CVE-2026-47835 - Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores
CVE ID :CVE-2026-47835
Published : June 15, 2026, 6:54 p.m. | 56 minutes ago
Description :In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0 through 1.0.x (fix 1.0.9). Spring AI 1.1.0 through 1.1.x (fix 1.1.8).
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-47835
Published : June 15, 2026, 6:54 p.m. | 56 minutes ago
Description :In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0 through 1.0.x (fix 1.0.9). Spring AI 1.1.0 through 1.1.x (fix 1.1.8).
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41708 - Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability
CVE ID :CVE-2026-41708
Published : June 15, 2026, 6:54 p.m. | 56 minutes ago
Description :In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled. Affected versions: Spring Cloud Sleuth 3.1.0 through 3.1.13.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41708
Published : June 15, 2026, 6:54 p.m. | 56 minutes ago
Description :In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled. Affected versions: Spring Cloud Sleuth 3.1.0 through 3.1.13.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52719 - Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds read via jpeg segment length validation in va decoder
CVE ID :CVE-2026-52719
Published : June 15, 2026, 7:10 p.m. | 40 minutes ago
Description :An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causing downstream parsing to read beyond the provided input buffer, leading to a crash or potential information disclosure.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52719
Published : June 15, 2026, 7:10 p.m. | 40 minutes ago
Description :An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causing downstream parsing to read beyond the provided input buffer, leading to a crash or potential information disclosure.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-53705 - Gstreamer1-plugins-good: gstreamer: heap buffer overflow in wavpack decoder via integer overflow
CVE ID :CVE-2026-53705
Published : June 15, 2026, 7:10 p.m. | 40 minutes ago
Description :A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * channels) in gst_wavpack_dec_handle_frame() causes a very small heap allocation. The WavPack library then writes decoded audio samples far beyond the allocated buffer, resulting in heap memory corruption. This affects both 32-bit and 64-bit systems since the arithmetic is performed in 32-bit integers before promotion to the allocation size type. A remote attacker could use this flaw to crash an application or potentially execute arbitrary code by convincing a user to open a malicious WavPack audio file.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-53705
Published : June 15, 2026, 7:10 p.m. | 40 minutes ago
Description :A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * channels) in gst_wavpack_dec_handle_frame() causes a very small heap allocation. The WavPack library then writes decoded audio samples far beyond the allocated buffer, resulting in heap memory corruption. This affects both 32-bit and 64-bit systems since the arithmetic is performed in 32-bit integers before promotion to the allocation size type. A remote attacker could use this flaw to crash an application or potentially execute arbitrary code by convincing a user to open a malicious WavPack audio file.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52721 - Gstreamer1-plugins-bad-free: gstreamer: multiple out-of-bounds reads in pcapparse ipv4/tcp header parsing
CVE ID :CVE-2026-52721
Published : June 15, 2026, 7:10 p.m. | 40 minutes ago
Description :Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could trick a user into processing a specially crafted PCAP file, potentially leading to a crash or information disclosure.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52721
Published : June 15, 2026, 7:10 p.m. | 40 minutes ago
Description :Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could trick a user into processing a specially crafted PCAP file, potentially leading to a crash or information disclosure.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-53703 - Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer audio stream header parser
CVE ID :CVE-2026-53703
Published : June 15, 2026, 7:10 p.m. | 40 minutes ago
Description :A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (.rm) file, the demuxer parses MDPR (media properties) chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sample rate, channel count, and extra codec data length from fixed offsets within the chunk without first checking that the chunk contains enough data. If a malicious file provides an MDPR chunk that is too small to contain a complete audio stream header, the parser reads beyond the end of the buffer. This can cause the application to crash. In some cases, bytes read past the buffer boundary may be incorporated into stream metadata, which could result in limited information disclosure.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-53703
Published : June 15, 2026, 7:10 p.m. | 40 minutes ago
Description :A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (.rm) file, the demuxer parses MDPR (media properties) chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sample rate, channel count, and extra codec data length from fixed offsets within the chunk without first checking that the chunk contains enough data. If a malicious file provides an MDPR chunk that is too small to contain a complete audio stream header, the parser reads beyond the end of the buffer. This can cause the application to crash. In some cases, bytes read past the buffer boundary may be incorporated into stream metadata, which could result in limited information disclosure.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-53704 - Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer fileinfo metadata parser
CVE ID :CVE-2026-53704
Published : June 15, 2026, 7:10 p.m. | 40 minutes ago
Description :A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using re_skip_pascal_string() without validating that offsets remain within the mapped buffer. Additionally, the element count controlling the parsing loop is read from attacker-controlled data without validation, which can cause an infinite loop. A crafted RealMedia file can cause the application to crash, hang, or potentially read limited adjacent memory contents.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-53704
Published : June 15, 2026, 7:10 p.m. | 40 minutes ago
Description :A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using re_skip_pascal_string() without validating that offsets remain within the mapped buffer. Additionally, the element count controlling the parsing loop is read from attacker-controlled data without validation, which can cause an infinite loop. A crafted RealMedia file can cause the application to crash, hang, or potentially read limited adjacent memory contents.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52720 - Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb
CVE ID :CVE-2026-52720
Published : June 15, 2026, 7:15 p.m. | 35 minutes ago
Description :A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52720
Published : June 15, 2026, 7:15 p.m. | 35 minutes ago
Description :A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52722 - Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor payload handling
CVE ID :CVE-2026-52722
Published : June 15, 2026, 7:15 p.m. | 35 minutes ago
Description :A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a specially crafted VMnc file, potentially causing a crash or information disclosure.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52722
Published : June 15, 2026, 7:15 p.m. | 35 minutes ago
Description :A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a specially crafted VMnc file, potentially causing a crash or information disclosure.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52718 - Gstreamer1-plugins-bad-free: gstreamer: denial of service via av1 tile_list_obu parser byte/bit confusion
CVE ID :CVE-2026-52718
Published : June 15, 2026, 7:15 p.m. | 35 minutes ago
Description :A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a specially crafted AV1 media file, triggering an assertion abort and causing the application to crash.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52718
Published : June 15, 2026, 7:15 p.m. | 35 minutes ago
Description :A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a specially crafted AV1 media file, triggering an assertion abort and causing the application to crash.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-49780 - WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability
CVE ID :CVE-2026-49780
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Customer Privilege Escalation in Dokan <= 5.0.2 versions.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49780
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Customer Privilege Escalation in Dokan <= 5.0.2 versions.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-49781 - WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability
CVE ID :CVE-2026-49781
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49781
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52692 - WordPress Affiliates Manager plugin <= 2.9.50 - Sensitive Data Exposure vulnerability
CVE ID :CVE-2026-52692
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52692
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52693 - WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability
CVE ID :CVE-2026-52693
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52693
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52694 - WordPress Signature Add-On for WooCommerce plugin <= 2.0 - Sensitive Data Exposure vulnerability
CVE ID :CVE-2026-52694
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52694
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52695 - WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability
CVE ID :CVE-2026-52695
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52695
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52697 - WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability
CVE ID :CVE-2026-52697
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52697
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52699 - WordPress VikRentCar plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerability
CVE ID :CVE-2026-52699
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52699
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52700 - WordPress WCMultiShipping plugin <= 3.0.2 - SQL Injection vulnerability
CVE ID :CVE-2026-52700
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52700
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52702 - WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability
CVE ID :CVE-2026-52702
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52702
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52703 - WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability
CVE ID :CVE-2026-52703
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-52703
Published : June 15, 2026, 9:17 p.m. | 2 hours, 34 minutes ago
Description :Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...