Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6279 | CRITICAL | 9.8 | The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. … | May 21, 2026 |
| CVE-2026-2734 | MEDIUM | 6.5 | In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authentication is … | May 21, 2026 |
| CVE-2026-1543 | MEDIUM | 6.4 | The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due … | May 21, 2026 |
| CVE-2026-4811 | MEDIUM | 4.9 | The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the … | May 21, 2026 |
| CVE-2026-9152 | UNKNOWN | — | A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any … | May 21, 2026 |
| CVE-2026-48172 | UNKNOWN | — | LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via … | May 21, 2026 |
| CVE-2026-1881 | MEDIUM | 4.3 | The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the get_sponsored_meta AJAX action … | May 21, 2026 |
| CVE-2026-9149 | MEDIUM | 6.5 | A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values … | May 21, 2026 |
| CVE-2026-40165 | HIGH | 8.7 | authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypass through SAML NameID XML Comment … | May 21, 2026 |
| CVE-2026-9150 | MEDIUM | 6.5 | A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An … | May 20, 2026 |
| CVE-2026-8399 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | May 20, 2026 |
| CVE-2026-47782 | LOW | 3.3 | Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to … | May 20, 2026 |
| CVE-2026-47372 | CRITICAL | 9.1 | Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for … | May 20, 2026 |
| CVE-2026-40102 | MEDIUM | 6.5 | Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F() expression … | May 20, 2026 |
| CVE-2026-40094 | MEDIUM | 4.3 | nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores … | May 20, 2026 |
| CVE-2026-40092 | HIGH | 7.5 | nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by … | May 20, 2026 |
| CVE-2026-39960 | MEDIUM | 5.4 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom … | May 20, 2026 |
| CVE-2026-8632 | UNKNOWN | — | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary … | May 20, 2026 |
| CVE-2026-8631 | UNKNOWN | — | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary … | May 20, 2026 |
| CVE-2026-47373 | HIGH | 7.5 | Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to … | May 20, 2026 |
| CVE-2026-9144 | HIGH | 7.6 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated … | May 20, 2026 |
| CVE-2026-9141 | CRITICAL | 9.8 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers … | May 20, 2026 |
| CVE-2026-9139 | CRITICAL | 9.8 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented … | May 20, 2026 |
| CVE-2026-9137 | UNKNOWN | — | The CSP report endpoint intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments … | May 20, 2026 |
| CVE-2026-9136 | UNKNOWN | — | A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving … | May 20, 2026 |