Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23379
Total
1666
Critical
7346
High
7432
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-11610 | HIGH | 8.8 | A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). After a successful SASL bind with integrity protection … | Jul 07, 2026 |
| CVE-2026-58384 | HIGH | 7.3 | A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after … | Jul 07, 2026 |
| CVE-2026-13199 | MEDIUM | 4.0 | EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across … | Jul 07, 2026 |
| CVE-2026-8377 | HIGH | 8.2 | Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Collect Data from Common Resource Locations. This issue affects Access Control … | Jul 07, 2026 |
| CVE-2026-8309 | MEDIUM | 5.4 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Reflected XSS. This … | Jul 07, 2026 |
| CVE-2026-8306 | MEDIUM | 6.1 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Stored XSS. This … | Jul 07, 2026 |
| CVE-2026-7380 | MEDIUM | 6.1 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows XSS … | Jul 07, 2026 |
| CVE-2026-5799 | HIGH | 7.5 | Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026. | Jul 07, 2026 |
| CVE-2026-5730 | HIGH | 7.5 | Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026. | Jul 07, 2026 |
| CVE-2026-58315 | MEDIUM | 4.3 | Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may … | Jul 07, 2026 |
| CVE-2026-57871 | UNKNOWN | — | Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files. This issue affects MicroRealEstate: through 1.0.0-alpha3. | Jul 07, 2026 |
| CVE-2026-57870 | UNKNOWN | — | Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects … | Jul 07, 2026 |
| CVE-2026-57869 | UNKNOWN | — | Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords … | Jul 07, 2026 |
| CVE-2026-57868 | UNKNOWN | — | MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3. | Jul 07, 2026 |
| CVE-2026-57867 | UNKNOWN | — | MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords … | Jul 07, 2026 |
| CVE-2026-4375 | CRITICAL | 9.0 | The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added … | Jul 07, 2026 |
| CVE-2026-14345 | CRITICAL | 9.8 | The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions … | Jul 07, 2026 |
| CVE-2026-12375 | CRITICAL | 9.8 | The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with malicious code after the vendor's uncanny-automator-pro WordPress plugin before 7.3.0.6 update/distribution infrastructure was compromised; the injected … | Jul 07, 2026 |
| CVE-2026-12277 | HIGH | 8.7 | The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing … | Jul 07, 2026 |
| CVE-2026-10834 | UNKNOWN | — | The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing … | Jul 07, 2026 |
| CVE-2026-42201 | LOW | 3.3 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields (redis_password, keydb_password, dragonfly_password, clickhouse_admin_user, clickhouse_admin_password, postgres_user, … | Jul 07, 2026 |
| CVE-2026-34158 | HIGH | 8.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker() helper wraps user-controlled commands in single quotes … | Jul 07, 2026 |
| CVE-2026-27844 | LOW | 2.7 | Uncaught Exception (CWE-248) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by … | Jul 07, 2026 |
| CVE-2026-27790 | LOW | 2.7 | Uncaught Exception (CWE-248) in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary … | Jul 07, 2026 |
| CVE-2026-26053 | MEDIUM | 5.3 | An Incorrect Privilege Assignment (CWE-266) vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would … | Jul 07, 2026 |