Total
359651 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-4779 | 1 Ahsanriaz26gmailcom | 1 Sales And Inventory System | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_customer_details.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-4778 | 1 Ahsanriaz26gmailcom | 1 Sales And Inventory System | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file update_category.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-4777 | 1 Ahsanriaz26gmailcom | 1 Sales And Inventory System | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-4776 | 2026-06-17 | N/A | 7.1 HIGH | ||
| An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands. | |||||
| CVE-2026-4775 | 3 Debian, Libtiff, Redhat | 4 Debian Linux, Libtiff, Enterprise Linux and 1 more | 2026-06-17 | N/A | 7.8 HIGH |
| A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution. | |||||
| CVE-2026-4766 | 2026-06-17 | N/A | 6.4 MEDIUM | ||
| The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post meta field in all versions up to, and including, 1.5.3. This is due to insufficient input sanitization and output escaping on user-supplied gallery shortcode values. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2026-4764 | 2026-06-17 | N/A | N/A | ||
| A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was patched on 15 March 2026, and no customer action is needed. | |||||
| CVE-2026-4761 | 1 Codra | 4 Panorama Collaborative Operation \& Execution, Panorama Com, Panorama E2 and 1 more | 2026-06-17 | N/A | 7.5 HIGH |
| When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. * Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable Please refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt. | |||||
| CVE-2026-4760 | 2026-06-17 | N/A | N/A | ||
| From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. * Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed * Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078 (or higher) are installed * Installations based on Panorama Suite 2025 (25.00.016) are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher) are installed Please refer to security bulletin BS-035, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt . | |||||
| CVE-2026-4758 | 2026-06-17 | N/A | 8.8 HIGH | ||
| The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | |||||
| CVE-2026-4756 | 1 Molotovcherry | 1 Android-imagemagick7 | 2026-06-17 | N/A | 7.8 HIGH |
| Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | |||||
| CVE-2026-4755 | 1 Molotovcherry | 1 Android-imagemagick7 | 2026-06-17 | N/A | 9.8 CRITICAL |
| CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | |||||
| CVE-2026-4754 | 1 Molotovcherry | 1 Android-imagemagick7 | 2026-06-17 | N/A | 6.1 MEDIUM |
| CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | |||||
| CVE-2026-4753 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72. | |||||
| CVE-2026-4752 | 2026-06-17 | N/A | 6.4 MEDIUM | ||
| Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329. | |||||
| CVE-2026-4751 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0. | |||||
| CVE-2026-4750 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0. | |||||
| CVE-2026-4749 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0. | |||||
| CVE-2026-4748 | 1 Freebsd | 1 Freebsd | 2026-06-17 | N/A | 7.5 HIGH |
| A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the address[/mask-bits] syntax were not affected. Some keywords representing actions taken on a packet-matching rule, such as 'log', 'return tll', or 'dnpipe', may suffer from the same issue. It is unlikely that users have such configurations, as these rules would always be redundant. Affected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking. | |||||
| CVE-2026-4747 | 1 Freebsd | 1 Freebsd | 2026-06-17 | N/A | 8.8 HIGH |
| Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notably, this does not require the client to authenticate itself first. As kgssapi.ko's RPCSEC_GSS implementation is vulnerable, remote code execution in the kernel is possible by an authenticated user that is able to send packets to the kernel's NFS server while kgssapi.ko is loaded into the kernel. In userspace, applications which have librpcgss_sec loaded and run an RPC server are vulnerable to remote code execution from any client able to send it packets. We are not aware of any such applications in the FreeBSD base system. | |||||