Common Vulnerabilities and Exposures (CVE)

CVE-2026-56422

Jun 22, 2026 11:43:02 UTC

Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys (id) and ownership/scope foreign keys (event_id, org_id, user_id, sharing_group_id, galaxy_cluster_uuid, organisation_uuid...

CVE-2026-56367

Jun 22, 2026 11:33:08 UTC

ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB f...

CVE-2026-11373

Jun 22, 2026 11:28:06 UTC

Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injectio...

CVE-2026-12774

Jun 22, 2026 10:57:42 UTC

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Se...

CVE-2026-12781

Jun 22, 2026 10:57:03 UTC

A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack nee...

CVE-2026-12789

Jun 22, 2026 10:56:23 UTC

A vulnerability was identified in ILIAS Learning Management System 11.0. This issue affects the function ilTrQuery::executeQueries of the file components/ILIAS/Tracking/classes/class.ilTrQuery.php of the component Learning Progress Tracking...

CVE-2026-56229

Jun 22, 2026 10:54:01 UTC

Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched app_id and job_id c...

CVE-2026-56265

Jun 22, 2026 10:43:47 UTC

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing auth...

CVE-2026-56382

Jun 22, 2026 10:30:06 UTC

Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and <= 5.9.13 contain a remote code execution vulnerability in the FieldsController::actionRenderCardPreview() method, which passes the fieldLayoutConfig POST parameter directly to...

CVE-2026-56395

Jun 22, 2026 10:29:04 UTC

SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsi...

CVE-2026-12804

Jun 22, 2026 10:28:14 UTC

A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of t...

CVE-2026-12810

Jun 22, 2026 10:27:45 UTC

A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in co...

CVE-2026-12863

Jun 22, 2026 10:27:10 UTC

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains.

CVE-2026-12580

Jun 22, 2026 10:26:46 UTC

EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load.

CVE-2026-12581

Jun 22, 2026 10:26:23 UTC

EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in.