895 items
Unread (4631) All Dismissed
CRITICAL
CVE-2026-48899 (CVSS 9.8) — An improper access check allows privilege escalation through the com_users batch task.
NVD CVE-2026-48899 23d ago
CRITICAL
CVE-2026-48898 (CVSS 9.8) — An improper access check allows privilege escalation through the com_users batch task.
NVD CVE-2026-48898 23d ago
CRITICAL
CVE-2026-48691 (CVSS 9.8) — FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute...
NVD CVE-2026-48691 23d ago
CRITICAL
CVE-2026-40383 (CVSS 9.8) — An improper validation of user-supplied input leads to a local file inclusion vulnerability.
NVD CVE-2026-40383 23d ago
CRITICAL
CVE-2026-35223 (CVSS 9.8) — An improper access check allows unauthorized access to com_config webservice endpoints.
NVD CVE-2026-35223 23d ago
CRITICAL
CVE-2026-35222 (CVSS 9.8) — Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
NVD CVE-2026-35222 23d ago
CRITICAL
CVE-2026-35221 (CVSS 9.8) — Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_fi...
NVD CVE-2026-35221 23d ago
CRITICAL
CVE-2026-48687 (CVSS 9.8) — FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Jun...
NVD CVE-2026-48687 23d ago
CRITICAL
CVE-2026-48686 (CVSS 9.8) — FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (N...
NVD CVE-2026-48686 23d ago
CRITICAL
CVE-2026-45247: Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability (Mirasvit Mirasvit Full Page Cache Warmer)
CISA KEV CVE-2026-45247actively-exploited +2 16d ago
CRITICAL
CVE-2026-45247 (CVSS 9.8) — Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection...
NVD 23d ago
INFO
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
The Hacker News 15d ago
CRITICAL
CVE-2026-9543 (CVSS 9.8) — A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setP...
NVD CVE-2026-9543 23d ago
CRITICAL
CVE-2026-7374 (CVSS 9.9) — A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated Op...
NVD CVE-2026-7374 23d ago
CRITICAL
CVE-2026-42496 (CVSS 9.1) — Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside...
NVD CVE-2026-42496 24d ago
CRITICAL
CVE-2026-8376 (CVSS 9.8) — Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a ...
NVD CVE-2026-8376 24d ago
CRITICAL
CVE-2026-48172: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability (LiteSpeed cPanel Plugin)
CISA KEV CVE-2026-48172actively-exploited +2 24d ago
CRITICAL
CVE-2026-48172 (CVSS 9.8) — LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp...
NVD 29d ago
INFO
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
The Hacker News 27d ago
CRITICAL
CVE-2026-9478 (CVSS 9.8) — A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function set...
NVD CVE-2026-9478 24d ago
CRITICAL
CVE-2026-9477 (CVSS 9.8) — A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the ...
NVD CVE-2026-9477 24d ago
CRITICAL
CVE-2026-9476 (CVSS 9.8) — A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects t...
NVD CVE-2026-9476 24d ago
CRITICAL
CVE-2026-9475 (CVSS 9.8) — A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This affects the function se...
NVD CVE-2026-9475 24d ago
CRITICAL
CVE-2026-9458 (CVSS 9.8) — A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the ...
NVD CVE-2026-9458 24d ago
CRITICAL
CVE-2026-9457 (CVSS 9.8) — A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the ...
NVD CVE-2026-9457 24d ago
CRITICAL
CVE-2026-9456 (CVSS 9.8) — A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenV...
NVD CVE-2026-9456 24d ago
CRITICAL
CVE-2026-9455 (CVSS 9.8) — A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the funct...
NVD CVE-2026-9455 24d ago
CRITICAL
CVE-2026-9454 (CVSS 9.8) — A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the functi...
NVD CVE-2026-9454 24d ago
CRITICAL
CVE-2026-9436 (CVSS 9.8) — A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function ...
NVD CVE-2026-9436 25d ago
CRITICAL
CVE-2026-9435 (CVSS 9.8) — A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the fu...
