Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-22315 | HIGH | 7.2 | Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the … | May 20, 2026 |
| CVE-2026-22314 | CRITICAL | 9.0 | Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' … | May 20, 2026 |
| CVE-2026-0857 | MEDIUM | 6.0 | Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: … | May 20, 2026 |
| CVE-2026-0856 | HIGH | 7.8 | Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This … | May 20, 2026 |
| CVE-2026-9064 | HIGH | 7.5 | A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per … | May 20, 2026 |
| CVE-2026-6728 | MEDIUM | 5.3 | The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'get_stream_data()' function. This makes … | May 20, 2026 |
| CVE-2026-44933 | HIGH | 7.8 | `PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If … | May 20, 2026 |
| CVE-2026-44608 | MEDIUM | 5.9 | NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, … | May 20, 2026 |
| CVE-2026-44390 | MEDIUM | 5.3 | NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name … | May 20, 2026 |
| CVE-2026-42960 | CRITICAL | 10.0 | NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS … | May 20, 2026 |
| CVE-2026-42959 | HIGH | 7.5 | NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash … | May 20, 2026 |
| CVE-2026-42944 | HIGH | 7.5 | NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie … | May 20, 2026 |
| CVE-2026-42923 | MEDIUM | 5.3 | NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache … | May 20, 2026 |
| CVE-2026-42534 | MEDIUM | 5.3 | NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. … | May 20, 2026 |
| CVE-2026-41292 | HIGH | 7.5 | NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS … | May 20, 2026 |
| CVE-2026-41054 | HIGH | 7.8 | In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not … | May 20, 2026 |
| CVE-2026-40622 | UNKNOWN | — | NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the … | May 20, 2026 |
| CVE-2026-35070 | MEDIUM | 6.4 | Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged … | May 20, 2026 |
| CVE-2026-33278 | CRITICAL | 9.8 | NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote … | May 20, 2026 |
| CVE-2026-32792 | MEDIUM | 5.3 | NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt … | May 20, 2026 |
| CVE-2026-9065 | UNKNOWN | — | SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters ('model_name', 'model_id', 'integration_id', 'provider') on the REST API endpoint '/surecart/v1/integrations/{id}'. The … | May 20, 2026 |
| CVE-2026-9059 | UNKNOWN | — | NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The … | May 20, 2026 |
| CVE-2026-6405 | MEDIUM | 4.3 | The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in … | May 20, 2026 |
| CVE-2026-5200 | HIGH | 8.8 | The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, … | May 20, 2026 |
| CVE-2026-7385 | MEDIUM | 5.8 | The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API … | May 20, 2026 |