s2
--:--:--UTC

Searching APEX

Starting…

  1. Searching Threats, IOCs & Threat Intelligence locally
  2. Querying external providers
  3. Asking AI Forensic Validator
  4. Creating new entry from validated hit

0s elapsed

CVEs

Common Vulnerabilities & Exposures ingested from CVE Project cvelistV5, NVD and EUVD. Filter by year or search by ID / title.

Reset

188842 CVEs matched. Showing 1–50 (page 1 of 3777).

HIGH and CRITICAL CVEs are auto-promoted to the Threats table; the Threat column below shows the link when a promotion exists.

Click a column header to sort all results; click the active column again to reverse.

CVE-ID Title Severity Score (overview) NVD Score CNA Published Remediations Threat Source
CVE-2026-47342 Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
AI ~6.7 		apache 2026-06-10 20 ⚠ Threat raw ·
CVE-2026-50223 Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution 8.8 apache 2026-06-10 20 ⚠ Threat raw ·
CVE-2026-52726 Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE v… HIGH 7.5 7.5 GitHub_M 2026-06-10 15 ⚠ Threat raw ·
CVE-2026-44693 Pi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session Buffer HIGH 8.8 8.8 GitHub_M 2026-06-10 10 ⚠ Threat raw ·
CVE-2026-47734 Dulwich has unbounded memory allocation in receive-pack from crafted thin packs MEDIUM 5.7 5.7 GitHub_M 2026-06-10 10 raw ·
CVE-2026-53465 ImageMagick: Heap Buffer Over-Write in SF3 encoder when writing multi-frame image MEDIUM 6.2 GitHub_M 2026-06-10 10 raw ·
CVE-2026-53464 ImageMagick: Memory Leak in wand option parser when providing invalid arguments MEDIUM 4.0 GitHub_M 2026-06-10 10 raw ·
CVE-2026-53463 ImageMagick: Null Pointer Dereference in distort operation when passing incorrect arguments MEDIUM 4.3 4.3 GitHub_M 2026-06-10 10 raw ·
CVE-2026-53462 ImageMagick: Use-After-Free when allocation in CheckPrimitiveExtent fails MEDIUM 5.9 GitHub_M 2026-06-10 10 raw ·
CVE-2026-53461 ImageMagick: Out-of-bounds write in ICON decoder due to incorrect loop HIGH 7.5 7.5 GitHub_M 2026-06-10 13 ⚠ Threat raw ·
CVE-2026-53460 ImageMagick: Policy Bypass can trigger out-of-Memory condition HIGH 7.5 GitHub_M 2026-06-10 10 ⚠ Threat raw ·
CVE-2026-47712 Dulwich doesn't sanitize commit subjects in `porcelain.format_patch` LOW 3.3 GitHub_M 2026-06-10 10 raw ·
CVE-2026-49219 ImageMagick: Policy Bypass can read disallowed files MEDIUM 5.5 GitHub_M 2026-06-10 10 raw ·
CVE-2026-49218 ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions HIGH 7.5 GitHub_M 2026-06-10 10 ⚠ Threat raw ·
CVE-2026-48994 ImageMagick: Heap Buffer Over-Write in MAT decoder on 32-bit systems MEDIUM 5.9 GitHub_M 2026-06-10 10 raw ·
CVE-2026-48734 ImageMagick: Stack Overflow in MVG decoder MEDIUM 5.5 GitHub_M 2026-06-10 10 raw ·
CVE-2026-42305 Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows HIGH 8.8 GitHub_M 2026-06-10 ⚠ Threat raw ·
CVE-2026-48733 ImageMagick: Infinite Loop in subimage-search with crafted image MEDIUM 4.7 GitHub_M 2026-06-10 10 raw ·
CVE-2026-48724 ImageMagick: Heap Buffer Underwrite in Floyd-Steinberg depth dithering MEDIUM 5.5 GitHub_M 2026-06-10 10 raw ·
CVE-2026-42563 Dulwich Vulnerable to Command Injection via Merge Driver Path HIGH 7.7 GitHub_M 2026-06-10 10 ⚠ Threat raw ·
CVE-2026-46557 ImageMagick: Stack overflow in fx operation MEDIUM 6.2 GitHub_M 2026-06-10 10 raw ·
CVE-2026-42558 Xibo Vulnerable to Stored XSS and Iframe Sandbox Escape via Data Connector Script in DataSet HIGH 7.6 GitHub_M 2026-06-10 10 ⚠ Threat raw ·
CVE-2026-11604 CVE-2026-11604 MEDIUM 5.6 OpenVPN 2026-06-10 10 raw ·