NVD CVE-2026-9435 25d ago
CRITICAL
CVE-2026-9434 (CVSS 9.8) — A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the ...
NVD CVE-2026-9434 25d ago
CRITICAL
CVE-2026-9433 (CVSS 9.8) — A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the funct...
NVD CVE-2026-9433 25d ago
CRITICAL
CVE-2026-9432 (CVSS 9.8) — A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affe...
NVD CVE-2026-9432 25d ago
CRITICAL
CVE-2026-9408 (CVSS 9.8) — A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the ...
NVD CVE-2026-9408 25d ago
CRITICAL
CVE-2026-9407 (CVSS 9.8) — A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this...
NVD CVE-2026-9407 25d ago
CRITICAL
CVE-2026-9406 (CVSS 9.8) — A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function set...
NVD CVE-2026-9406 25d ago
CRITICAL
CVE-2026-9405 (CVSS 9.8) — A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This impacts the functi...
NVD CVE-2026-9405 25d ago
CRITICAL
CVE-2026-9404 (CVSS 9.8) — A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function se...
NVD CVE-2026-9404 25d ago
CRITICAL
CVE-2026-9388 (CVSS 9.8) — A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the ...
NVD CVE-2026-9388 25d ago
CRITICAL
CVE-2026-9387 (CVSS 9.8) — A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The affected element is...
NVD CVE-2026-9387 25d ago
CRITICAL
CVE-2026-9386 (CVSS 9.8) — A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function set...
NVD CVE-2026-9386 25d ago
CRITICAL
CVE-2026-9385 (CVSS 9.8) — A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the funct...
NVD CVE-2026-9385 25d ago
CRITICAL
CVE-2026-9384 (CVSS 9.8) — A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the fu...
NVD CVE-2026-9384 25d ago
CRITICAL
CVE-2018-25350 (CVSS 9.8) — userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers...
NVD CVE-2018-25350 26d ago
CRITICAL
CVE-2026-47280 (CVSS 10) — Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate p...
NVD CVE-2026-47280 27d ago
CRITICAL
CVE-2026-42901 (CVSS 10) — Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges ...
NVD CVE-2026-42901 27d ago
CRITICAL
CVE-2026-41104 (CVSS 10) — Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacke...
NVD CVE-2026-41104 27d ago
CRITICAL
CVE-2026-41090 (CVSS 9.3) — Improper neutralization of special elements used in a command ('command injection') in Microsoft Cop...
NVD CVE-2026-41090 27d ago
CRITICAL
CVE-2026-40412 (CVSS 10) — Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attac...
NVD CVE-2026-40412 27d ago
CRITICAL
CVE-2026-40411 (CVSS 9.9) — Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute ...
NVD CVE-2026-40411 27d ago
CRITICAL
CVE-2026-33843 (CVSS 9.1) — Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C all...
NVD CVE-2026-33843 27d ago
CRITICAL
CVE-2026-23652 (CVSS 10) — Improper neutralization of special elements used in a command ('command injection') in Microsoft Pow...
NVD CVE-2026-23652 27d ago
CRITICAL
CVE-2026-9082: Drupal Core SQL Injection Vulnerability (Drupal Core)
CISA KEV CVE-2026-9082actively-exploited +4 28d ago
INFO
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
The Hacker News 29d ago
INFO
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
SecurityWeek 28d ago
INFO
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
SecurityWeek 27d ago
INFO
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
The Hacker News 27d ago
CRITICAL
CVE-2026-6960 (CVSS 9.8) — The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing fil...
NVD CVE-2026-6960 28d ago
CRITICAL CISA KEV Wed, 03 Jun 2026 00:00:00 UTC
CVE-2026-45247: Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability (Mirasvit Mirasvit Full Page Cache Warmer)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
TL;DR
Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Due: 2026-06-06. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigat…
CVE-2026-45247actively-exploited
Read full story ↗
Related coverage (2)
CVE-2026-45247 (CVSS 9.8) — Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection...
NVD 23d ago
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
The Hacker News 15d ago