Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23379
Total
1666
Critical
7346
High
7432
Medium
CVE ID Severity Score Description Published
CVE-2026-11610 HIGH 8.8 A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). After a successful SASL bind with integrity protection … Jul 07, 2026
CVE-2026-58384 HIGH 7.3 A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after … Jul 07, 2026
CVE-2026-13199 MEDIUM 4.0 EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across … Jul 07, 2026
CVE-2026-8377 HIGH 8.2 Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Collect Data from Common Resource Locations. This issue affects Access Control … Jul 07, 2026
CVE-2026-8309 MEDIUM 5.4 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Reflected XSS. This … Jul 07, 2026
CVE-2026-8306 MEDIUM 6.1 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Stored XSS. This … Jul 07, 2026
CVE-2026-7380 MEDIUM 6.1 Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows XSS … Jul 07, 2026
CVE-2026-5799 HIGH 7.5 Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026. Jul 07, 2026
CVE-2026-5730 HIGH 7.5 Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026. Jul 07, 2026
CVE-2026-58315 MEDIUM 4.3 Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may … Jul 07, 2026
CVE-2026-57871 UNKNOWN Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files. This issue affects MicroRealEstate: through 1.0.0-alpha3. Jul 07, 2026
CVE-2026-57870 UNKNOWN Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects … Jul 07, 2026
CVE-2026-57869 UNKNOWN Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords … Jul 07, 2026
CVE-2026-57868 UNKNOWN MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3. Jul 07, 2026
CVE-2026-57867 UNKNOWN MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords … Jul 07, 2026
CVE-2026-4375 CRITICAL 9.0 The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added … Jul 07, 2026
CVE-2026-14345 CRITICAL 9.8 The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions … Jul 07, 2026
CVE-2026-12375 CRITICAL 9.8 The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with malicious code after the vendor's uncanny-automator-pro WordPress plugin before 7.3.0.6 update/distribution infrastructure was compromised; the injected … Jul 07, 2026
CVE-2026-12277 HIGH 8.7 The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing … Jul 07, 2026
CVE-2026-10834 UNKNOWN The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing … Jul 07, 2026
CVE-2026-42201 LOW 3.3 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields (redis_password, keydb_password, dragonfly_password, clickhouse_admin_user, clickhouse_admin_password, postgres_user, … Jul 07, 2026
CVE-2026-34158 HIGH 8.8 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker() helper wraps user-controlled commands in single quotes … Jul 07, 2026
CVE-2026-27844 LOW 2.7 Uncaught Exception (CWE-248) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by … Jul 07, 2026
CVE-2026-27790 LOW 2.7 Uncaught Exception (CWE-248) in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary … Jul 07, 2026
CVE-2026-26053 MEDIUM 5.3 An Incorrect Privilege Assignment (CWE-266) vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would … Jul 07, 2026