Total
35456 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-33051 | 1 Microsoft | 2 Exchange Server, Exchange Server Subscription Edition | 2026-06-15 | N/A | 7.5 HIGH |
| Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-25005 | 1 Microsoft | 2 Exchange Server, Exchange Server Subscription Edition | 2026-06-15 | N/A | 6.5 MEDIUM |
| Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. | |||||
| CVE-2025-59248 | 1 Microsoft | 2 Exchange Server, Exchange Server Subscription Edition | 2026-06-15 | N/A | 7.5 HIGH |
| Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-53782 | 1 Microsoft | 2 Exchange Server, Exchange Server Subscription Edition | 2026-06-15 | N/A | 8.4 HIGH |
| Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. | |||||
| CVE-2025-59249 | 1 Microsoft | 2 Exchange Server, Exchange Server Subscription Edition | 2026-06-15 | N/A | 8.8 HIGH |
| Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-64666 | 1 Microsoft | 2 Exchange Server, Exchange Server Subscription Edition | 2026-06-15 | N/A | 7.5 HIGH |
| Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2026-47928 | 1 Adobe | 1 Coldfusion | 2026-06-15 | N/A | 9.6 CRITICAL |
| ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | |||||
| CVE-2026-47930 | 1 Adobe | 1 Coldfusion | 2026-06-15 | N/A | 8.1 HIGH |
| ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2026-47931 | 1 Adobe | 1 Coldfusion | 2026-06-15 | N/A | 8.4 HIGH |
| ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | |||||
| CVE-2022-32511 | 2 Fedoraproject, Jmespath | 2 Fedora, Jmespath | 2026-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. | |||||
| CVE-2026-47284 | 1 Microsoft | 1 Visual Studio Code | 2026-06-15 | N/A | 6.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2023-50780 | 1 Apache | 1 Artemis | 2026-06-15 | N/A | 8.8 HIGH |
| Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE. Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue. | |||||
| CVE-2026-46205 | 1 Linux | 1 Linux Kernel | 2026-06-15 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Disallow all private IOCTLs Disallow all private IOCTLs. These aren't quite as safe as one could assume of IOCTL handlers; disable them for now. Instead of removing the code, return in the beginning of the function if cmd is non-zero in order to keep static checkers happy. | |||||
| CVE-2026-12016 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-13 | N/A | 8.3 HIGH |
| Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-12017 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-13 | N/A | 3.1 LOW |
| Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-66276 | 1 Qnap | 1 Qts | 2026-06-12 | N/A | 9.8 CRITICAL |
| QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later | |||||
| CVE-2026-20259 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2026-06-12 | N/A | 5.5 MEDIUM |
| In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control. | |||||
| CVE-2026-46669 | 1 Openvm | 1 Openvm | 2026-06-12 | N/A | 7.5 HIGH |
| OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try_honest_pairing_check function invokes Theorem 3 of https://eprint.iacr.org/2024/640.pdf but does not check that the scaling factor s is in a proper subfield of Fp12. This allows incorrect results to the pairing check. This issue has been patched in version 1.6.0. | |||||
| CVE-2026-50623 | 1 Apache | 1 Cxf | 2026-06-12 | N/A | 6.5 MEDIUM |
| An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint (/services/oauth2/introspect) can be accessed by any unauthenticated network attacker. However note that this is a safeguard only in the case that someone forgot to enable authentication on the service. Users are recommended to upgrade to version 4.2.2 or 4.1.7, which fixes this issue. | |||||
| CVE-2026-50632 | 1 Apache | 1 Cxf | 2026-06-12 | N/A | 8.1 HIGH |
| A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue. | |||||