Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
4.8 MEDIUM
CVE-2026-50708 — Frappe Framework 17.0.0-dev - Stored XSS in Multi Select Dialog result rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.6 MEDIUM
CVE-2026-50705 — Frappe Framework 17.0.0-dev - Stored XSS in Form Dashboard headline rendering

A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.6 MEDIUM
CVE-2026-50704 — Frappe Framework 17.0.0-dev - Reflected/Stored XSS in File View breadcrumbs rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.8 MEDIUM
CVE-2026-50703 — Frappe Framework 17.0.0-dev - Stored XSS in Desktop Icon label rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
5.1 MEDIUM
CVE-2026-50701 — Frappe Framework 17.0.0-dev - Reflected DOM XSS in dashboard-view breadcrumb rendering

A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.6 MEDIUM
CVE-2026-50700 — Frappe Framework 17.0.0-dev - Stored XSS in frappe.get_avatar image rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.get_avatar function.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.6 HIGH
CVE-2026-49269 — Apple Silicon GPU Information Disclosure

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by…

Remote | Information Disclosure
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.6 MEDIUM
CVE-2026-50699 — Frappe Framework 17.0.0-dev - Stored XSS in Auto Repeat dashboard schedule rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in reference_do…

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.6 MEDIUM
CVE-2026-50698 — Frappe Framework 17.0.0-dev - Stored XSS in Audit Trail template rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trai…

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
7.3 HIGH
CVE-2026-12986 — Payara Server Admin GUI SSRF and Token Leak Vulnerability

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-con…

| Server-Side Request Forgery
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.2 HIGH
CVE-2026-11878 — Reflected Cross-Site Scripting vulnerability in OpenText Access Manager

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS). This issue affects Access Manager: fr…

access_manager netiq_access_manager | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-11877 — Missing Authorization Vulnerability in OpenText Access Manager

An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3.

Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
4.2 MEDIUM
CVE-2026-57307 — Jenkins Zowe zDevOps Plugin Remote Credential Theft

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-spe…

zowe_zdevops | Remote | Authorization
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
4.2 MEDIUM
CVE-2026-57306 — Jenkins Zowe zDevOps Plugin CSRF to Credential Theft

A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified…

zowe_zdevops | Remote | Cross-Site Request Forgery
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
5.4 MEDIUM

A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password.

assembla | Remote | Cross-Site Request Forgery
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
5.4 MEDIUM
CVE-2026-57304 — Jenkins Assembla Plugin: Unauthenticated Connection to External URL

A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and pa…

assembla | Remote | Authorization
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-57303 — Jenkins Assembla Plugin XXE

Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the responses of the configured Assembla ser…

assembla | Remote | XML External Entity
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.3 MEDIUM
CVE-2026-57302 — Jenkins FitNesse Plugin Information Disclosure

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to t…

fitnesse | Remote | Information Disclosure
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
8.8 HIGH

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary c…

official_owasp_zap | Remote | Misconfiguration
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
4.3 MEDIUM
CVE-2026-57300 — Jenkins MCP Server Plugin Information Disclosure

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access.

mcp_server | Remote | Authorization
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
Showing 20 of 7992 Results