Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23570
Total
1678
Critical
7413
High
7498
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-24014 | CRITICAL | 9.8 | Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If … | Jul 06, 2026 |
| CVE-2026-24013 | CRITICAL | 9.1 | Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests … | Jul 06, 2026 |
| CVE-2026-24012 | HIGH | 7.5 | Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An … | Jul 06, 2026 |
| CVE-2026-1433 | UNKNOWN | — | uniFLOW Universal Login Manager (ULM) Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM … | Jul 06, 2026 |
| CVE-2026-14809 | HIGH | 7.5 | Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | Jul 06, 2026 |
| CVE-2026-6382 | CRITICAL | 9.1 | The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before … | Jul 06, 2026 |
| CVE-2026-14808 | CRITICAL | 9.8 | Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain … | Jul 06, 2026 |
| CVE-2026-14807 | CRITICAL | 9.8 | ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and … | Jul 06, 2026 |
| CVE-2026-14802 | HIGH | 7.3 | A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. … | Jul 06, 2026 |
| CVE-2026-14801 | LOW | 3.3 | A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtin_probe_duration of the file src/filters/load_text.c of the component TeXML File … | Jul 06, 2026 |
| CVE-2026-14800 | MEDIUM | 4.3 | A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The … | Jul 06, 2026 |
| CVE-2026-12083 | HIGH | 8.1 | The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a … | Jul 06, 2026 |
| CVE-2026-11962 | HIGH | 8.8 | The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted … | Jul 06, 2026 |
| CVE-2026-11855 | HIGH | 8.8 | The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a … | Jul 06, 2026 |
| CVE-2026-11766 | HIGH | 8.0 | The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user … | Jul 06, 2026 |
| CVE-2026-10830 | HIGH | 8.8 | The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an … | Jul 06, 2026 |
| CVE-2024-6228 | HIGH | 7.5 | The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file … | Jul 06, 2026 |
| CVE-2026-14799 | MEDIUM | 6.3 | A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/my_account.php?my_wishlist. The manipulation of the argument … | Jul 06, 2026 |
| CVE-2026-14798 | MEDIUM | 6.3 | A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /apartment-visitor/visitor-entry.php. The manipulation of the … | Jul 06, 2026 |
| CVE-2026-14797 | MEDIUM | 6.3 | A vulnerability was determined in CodeAstro Apartment Visitor Management System 1.0. This vulnerability affects unknown code of the file /apartment-visitor/edit-apartment.php. Executing a manipulation of the … | Jul 06, 2026 |
| CVE-2026-14796 | MEDIUM | 6.3 | A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. This affects an unknown part of the file /apartment-visitor/report.php. Performing a manipulation of the … | Jul 06, 2026 |
| CVE-2026-14795 | MEDIUM | 6.3 | A vulnerability has been found in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/action-visitor.php. Such … | Jul 06, 2026 |
| CVE-2026-14794 | MEDIUM | 4.3 | A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the … | Jul 06, 2026 |
| CVE-2026-14793 | MEDIUM | 4.3 | A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The … | Jul 06, 2026 |
| CVE-2026-14792 | MEDIUM | 6.5 | A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation … | Jul 06, 2026 |