CVE-2026-50031 (v3: 7.5) 3 Jun 2026

ipmi-oem in FreeIPMI before 1.16.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specif... Read more ➔

CVE-2026-10705 (v3: 3.1) 3 Jun 2026

A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the compon... Read more ➔

CVE-2026-10704 (v3: 7.3) 3 Jun 2026

A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/... Read more ➔

CVE-2026-10703 (v3: 6.3) 3 Jun 2026

A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the fi... Read more ➔

CVE-2026-9516 3 Jun 2026

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a l... Read more ➔

CVE-2026-9334 3 Jun 2026

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled. decode_hv() collap... Read more ➔

CVE-2026-10694 (v3: 7.3) 3 Jun 2026

A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php.... Read more ➔

CVE-2026-10693 (v3: 6.3) 3 Jun 2026

A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown function... Read more ➔

CVE-2026-9732 (v3: 4.3) 3 Jun 2026

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a... Read more ➔

CVE-2026-7421 (v3: 4.4) 3 Jun 2026

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the... Read more ➔

CVE-2026-10692 (v3: 4.3) 3 Jun 2026

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_cod... Read more ➔

CVE-2026-10691 (v3: 4.3) 3 Jun 2026

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.... Read more ➔

CVE-2026-10690 (v3: 6.3) 3 Jun 2026

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.... Read more ➔

CVE-2026-44654 2 Jun 2026

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete fi... Read more ➔

CVE-2026-44653 (v3: 6.5) 2 Jun 2026

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an... Read more ➔

CVE-2026-42507 2 Jun 2026

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject mis... Read more ➔

CVE-2026-42504 2 Jun 2026

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. Read more ➔

CVE-2026-41412 (v3: 4.9) 2 Jun 2026

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io exte... Read more ➔

CVE-2026-40108 2 Jun 2026

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. Thi... Read more ➔

CVE-2026-35482 (v3: 8) 2 Jun 2026

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escap... Read more ➔

CVE-2026-32625 (v3: 9.6) 2 Jun 2026

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) se... Read more ➔

CVE-2026-31942 (v3: 7.1) 2 Jun 2026

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference... Read more ➔

CVE-2026-27145 2 Jun 2026

(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings... Read more ➔

CVE-2026-25861 (v3: 5.9) 2 Jun 2026

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credent... Read more ➔

CVE-2026-10719 2 Jun 2026

Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra... Read more ➔

Key Capabilities

Latest privacy news tracking

Latest Threat Intelligence

Breach modelling and ROI calculator

Threat Intelligence