Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23570
Total
1678
Critical
7413
High
7498
Medium
CVE ID Severity Score Description Published
CVE-2026-24014 CRITICAL 9.8 Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If … Jul 06, 2026
CVE-2026-24013 CRITICAL 9.1 Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests … Jul 06, 2026
CVE-2026-24012 HIGH 7.5 Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An … Jul 06, 2026
CVE-2026-1433 UNKNOWN uniFLOW Universal Login Manager (ULM) Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM … Jul 06, 2026
CVE-2026-14809 HIGH 7.5 Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. Jul 06, 2026
CVE-2026-6382 CRITICAL 9.1 The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before … Jul 06, 2026
CVE-2026-14808 CRITICAL 9.8 Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain … Jul 06, 2026
CVE-2026-14807 CRITICAL 9.8 ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and … Jul 06, 2026
CVE-2026-14802 HIGH 7.3 A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. … Jul 06, 2026
CVE-2026-14801 LOW 3.3 A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtin_probe_duration of the file src/filters/load_text.c of the component TeXML File … Jul 06, 2026
CVE-2026-14800 MEDIUM 4.3 A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The … Jul 06, 2026
CVE-2026-12083 HIGH 8.1 The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a … Jul 06, 2026
CVE-2026-11962 HIGH 8.8 The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted … Jul 06, 2026
CVE-2026-11855 HIGH 8.8 The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a … Jul 06, 2026
CVE-2026-11766 HIGH 8.0 The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user … Jul 06, 2026
CVE-2026-10830 HIGH 8.8 The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an … Jul 06, 2026
CVE-2024-6228 HIGH 7.5 The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file … Jul 06, 2026
CVE-2026-14799 MEDIUM 6.3 A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/my_account.php?my_wishlist. The manipulation of the argument … Jul 06, 2026
CVE-2026-14798 MEDIUM 6.3 A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /apartment-visitor/visitor-entry.php. The manipulation of the … Jul 06, 2026
CVE-2026-14797 MEDIUM 6.3 A vulnerability was determined in CodeAstro Apartment Visitor Management System 1.0. This vulnerability affects unknown code of the file /apartment-visitor/edit-apartment.php. Executing a manipulation of the … Jul 06, 2026
CVE-2026-14796 MEDIUM 6.3 A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. This affects an unknown part of the file /apartment-visitor/report.php. Performing a manipulation of the … Jul 06, 2026
CVE-2026-14795 MEDIUM 6.3 A vulnerability has been found in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/action-visitor.php. Such … Jul 06, 2026
CVE-2026-14794 MEDIUM 4.3 A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the … Jul 06, 2026
CVE-2026-14793 MEDIUM 4.3 A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The … Jul 06, 2026
CVE-2026-14792 MEDIUM 6.5 A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation … Jul 06, 2026