Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23657
Total
1684
Critical
7428
High
7547
Medium
CVE ID Severity Score Description Published
CVE-2026-11397 MEDIUM 5.5 The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpie_import_upload_file_from_url … Jul 03, 2026
CVE-2026-8921 UNKNOWN External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a … Jul 03, 2026
CVE-2026-12960 UNKNOWN An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent … Jul 03, 2026
CVE-2022-4990 UNKNOWN ** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass … Jul 03, 2026
CVE-2022-4989 UNKNOWN ** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to access … Jul 03, 2026
CVE-2026-14327 HIGH 7.5 The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. … Jul 03, 2026
CVE-2026-12920 MEDIUM 4.9 The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in … Jul 03, 2026
CVE-2026-12734 MEDIUM 6.4 The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'connectorWidth' Block Attribute … Jul 03, 2026
CVE-2026-12731 MEDIUM 6.4 The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' … Jul 03, 2026
CVE-2026-12729 MEDIUM 4.3 The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Missing Authorization in versions up to and … Jul 03, 2026
CVE-2026-8247 UNKNOWN An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker on the same local network segment to execute arbitrary code. This vulnerability … Jul 03, 2026
CVE-2026-55726 MEDIUM 5.3 The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device … Jul 03, 2026
CVE-2026-54477 MEDIUM 5.4 The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks. Jul 03, 2026
CVE-2026-13768 CRITICAL 10.0 Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns … Jul 03, 2026
CVE-2026-13728 UNKNOWN In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability … Jul 03, 2026
CVE-2026-13722 UNKNOWN WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to … Jul 03, 2026
CVE-2026-13384 UNKNOWN An Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests … Jul 03, 2026
CVE-2026-13383 UNKNOWN An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests … Jul 03, 2026
CVE-2026-13377 UNKNOWN Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability … Jul 03, 2026
CVE-2026-13376 UNKNOWN Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is … Jul 03, 2026
CVE-2026-13375 UNKNOWN Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS. This … Jul 03, 2026
CVE-2026-13374 UNKNOWN Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS. This … Jul 03, 2026
CVE-2026-13373 UNKNOWN Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS. This … Jul 03, 2026
CVE-2026-13371 UNKNOWN An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the put_data endpoint, which … Jul 03, 2026
CVE-2026-13368 UNKNOWN WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated … Jul 03, 2026