Common Vulnerabilities and Exposures (CVE)

CVE-2026-58518

Jul 1, 2026 12:31:23 UTC

Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from * before 1.3.3.

CVE-2026-58519

Jul 1, 2026 12:29:57 UTC

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from * before 3.9...

CVE-2026-12579

Jul 1, 2026 12:29:19 UTC

AS228T with Authentication Bypass Vulnerability

CVE-2026-10539

Jul 1, 2026 12:29:09 UTC

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, poten...

CVE-2026-14193

Jul 1, 2026 12:28:00 UTC

DVP80ES300T with Improper Validation of Array Index Vulnerability

CVE-2026-50043

Jul 1, 2026 12:24:26 UTC

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in ...

CVE-2026-10538

Jul 1, 2026 12:24:04 UTC

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially...

CVE-2026-12575

Jul 1, 2026 12:22:28 UTC

DVP80ES3 with  Improper Resource Shutdown or Release vulnerability.

CVE-2026-10095

Jul 1, 2026 12:22:01 UTC

The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtext' parameter in all versions up to, and including, 9.1.13.005 due to insufficient input sanitization and output escaping. This makes it...

CVE-2026-12576

Jul 1, 2026 12:21:28 UTC

DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability.

CVE-2026-14258

Jul 1, 2026 12:20:42 UTC

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be ...

CVE-2026-12142

Jul 1, 2026 12:19:42 UTC

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via '_name[]' Array Parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and outpu...

CVE-2026-13323

Jul 1, 2026 12:19:20 UTC

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacke...

CVE-2026-14198

Jul 1, 2026 12:10:29 UTC

@fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before matching middleware paths, while Fastify's underlying router preserves the encoding during route lookup. The two layers disagree o...

CVE-2026-52956

Jul 1, 2026 12:08:01 UTC

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in __ceph_x_decrypt() In __ceph_x_decrypt(), a part of the buffer p is interpreted as a ceph_x_encrypt_header, and the magic f...