting object unmarshalling to read or write arbitrary files on the server using the .NET WebClient class, or coerce NTLMv2 authentication by supplying a UNC path to an attacker-controlled server, enabling sensitive credential disclosure, remote code execution, or lateral movement depending on service account privileges and network environment. The service runs in the context of NT AUTHORITY\SYSTEM. | |||||
| CVE-2019-25738 | 2026-06-04 | N/A | 9.8 CRITICAL | ||
| WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to hc_ajax_save_option to enable user registration and set the default role to administrator, enabling account takeover. | |||||
| CVE-2026-10617 | 2026-06-04 | 7.5 HIGH | 7.3 HIGH | ||
| A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug. | |||||
| CVE-2026-46840 | 1 Oracle | 1 Rest Data Services | 2026-06-04 | N/A | 10.0 CRITICAL |
| Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle REST Data Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2026-46817 | 1 Oracle | 1 E-business Suite | 2026-06-04 | N/A | 9.8 CRITICAL |
| Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2025-62582 | 1 Deltaww | 1 Diaview | 2026-06-04 | N/A | 9.8 CRITICAL |
| Delta Electronics DIAView has multiple vulnerabilities. | |||||
| CVE-2025-14349 | 1 Uni-yaz | 1 Flexcity | 2026-06-04 | N/A | 8.8 HIGH |
| Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. | |||||
| CVE-2026-44211 | 1 Cline | 1 Cline | 2026-06-03 | N/A | 9.6 CRITICAL |
| Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches. | |||||
| CVE-2018-25412 | 1 Deltasql Project | 1 Deltasql | 2026-06-03 | N/A | 9.8 CRITICAL |
| Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution. | |||||
| CVE-2026-8697 | 1 Tp-link | 2 Archer C64, Archer C64 Firmware | 2026-06-03 | N/A | 8.8 HIGH |
| Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful exploitation could allow an attacker with adjacent network access to obtain administrative credentials through unrestricted authentication attempts and subsequently gain full administrative access to the device, impacting system confidentiality, integrity, and availability. | |||||
| CVE-2026-46826 | 1 Oracle | 1 E-business Suite | 2026-06-03 | N/A | 8.8 HIGH |
| Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Payroll. Successful attacks of this vulnerability can result in takeover of Oracle Payroll. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2026-46827 | 1 Oracle | 1 E-business Suite | 2026-06-03 | N/A | 8.8 HIGH |
| Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service Manager). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payroll. Successful attacks of this vulnerability can result in takeover of Oracle Payroll. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||