Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23657
Total
1684
Critical
7428
High
7547
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41123 | MEDIUM | 4.3 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … | Jul 03, 2026 |
| CVE-2026-26355 | MEDIUM | 6.5 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … | Jul 03, 2026 |
| CVE-2026-50238 | UNKNOWN | — | Rejected reason: Red Hat Product Security has concluded that this CVE is not required. The reported issue has been classified as a regular bug and … | Jul 03, 2026 |
| CVE-2026-13341 | HIGH | 7.4 | A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an … | Jul 03, 2026 |
| CVE-2026-10055 | HIGH | 8.5 | In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs … | Jul 03, 2026 |
| CVE-2026-10054 | HIGH | 8.8 | In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without service-level authentication. WebSocket origin … | Jul 03, 2026 |
| CVE-2026-5137 | MEDIUM | 4.3 | The RTMKit (rometheme-for-elementor) plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path … | Jul 03, 2026 |
| CVE-2026-4322 | MEDIUM | 6.1 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows Reflected XSS. … | Jul 03, 2026 |
| CVE-2026-4321 | CRITICAL | 9.8 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows … | Jul 03, 2026 |
| CVE-2026-9756 | MEDIUM | 6.4 | The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType' Dynamic Link Attribute in all versions up to, and including, … | Jul 03, 2026 |
| CVE-2026-4804 | MEDIUM | 6.4 | The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is … | Jul 03, 2026 |
| CVE-2026-47896 | UNKNOWN | — | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library). This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 through … | Jul 03, 2026 |
| CVE-2026-35159 | MEDIUM | 5.3 | Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to … | Jul 03, 2026 |
| CVE-2026-11900 | MEDIUM | 4.3 | The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including … | Jul 03, 2026 |
| CVE-2026-11778 | MEDIUM | 5.4 | The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions … | Jul 03, 2026 |
| CVE-2026-11398 | MEDIUM | 5.3 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, … | Jul 03, 2026 |
| CVE-2026-9230 | MEDIUM | 4.3 | The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, … | Jul 03, 2026 |
| CVE-2026-9148 | HIGH | 7.2 | The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website' field in versions up to, and including, … | Jul 03, 2026 |
| CVE-2026-8804 | UNKNOWN | — | Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does not preserve the sensitive flag on parameters defined via the resource-api, … | Jul 03, 2026 |
| CVE-2026-8351 | MEDIUM | 6.4 | The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget's 'Background Text' parameter in versions up to, and including, … | Jul 03, 2026 |
| CVE-2026-47898 | UNKNOWN | — | Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net (Lucene.Net.Analysis.Common library). This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended … | Jul 03, 2026 |
| CVE-2026-47897 | UNKNOWN | — | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library). This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before … | Jul 03, 2026 |
| CVE-2026-14544 | CRITICAL | 9.8 | A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to … | Jul 03, 2026 |
| CVE-2026-9547 | UNKNOWN | — | When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an untrusted server. This vulnerability occurs … | Jul 03, 2026 |
| CVE-2026-9546 | UNKNOWN | — | A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that passing NULL to `CURLOPT_REFERER` suppresses … | Jul 03, 2026 |