Total
6368 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-39311 | 2026-06-17 | N/A | 6.8 MEDIUM | ||
| Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy (CSP) and a publicly reachable backend execution API results in an unauthenticated Remote Code Execution (RCE). The vulnerability arises from an insecure-by-design architecture: Trilium serves SVG attachments with the image/svg+xml MIME type without any sanitization, and it explicitly disables Helmet's Content Security Policy middleware, removing the primary defense against script execution in served assets. Because the malicious SVG runs under the Same-Origin Policy, it can issue a fetch('/') to extract the csrfToken from the document body. With that token, it can send a signed request to /api/script/exec to execute arbitrary Node.js code on the server. An attacker can compromise the entire server instance simply by tricking an authenticated user into viewing a shared SVG attachment. The issue has been fixed in version 0.102.2. | |||||
| CVE-2026-39087 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| ntfy before 2.22.0 allows SSRF because of an unanchored regular expression. | |||||
| CVE-2026-39052 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions. | |||||
| CVE-2026-38992 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator. | |||||
| CVE-2026-38431 | 1 Frappe | 1 Erpnext | 2026-06-17 | N/A | 9.8 CRITICAL |
| ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered. | |||||
| CVE-2026-37713 | 2026-06-17 | N/A | 7.3 HIGH | ||
| An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php. | |||||
| CVE-2026-37712 | 2026-06-17 | N/A | 7.3 HIGH | ||
| An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/cron/class/cronjob.class.php, call_user_func_array() in function job type | |||||
| CVE-2026-37711 | 2026-06-17 | N/A | 7.3 HIGH | ||
| An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actions_addupdatedelete.inc.php | |||||
| CVE-2026-37630 | 2026-06-17 | N/A | 7.3 HIGH | ||
| An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the js_mapped_arguments_mark function | |||||
| CVE-2026-36458 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered. | |||||
| CVE-2026-36365 | 2026-06-17 | N/A | 7.8 HIGH | ||
| An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp | |||||
| CVE-2026-36340 | 2026-06-17 | N/A | 8.1 HIGH | ||
| An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function | |||||
| CVE-2026-35255 | 1 Oracle | 1 Cloud Native Environment Command Line Interface | 2026-06-17 | N/A | 6.6 MEDIUM |
| Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line Interface product via a malicious environment variable. Successful attacks of this vulnerability can result in Oracle Cloud Native Environment Command Line Interface allowing users to execute arbitrary code. | |||||
| CVE-2026-35197 | 1 Mattiebee | 1 Dye | 2026-06-17 | N/A | 6.6 MEDIUM |
| dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1. | |||||
| CVE-2026-35194 | 1 Apache | 1 Flink | 2026-06-17 | N/A | 8.1 HIGH |
| Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions (1.15.0+) and LIKE expressions with ESCAPE clauses (1.17.0+). User-controlled strings are interpolated into generated Java code without proper escaping, allowing attackers to break out of string literals and inject arbitrary expressions. Users are recommended to upgrade to either version 1.20.4, 2.0.2, 2.1.2 or 2.2.1, which fixes this issue. | |||||
| CVE-2026-35178 | 1 Forceworkbench | 1 Forceworkbench | 2026-06-17 | N/A | 9.8 CRITICAL |
| Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an unsafe manner. This vulnerability is fixed in 65.0.0. | |||||
| CVE-2026-35171 | 1 Linuxfoundation | 1 Kedro | 2026-06-17 | N/A | 9.8 CRITICAL |
| Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDRO_LOGGING_CONFIG environment variable and loads it without validation. The logging configuration schema supports the special () key, which enables arbitrary callable instantiation. An attacker can exploit this to execute arbitrary system commands during application startup. This is a critical remote code execution (RCE) vulnerability caused by unsafe use of logging.config.dictConfig() with user-controlled input. This vulnerability is fixed in 1.3.0. | |||||
| CVE-2026-35093 | 2 Fedoraproject, Freedesktop | 2 Fedora, Libinput | 2026-06-17 | N/A | 8.8 HIGH |
| A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location. | |||||
| CVE-2026-35086 | 1 Apache | 1 Ofbiz | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | |||||
| CVE-2026-35056 | 1 Xenforo | 1 Xenforo | 2026-06-17 | N/A | 7.2 HIGH |
| XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server. | |||||