Common Vulnerabilities and Exposures (CVE)

CVE-2026-57649

Jun 26, 2026 20:15:46 UTC

Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.

CVE-2026-57655

Jun 26, 2026 20:15:32 UTC

Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.

CVE-2026-57661

Jun 26, 2026 20:15:19 UTC

Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.

CVE-2026-48800

Jun 26, 2026 20:12:43 UTC

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text content inside <UserDefinedCommands> in shortcuts.xml is read by NppXml::value(aNode) (Parameters.cpp:3658) in the feedUserCmds() function and ...

CVE-2026-52884

Jun 26, 2026 20:11:40 UTC

Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT canonicalize the path before checking. It uses a prefix-based check (PathIsPrefix() or equivalent) that matches paths starting with trusted...

CVE-2026-49991

Jun 26, 2026 20:01:29 UTC

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write ar...

CVE-2026-55189

Jun 26, 2026 19:59:13 UTC

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP frontend is enabled, the FTP read and probe handlers dispatch directly to the storage backend without ever calling the IAM auth...

CVE-2026-32833

Jun 26, 2026 19:54:02 UTC

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST...

CVE-2026-44733

Jun 26, 2026 19:47:13 UTC

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass password requirements. A password validation flaw...

CVE-2026-52784

Jun 26, 2026 19:44:25 UTC

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a CSRF on TARGET through /users/:id via POST parameter "user[admin]". This vulnerability is fixed in 17.3.3 and 17.4.1.

CVE-2026-47193

Jun 26, 2026 19:42:38 UTC

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in ...

CVE-2026-47645

Jun 26, 2026 19:42:36 UTC

Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-48582

Jun 26, 2026 19:42:35 UTC

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

CVE-2026-48579

Jun 26, 2026 19:42:35 UTC

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.

CVE-2026-48567

Jun 26, 2026 19:42:34 UTC

Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.