Common Vulnerabilities and Exposures (CVE)

CVE-2026-12192

Jun 15, 2026 19:25:27 UTC

A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly d...

CVE-2026-12201

Jun 15, 2026 19:25:21 UTC

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit ...

CVE-2026-12208

Jun 15, 2026 19:25:11 UTC

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled mod...

CVE-2026-12213

Jun 15, 2026 19:25:01 UTC

A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation res...

CVE-2026-12220

Jun 15, 2026 19:24:51 UTC

A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argu...

CVE-2016-20069

Jun 15, 2026 19:24:44 UTC

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject S...

CVE-2016-20075

Jun 15, 2026 19:24:34 UTC

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields func...

CVE-2016-20080

Jun 15, 2026 19:24:28 UTC

WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wp_abspath parameter. Attackers can supp...

CVE-2018-25437

Jun 15, 2026 19:24:18 UTC

WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download_backup.php endpoint. Attackers can directly access th...

CVE-2026-48969

Jun 15, 2026 19:24:11 UTC

Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 versions.

CVE-2025-15659

Jun 15, 2026 19:24:01 UTC

Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions.

CVE-2026-49294

Jun 15, 2026 19:23:54 UTC

Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting (XSS) due to improper neutralization of input in the JSONP callb...

CVE-2026-49875

Jun 15, 2026 19:21:20 UTC

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band (OOB) external entity resolution. Users are recommended to upgrade...

CVE-2026-49954

Jun 15, 2026 19:21:02 UTC

Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal ...

CVE-2026-7161

Jun 15, 2026 19:19:08 UTC

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to...