CVE-2026-0274 Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration HIGH 8.1 palo_alto 2026-06-10 10 ⚠ Threat raw ·
CVE-2026-0273 PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI MEDIUM 6.1 palo_alto 2026-06-10 10 raw ·
CVE-2026-0272 PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI) MEDIUM 6.0 palo_alto 2026-06-10 10 raw ·
CVE-2026-0271 Prisma Access Agent: Local Privilege Escalation by Authorized Users MEDIUM 5.9 palo_alto 2026-06-10 10 raw ·
CVE-2026-0270 Cortex XSOAR: Path Traversal Vulnerability MEDIUM 4.8 palo_alto 2026-06-10 10 raw ·
CVE-2026-0269 PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing MEDIUM 4.6 palo_alto 2026-06-10 10 raw ·
CVE-2026-0268 Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux MEDIUM 4.4 palo_alto 2026-06-10 10 raw ·
CVE-2026-53742 Simple Link Directory through 9.0.4 Stored XSS via Embed Shortcode Attributes MEDIUM 5.1 VulnCheck 2026-06-10 10 raw ·
CVE-2026-53741 Simple Link Directory through 9.0.4 Stored XSS via sld_no_results_found Option MEDIUM 5.1 VulnCheck 2026-06-10 10 raw ·
CVE-2026-53740 Yoast Duplicate Post through 4.6 Stored Cross-Site Scripting via Scheduled Republish Notice MEDIUM 5.1 VulnCheck 2026-06-10 10 raw ·
CVE-2026-53739 Yoast Duplicate Post through 4.6 Cross-Site Request Forgery via duplicate_post_dismiss_notice MEDIUM 5.1 VulnCheck 2026-06-10 10 raw ·
CVE-2026-53738 Copy & Delete Posts through 1.5.4 Privilege Escalation via cdp_action_handling Handler HIGH 7.2 VulnCheck 2026-06-10 10 ⚠ Threat raw ·
CVE-2026-53737 Juicer through 1.12.18 Stored Cross-Site Scripting via Unescaped API Response MEDIUM 5.3 VulnCheck 2026-06-10 10 raw ·
CVE-2026-53736 Easy Twitter Feeds before 1.2.13 Cross-Site Request Forgery via duplicate_post Action MEDIUM 5.1 VulnCheck 2026-06-10 10 raw ·
CVE-2026-42542 TDengine has an integer underflow in uvConnMayGetUserInfo() allows unauthenticated remote crash (DoS) HIGH 7.5 7.5 GitHub_M 2026-06-10 10 ⚠ Threat raw ·
CVE-2026-0267 GlobalProtect App: Information Exposure Vulnerability on macOS MEDIUM 4.4 palo_alto 2026-06-10 10 raw ·
CVE-2026-0266 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface LOW 1.1 palo_alto 2026-06-10 10 raw ·
CVE-2026-50131 Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges HIGH 8.6 GitHub_M 2026-06-10 ⚠ Threat raw ·
CVE-2026-48110 Russh: SSH message fields were decoded through allocation-first parsers before field-specific bounds HIGH 7.5 GitHub_M 2026-06-10 10 ⚠ Threat raw ·
CVE-2026-48108 Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input MEDIUM 5.3 GitHub_M 2026-06-10 10 raw ·
CVE-2026-48107 Russh: Unchecked keyboard-interactive prompt count in client auth path MEDIUM 6.5 GitHub_M 2026-06-10 10 raw ·
CVE-2026-10143 kafka-python prior to 2.3.2 DoS via SCRAM Iteration Count in scram.py HIGH 8.7 7.5 VulnCheck 2026-06-10 10 ⚠ Threat raw ·
CVE-2026-10142 kafka-python prior to 2.3.2 Denial of Service via Protocol Parser Frame Length HIGH 8.7 7.5 VulnCheck 2026-06-10 10 ⚠ Threat raw ·
CVE-2026-46669 `openvm-pairing` pairing check missing proper subfield check on scaling factor HIGH 8.7 7.5 GitHub_M 2026-06-10 10 ⚠ Threat raw ·
CVE-2026-53634 Sharp: Missing Authorization Check in Quick Creation Command Endpoints MEDIUM 4.3 GitHub_M 2026-06-10 raw ·
CVE-2026-45380 bit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymlink()` LOW 3.6 GitHub_M 2026-06-10 10 raw ·
CVE-2026-45384 bit7z: Arbitrary File Overwrite via Symlink Attack on Predictable Temp File During Archive Update MEDIUM 6.1 GitHub_M 2026-06-10 10 raw ·