Common Vulnerabilities and Exposures (CVE)

CVE-2026-46546

Jun 10, 2026 16:55:34 UTC

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced...

CVE-2026-42969

Jun 10, 2026 16:33:03 UTC

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2025-71319

Jun 10, 2026 16:32:56 UTC

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-typ...

CVE-2026-47932

Jun 10, 2026 16:32:51 UTC

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this ...

CVE-2026-48292

Jun 10, 2026 16:32:44 UTC

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in t...

CVE-2026-47902

Jun 10, 2026 16:32:39 UTC

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an applicat...

CVE-2026-45782

Jun 10, 2026 16:32:33 UTC

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the ...

CVE-2026-44505

Jun 10, 2026 16:32:27 UTC

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/src/swarm.rs). Prior to version 1.4.0, wh...

CVE-2026-53674

Jun 10, 2026 16:32:21 UTC

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names co...

CVE-2026-46543

Jun 10, 2026 16:32:15 UTC

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block'...

CVE-2026-45329

Jun 10, 2026 16:32:10 UTC

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only some of the caller-supplied p...

CVE-2026-9019

Jun 10, 2026 16:32:03 UTC

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'grid[properties][borderColor]' and 'grid[images][N][attachment_url]' Parameters in all versions up to, and including, 1.13.6 due to insufficient i...

CVE-2026-49495

Jun 10, 2026 16:31:56 UTC

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the exp...

CVE-2026-52752

Jun 10, 2026 16:31:51 UTC

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to wri...

CVE-2026-52757

Jun 10, 2026 16:31:45 UTC

Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in...