Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.9 MEDIUM
CVE-2026-39899 — Cacti: Path Traversal via filename parameter in package_import.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been fixed …

cacti | Remote | Path Traversal
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
7.5 HIGH
CVE-2025-60474 — GPAC MP4Box Buffer Overflow Denial of Service

A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.

gpac | Remote | Memory Corruption
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
7.5 HIGH
CVE-2025-60467 — GPAC MP4Box Use-After-Free Denial-of-Service

A use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplyin…

gpac | Remote | Memory Corruption
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
7.2 HIGH
CVE-2026-9779 — ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remot…

ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affect…

unizon | Cryptography
Jun 24, 2026 Jun 27, 2026
Jun 24, 2026
Jun 27, 2026
7.2 HIGH
CVE-2026-9778 — ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability

ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Au…

unizon | Path Traversal
Jun 24, 2026 Jun 27, 2026
Jun 24, 2026
Jun 27, 2026
7.2 HIGH
CVE-2026-9777 — ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability

ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentic…

unizon | Path Traversal
Jun 24, 2026 Jun 27, 2026
Jun 24, 2026
Jun 27, 2026
7.5 HIGH
CVE-2026-9776 — ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vul…

ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installat…

unizon | Path Traversal
Jun 24, 2026 Jun 27, 2026
Jun 24, 2026
Jun 27, 2026
6.5 MEDIUM
CVE-2026-9775 — ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability

ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authent…

unizon | Remote | Path Traversal
Jun 24, 2026 Jun 27, 2026
Jun 24, 2026
Jun 27, 2026
6.5 MEDIUM
CVE-2026-9774 — ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability

ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Aut…

unizon | Remote | Path Traversal
Jun 24, 2026 Jun 27, 2026
Jun 24, 2026
Jun 27, 2026
8.8 HIGH
CVE-2026-9773 — Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability

Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authenti…

unraid | Injection
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-9772 — Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentic…

unraid | Injection
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
8.1 HIGH
CVE-2026-55762 — Rocket.Chat: Any Authenticated User Can Permanently Deregister Workspace from Rocket.Chat…

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, the POST /api/v1/fingerprint REST endpoint enforces …

rocket.chat rocket.chat | Remote | Authorization
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
7.4 HIGH
CVE-2026-55759 — Rocket.Chat: Apple Sign-In skips JWT claims validation, allowing expired and cross-audien…

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT sig…

rocket.chat rocket.chat | Remote | Authentication
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-55666 — Rocket.Chat: Email Parameter Fallback Leads To Account Takeover Within Apple OAuth

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, in apps/meteor/app/apple/server/loginHandler.ts, han…

rocket.chat rocket.chat | Remote | Authentication
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
9.0 CRITICAL
CVE-2026-55570 — SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj`…

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields (name, version, author, description) when they are serialized into the data-obj …

siyuan | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
9.1 CRITICAL
CVE-2026-55455 — Appsmith: SSRF in REST API / GraphQL datasource plugins via insufficient host denylist

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils (used by the REST API and GraphQL datasource plugin…

appsmith | Remote | Server-Side Request Forgery
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
9.9 CRITICAL
CVE-2026-55454 — Appsmith: Caddy admin API exposed without authentication

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:…

appsmith | Remote | Server-Side Request Forgery
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
8.7 HIGH
CVE-2026-54759 — SiYuan: Lute HTML sanitizer allows `<iframe>` tags in Bazaar package README, leading to a…

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove <iframe> elements. Combined with the SiYuan Electron client's permissive security …

siyuan | Remote | Misconfiguration
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
9.9 CRITICAL
CVE-2026-54158 — SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view (database) cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, …

siyuan | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-54070 — SiYuan: Stored XSS in Bazaar marketplace via package README event handlers

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the lute engin…

siyuan | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
Showing 20 of 7989 Results