ReportizFlow
Filtered by vendor
Subscriptions
Total
357505 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59382 | 1 Qnap Systems | 3 Qts, Quts Hero, Qutscloud | 2026-06-12 | N/A |
| QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version: | ||||
| CVE-2026-11933 | 2026-06-12 | 8.8 High | ||
| A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript (for example, via $where or $function) can cause the server to access memory that has already been freed. This may result in disclosure of information from the mongod process memory or a denial of service through a server crash. | ||||
| CVE-2026-12008 | 1 Google | 1 Chrome | 2026-06-12 | 8.3 High |
| Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-49235 | 1 Nlnetlabs | 1 Routinator | 2026-06-12 | 7.5 High |
| When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes. | ||||
| CVE-2026-49233 | 1 Nlnetlabs | 1 Routinator | 2026-06-12 | 7.5 High |
| Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache. | ||||
| CVE-2026-49234 | 1 Nlnetlabs | 1 Routinator | 2026-06-12 | 7.5 High |
| When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks. | ||||
| CVE-2026-9125 | 2026-06-12 | 6.4 Medium | ||
| The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_url' parameter of the [presto_player_overlay] shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays() function, which copies the link_url shortcode attribute directly into the overlay configuration without scheme validation, allowing javascript: URIs to survive and be rendered as the href of a clickable anchor element by the presto-dynamic-overlay-ui web component. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-12013 | 1 Google | 1 Chrome | 2026-06-12 | 8.8 High |
| Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12025 | 1 Google | 1 Chrome | 2026-06-12 | 5.3 Medium |
| Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12034 | 1 Google | 1 Chrome | 2026-06-12 | 8.3 High |
| Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | ||||
| CVE-2026-53440 | 2 Jenkins, Jenkins Project | 2 Jenkins, Jenkins | 2026-06-12 | 4.3 Medium |
| Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain. | ||||
| CVE-2026-12033 | 1 Google | 1 Chrome | 2026-06-12 | 5.3 Medium |
| Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12015 | 1 Google | 1 Chrome | 2026-06-12 | 5.3 Medium |
| Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-45060 | 1 Macwarrior | 1 Clipbucket-v5 | 2026-06-12 | 9.8 Critical |
| ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress_video.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been patched in version 5.5.3 - #129. | ||||
| CVE-2026-53442 | 2 Jenkins, Jenkins Project | 2 Jenkins, Jenkins | 2026-06-12 | 5.3 Medium |
| Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2026-12011 | 1 Google | 1 Chrome | 2026-06-12 | 8.3 High |
| Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-12012 | 1 Google | 1 Chrome | 2026-06-12 | 8.1 High |
| Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High) | ||||
| CVE-2026-12014 | 1 Google | 1 Chrome | 2026-06-12 | 8.3 High |
| Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: High) | ||||
| CVE-2026-25700 | 1 Apache | 1 Answer | 2026-06-12 | 7.2 High |
| Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to administrative APIs until the token expired. Users are recommended to upgrade to version 2.0.1, which fixes the issue. | ||||
| CVE-2026-12020 | 1 Google | 1 Chrome | 2026-06-12 | 8.8 High |
| Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||