CVE ID :CVE-2026-12806 Published : June 21, 2026, 7:30 p.m. | 5 hours, 40 minutes ago Description :A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey…
CVE-2026-56397 – SiYuan – Remote Code Execution via Malicious Bazaar Package Metadata and README
CVE ID :CVE-2026-56397 Published : June 21, 2026, 1:27 p.m. | 11 hours, 43 minutes ago Description :SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious…
CVE-2026-56396 – phpMyFAQ – Privilege Escalation via Missing Authorization in editUser() and updateUserRights()
CVE ID :CVE-2026-56396 Published : June 21, 2026, 1:27 p.m. | 11 hours, 43 minutes ago Description :phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to…
CVE-2026-56395 – SiYuan – Remote Code Execution via Malicious Bazaar Package Metadata and README
CVE ID :CVE-2026-56395 Published : June 21, 2026, 1:27 p.m. | 11 hours, 43 minutes ago Description :SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious…
CVE-2026-56382 – Craft CMS – Remote Code Execution via Missing Config Sanitization in FieldsController
CVE ID :CVE-2026-56382 Published : June 21, 2026, 1:26 p.m. | 11 hours, 43 minutes ago Description :Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and Severity: 8.6 | HIGH Visit the link for…
CVE-2026-56345 – AVideo – Arbitrary User Session Hijacking via Meet Plugin uploadRecordedVideo Endpoint
CVE ID :CVE-2026-56345 Published : June 20, 2026, 6:27 p.m. | 6 hours, 42 minutes ago Description :AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin’s uploadRecordedVideo.json.php endpoint that derives the…
CVE-2026-56341 – AVideo – Unauthenticated Access to Payment Log DataTables Endpoints via list.json.php
CVE ID :CVE-2026-56341 Published : June 20, 2026, 6:27 p.m. | 6 hours, 42 minutes ago Description :AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal…
CVE-2026-56340 – vLLM – Denial of Service via Unvalidated Multimodal Embeddings
CVE ID :CVE-2026-56340 Published : June 20, 2026, 6:27 p.m. | 6 hours, 42 minutes ago Description :vLLM versions >= 0.10.2 and Severity: 8.8 | HIGH Visit the link for more details, such as…
CVE-2026-5366 – Git Argument Injection in prefecthq/prefect
CVE ID :CVE-2026-5366 Published : June 20, 2026, 4:43 p.m. | 8 hours, 26 minutes ago Description :Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in…
CVE-2024-58351 – Flowise – Remote Code Execution via overrideConfig Parameter
CVE ID :CVE-2024-58351 Published : June 20, 2026, 3:21 p.m. | 9 hours, 48 minutes ago Description :Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option,…