Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23596
Total
1679
Critical
7415
High
7509
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-12064 | UNKNOWN | — | When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl. The … | Jul 03, 2026 |
| CVE-2026-11856 | UNKNOWN | — | Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with **Digest** authentication and then changing the origin to a different one … | Jul 03, 2026 |
| CVE-2026-11586 | UNKNOWN | — | By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can … | Jul 03, 2026 |
| CVE-2026-11564 | UNKNOWN | — | libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that … | Jul 03, 2026 |
| CVE-2026-11352 | UNKNOWN | — | An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl … | Jul 03, 2026 |
| CVE-2026-10536 | UNKNOWN | — | A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and finally terminates the … | Jul 03, 2026 |
| CVE-2026-9725 | CRITICAL | 9.1 | The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 … | Jul 03, 2026 |
| CVE-2026-9626 | MEDIUM | 6.4 | The JSON API User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content' parameter of the post_comment API endpoint in versions up … | Jul 03, 2026 |
| CVE-2026-9180 | MEDIUM | 5.3 | The MotoPress Appointment Booking plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.4.4. This is … | Jul 03, 2026 |
| CVE-2026-8892 | MEDIUM | 6.4 | The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in … | Jul 03, 2026 |
| CVE-2026-8489 | MEDIUM | 6.4 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … | Jul 03, 2026 |
| CVE-2026-14352 | HIGH | 7.5 | The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. … | Jul 03, 2026 |
| CVE-2026-13040 | HIGH | 7.2 | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'real_val__' parameter in all versions up … | Jul 03, 2026 |
| CVE-2026-12557 | MEDIUM | 5.3 | The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due … | Jul 03, 2026 |
| CVE-2026-11397 | MEDIUM | 5.5 | The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpie_import_upload_file_from_url … | Jul 03, 2026 |
| CVE-2026-8921 | UNKNOWN | — | External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a … | Jul 03, 2026 |
| CVE-2026-12960 | UNKNOWN | — | An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent … | Jul 03, 2026 |
| CVE-2022-4990 | UNKNOWN | — | ** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass … | Jul 03, 2026 |
| CVE-2022-4989 | UNKNOWN | — | ** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to access … | Jul 03, 2026 |
| CVE-2026-14327 | HIGH | 7.5 | The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. … | Jul 03, 2026 |
| CVE-2026-12920 | MEDIUM | 4.9 | The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in … | Jul 03, 2026 |
| CVE-2026-12734 | MEDIUM | 6.4 | The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'connectorWidth' Block Attribute … | Jul 03, 2026 |
| CVE-2026-12731 | MEDIUM | 6.4 | The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' … | Jul 03, 2026 |
| CVE-2026-12729 | MEDIUM | 4.3 | The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Missing Authorization in versions up to and … | Jul 03, 2026 |
| CVE-2026-8247 | UNKNOWN | — | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker on the same local network segment to execute arbitrary code. This vulnerability … | Jul 03, 2026 |