Common Vulnerabilities and Exposures (CVE)

CVE-2026-48042

Jun 26, 2026 17:29:14 UTC

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O(100K) nested objects are present. This vu...

CVE-2026-47775

Jun 26, 2026 17:23:51 UTC

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt()/decrypt() functions use AES-256-CBC without an authentication tag (no HM...

CVE-2026-11779

Jun 26, 2026 17:15:31 UTC

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.

CVE-2026-28385

Jun 26, 2026 17:13:58 UTC

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated users with the can_create_images entitlement to interact with internal network infrastruct...

CVE-2026-57880

Jun 26, 2026 17:11:55 UTC

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields...

CVE-2025-63041

Jun 26, 2026 17:10:40 UTC

Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions.

CVE-2025-68052

Jun 26, 2026 17:10:17 UTC

Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions.

CVE-2026-52701

Jun 26, 2026 17:09:36 UTC

Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.

CVE-2026-54831

Jun 26, 2026 17:08:29 UTC

Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.

CVE-2026-54839

Jun 26, 2026 17:06:57 UTC

Unauthenticated Sensitive Data Exposure in Trinity Backup &#8211; Backup, Migrate, Restore, Clone &amp; Schedule Backups <= 2.0.9 versions.

CVE-2026-56011

Jun 26, 2026 17:04:26 UTC

Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.

CVE-2026-56030

Jun 26, 2026 17:01:36 UTC

Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.

CVE-2026-56036

Jun 26, 2026 16:58:28 UTC

Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.

CVE-2026-56044

Jun 26, 2026 16:57:19 UTC

Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.

CVE-2026-56063

Jun 26, 2026 16:55:45 UTC

Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.