Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23596
Total
1679
Critical
7415
High
7509
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-47896 | UNKNOWN | — | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library). This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 through … | Jul 03, 2026 |
| CVE-2026-35159 | MEDIUM | 5.3 | Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to … | Jul 03, 2026 |
| CVE-2026-11900 | MEDIUM | 4.3 | The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including … | Jul 03, 2026 |
| CVE-2026-11778 | MEDIUM | 5.4 | The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions … | Jul 03, 2026 |
| CVE-2026-11398 | MEDIUM | 5.3 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, … | Jul 03, 2026 |
| CVE-2026-9230 | MEDIUM | 4.3 | The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, … | Jul 03, 2026 |
| CVE-2026-9148 | HIGH | 7.2 | The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website' field in versions up to, and including, … | Jul 03, 2026 |
| CVE-2026-8804 | UNKNOWN | — | Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does not preserve the sensitive flag on parameters defined via the resource-api, … | Jul 03, 2026 |
| CVE-2026-8351 | MEDIUM | 6.4 | The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget's 'Background Text' parameter in versions up to, and including, … | Jul 03, 2026 |
| CVE-2026-47898 | UNKNOWN | — | Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net (Lucene.Net.Analysis.Common library). This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended … | Jul 03, 2026 |
| CVE-2026-47897 | UNKNOWN | — | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library). This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before … | Jul 03, 2026 |
| CVE-2026-14544 | CRITICAL | 9.8 | A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to … | Jul 03, 2026 |
| CVE-2026-9547 | UNKNOWN | — | When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an untrusted server. This vulnerability occurs … | Jul 03, 2026 |
| CVE-2026-9546 | UNKNOWN | — | A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that passing NULL to `CURLOPT_REFERER` suppresses … | Jul 03, 2026 |
| CVE-2026-9545 | UNKNOWN | — | In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site … | Jul 03, 2026 |
| CVE-2026-9080 | UNKNOWN | — | Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after … | Jul 03, 2026 |
| CVE-2026-9079 | UNKNOWN | — | libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get … | Jul 03, 2026 |
| CVE-2026-8932 | UNKNOWN | — | libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously … | Jul 03, 2026 |
| CVE-2026-8927 | UNKNOWN | — | When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if … | Jul 03, 2026 |
| CVE-2026-8926 | UNKNOWN | — | When asking curl to use a `.netrc` file to find credentials and at the same time specifying a URL with a username(without a password), like … | Jul 03, 2026 |
| CVE-2026-8925 | UNKNOWN | — | The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it … | Jul 03, 2026 |
| CVE-2026-8924 | UNKNOWN | — | A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables … | Jul 03, 2026 |
| CVE-2026-8458 | UNKNOWN | — | libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl … | Jul 03, 2026 |
| CVE-2026-8286 | UNKNOWN | — | A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration … | Jul 03, 2026 |
| CVE-2026-4967 | HIGH | 7.5 | In IMS, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with … | Jul 03, 2026 |