Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11202
Total
755
Critical
3234
High
3640
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-4730 | MEDIUM | 6.4 | The Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … | May 05, 2026 |
| CVE-2026-4409 | MEDIUM | 6.5 | The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a … | May 05, 2026 |
| CVE-2026-2868 | MEDIUM | 6.4 | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions … | May 05, 2026 |
| CVE-2026-1921 | MEDIUM | 4.9 | The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the `fsReference` AJAX route. This … | May 05, 2026 |
| CVE-2025-13618 | CRITICAL | 9.8 | The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not … | May 05, 2026 |
| CVE-2026-5722 | CRITICAL | 9.8 | The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest … | May 05, 2026 |
| CVE-2026-44029 | MEDIUM | 5.3 | An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The … | May 05, 2026 |
| CVE-2026-44028 | HIGH | 7.5 | An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap … | May 05, 2026 |
| CVE-2026-7788 | HIGH | 7.3 | A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/continue_document/delete_document/get_content of the file app/routes/document.py. Performing a … | May 05, 2026 |
| CVE-2026-7785 | HIGH | 7.3 | A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The manipulation results in os command … | May 05, 2026 |
| CVE-2026-7784 | HIGH | 7.3 | A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills … | May 05, 2026 |
| CVE-2026-7783 | MEDIUM | 6.3 | A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component … | May 05, 2026 |
| CVE-2026-7782 | MEDIUM | 6.3 | A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. … | May 04, 2026 |
| CVE-2026-7781 | MEDIUM | 4.3 | A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udm_nudm_uecm_handle_amf_registration_update of the file /src/udm/nudm-handler.c of the … | May 04, 2026 |
| CVE-2026-7791 | HIGH | 7.8 | Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin … | May 04, 2026 |
| CVE-2026-7780 | MEDIUM | 4.3 | A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udm_state_operational of the file /src/udm/udm-sm.c of the component … | May 04, 2026 |
| CVE-2026-7776 | HIGH | 7.5 | Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to … | May 04, 2026 |
| CVE-2026-7779 | MEDIUM | 4.3 | A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function udm_nudr_dr_handle_subscription_authentication of the file /src/udm/nudr-handler.c of the component authentication-subscription Endpoint. … | May 04, 2026 |
| CVE-2026-42238 | UNKNOWN | — | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint (POST /api/restore) that … | May 04, 2026 |
| CVE-2026-42223 | MEDIUM | 6.5 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler (api/settings/settings.go:24-65) serializes all settings structs … | May 04, 2026 |
| CVE-2026-42222 | HIGH | 8.1 | Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial … | May 04, 2026 |
| CVE-2026-42221 | HIGH | 8.1 | Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim … | May 04, 2026 |
| CVE-2026-42220 | MEDIUM | 6.5 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve … | May 04, 2026 |
| CVE-2026-7768 | HIGH | 7.5 | @fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct … | May 04, 2026 |
| CVE-2026-6321 | HIGH | 7.5 | fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real … | May 04, 2026 |