Search Results (2943 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-39578 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.
CVE-2026-39580 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.
CVE-2026-40739 2 Mikado-themes, Wordpress 2 Luxedrive, Wordpress 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.
CVE-2026-40751 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.
CVE-2026-40754 2 Elated-themes, Wordpress 2 Roisin, Wordpress 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.
CVE-2026-40755 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.
CVE-2026-40758 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.
CVE-2026-40759 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.
CVE-2026-48919 2 Jenkins, Jenkins Project 2 Active Directory, Jenkins Active Directory Plugin 2026-06-17 6.6 Medium
Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation.
CVE-2026-40735 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Reina <= 2.1 versions.
CVE-2026-39006 2026-06-17 9.8 Critical
An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.
CVE-2026-48775 1 Langchain-ai 2 Langgraph, Langgraph-checkpoint 2026-06-16 6.8 Medium
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions 4.1.0 and prior, the JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. Under conditions where someone could modify checkpoint bytes at rest in the backing store, the deserialization path could reconstruct objects beyond what the application expects, which could in turn result in code execution at checkpoint load time. This is a defense-in-depth issue. The affected behavior is reachable only when checkpoint bytes at rest in the backing store can be modified by an unauthorized party. In most deployments that prerequisite already implies a serious incident; the additional concern is turning "checkpoint-store write access" into code execution in the application runtime. This issue has been fixed in version 4.1.1.
CVE-2026-24228 1 Nvidia 2 Nemo, Nemo Framework 2026-06-16 7.8 High
NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-50589 1 Openstack 1 Ironic 2026-06-16 5.3 Medium
In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.
CVE-2026-10748 1 Sonatype 1 Nexus Repository Manager 2026-06-16 N/A
An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0.
CVE-2026-39481 2 Wordpress, Wpchill 2 Wordpress, Modula Image Gallery 2026-06-16 7.2 High
Author PHP Object Injection in Modula Image Gallery <= 2.14.18 versions.
CVE-2026-27053 2026-06-16 9.8 Critical
Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.
CVE-2026-39532 2026-06-16 8.8 High
Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions.
CVE-2026-39499 2 Wombat Plugins, Wordpress 2 Advanced Product Fields Product Addons For Woocommerce, Wordpress 2026-06-16 7.2 High
Shop manager PHP Object Injection in Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.19 versions.
CVE-2026-49769 2 Tomdever, Wordpress 2 Wpforo Forum, Wordpress 2026-06-16 9.8 Critical
Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.