Total
362780 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-54189 | 2026-06-17 | N/A | 7.1 HIGH | ||
| Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. | |||||
| CVE-2026-54188 | 2026-06-17 | N/A | 7.1 HIGH | ||
| Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. | |||||
| CVE-2026-54185 | 2026-06-17 | N/A | 8.5 HIGH | ||
| Subscriber SQL Injection in Cornerstone < 7.8.8 versions. | |||||
| CVE-2026-52716 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions. | |||||
| CVE-2026-52706 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions. | |||||
| CVE-2026-52705 | 2026-06-17 | N/A | 9.0 CRITICAL | ||
| Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions. | |||||
| CVE-2026-49778 | 2026-06-17 | N/A | 7.1 HIGH | ||
| Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions. | |||||
| CVE-2026-49107 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions. | |||||
| CVE-2026-49084 | 2026-06-17 | N/A | 9.3 CRITICAL | ||
| Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions. | |||||
| CVE-2026-49076 | 2026-06-17 | N/A | 9.3 CRITICAL | ||
| Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions. | |||||
| CVE-2026-49074 | 2026-06-17 | N/A | 7.1 HIGH | ||
| Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions. | |||||
| CVE-2026-49072 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions. | |||||
| CVE-2026-48967 | 2026-06-17 | N/A | 8.5 HIGH | ||
| Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions. | |||||
| CVE-2026-48117 | 2026-06-17 | N/A | 6.8 MEDIUM | ||
| DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register an account using a victim's email address with an attacker-controlled password before the victim completed account activation. When the legitimate owner later activated the account, either by clicking the email verification link or by logging in via Google SSO, the attacker-set password became fully valid, enabling silent and persistent account takeover without any notification to the victim. The vulnerability was fixed server-side on 2025-05-20; no user action is required. Node binaries and self-hosted detection nodes are not affected. There are no workarounds; the fix was deployed server-side and no client-side mitigation is applicable. | |||||
| CVE-2026-47340 | 1 Apache | 1 Dolphinscheduler | 2026-06-17 | N/A | 6.5 MEDIUM |
| Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue. | |||||
| CVE-2026-46872 | 1 Oracle | 1 Enterprise Manager Base Platform | 2026-06-17 | N/A | 9.0 CRITICAL |
| Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Install). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H). | |||||
| CVE-2026-46932 | 1 Oracle | 1 Enterprise Asset Management | 2026-06-17 | N/A | 7.1 HIGH |
| Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Asset Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Asset Management. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L). | |||||
| CVE-2026-45436 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions. | |||||
| CVE-2026-45389 | 2026-06-17 | N/A | 7.4 HIGH | ||
| In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with certificates that are not meant for client authentication (because of KeyUsage and ExtendedKeyUsage). | |||||
| CVE-2026-42629 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions. | |||||
