Common Vulnerabilities and Exposures (CVE)

CVE-2026-11779

Jun 26, 2026 17:15:31 UTC

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.

CVE-2026-28385

Jun 26, 2026 17:13:58 UTC

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated users with the can_create_images entitlement to interact with internal network infrastruct...

CVE-2026-57880

Jun 26, 2026 17:11:55 UTC

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields...

CVE-2025-63041

Jun 26, 2026 17:10:40 UTC

Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions.

CVE-2025-68052

Jun 26, 2026 17:10:17 UTC

Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions.

CVE-2026-52701

Jun 26, 2026 17:09:36 UTC

Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.

CVE-2026-54831

Jun 26, 2026 17:08:29 UTC

Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.

CVE-2026-54839

Jun 26, 2026 17:06:57 UTC

Unauthenticated Sensitive Data Exposure in Trinity Backup &#8211; Backup, Migrate, Restore, Clone &amp; Schedule Backups <= 2.0.9 versions.

CVE-2026-56011

Jun 26, 2026 17:04:26 UTC

Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.

CVE-2026-56030

Jun 26, 2026 17:01:36 UTC

Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.

CVE-2026-56036

Jun 26, 2026 16:58:28 UTC

Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.

CVE-2026-56044

Jun 26, 2026 16:57:19 UTC

Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.

CVE-2026-56063

Jun 26, 2026 16:55:45 UTC

Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.

CVE-2026-33646

Jun 26, 2026 16:51:44 UTC

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec() function registered, enabling arbitrary command executi...

CVE-2026-55677

Jun 26, 2026 16:50:57 UTC

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path (preserving %2F as-is), while StaticDirectoryHandler unescapes ...