Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23830
Total
1706
Critical
7474
High
7609
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-11988 | MEDIUM | 6.5 | The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions … | Jul 01, 2026 |
| CVE-2026-11981 | MEDIUM | 4.3 | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce validation … | Jul 01, 2026 |
| CVE-2026-11380 | MEDIUM | 6.4 | The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due to insufficient … | Jul 01, 2026 |
| CVE-2026-20463 | MEDIUM | 6.7 | In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious … | Jul 01, 2026 |
| CVE-2026-20462 | MEDIUM | 6.7 | In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious … | Jul 01, 2026 |
| CVE-2026-20461 | MEDIUM | 5.3 | In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service, if … | Jul 01, 2026 |
| CVE-2026-20460 | MEDIUM | 5.3 | In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE has connected … | Jul 01, 2026 |
| CVE-2026-20459 | MEDIUM | 5.3 | In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has … | Jul 01, 2026 |
| CVE-2026-20458 | HIGH | 7.5 | In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE … | Jul 01, 2026 |
| CVE-2026-20457 | MEDIUM | 5.3 | In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has … | Jul 01, 2026 |
| CVE-2026-14191 | HIGH | 7.8 | An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) parser in WinRAR and UnRAR (RecVolumes5::ReadHeader in recvol5.cpp). The RecItems vector is sized only when … | Jul 01, 2026 |
| CVE-2026-57963 | MEDIUM | 6.5 | An attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat … | Jul 01, 2026 |
| CVE-2026-57962 | MEDIUM | 5.3 | A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the … | Jul 01, 2026 |
| CVE-2026-53488 | UNKNOWN | — | containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config … | Jul 01, 2026 |
| CVE-2026-41579 | LOW | 3.3 | runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, … | Jul 01, 2026 |
| CVE-2026-54903 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap … | Jul 01, 2026 |
| CVE-2026-54902 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in … | Jul 01, 2026 |
| CVE-2026-54901 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does … | Jul 01, 2026 |
| CVE-2026-54900 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with … | Jul 01, 2026 |
| CVE-2026-54899 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbol_keys on a reused Oj::Parser … | Jul 01, 2026 |
| CVE-2026-54898 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parser#parse is vulnerable to a heap … | Jul 01, 2026 |
| CVE-2026-54897 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators (each_value, each_child, each_leaf) were vulnerable … | Jul 01, 2026 |
| CVE-2026-54896 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump … | Jul 01, 2026 |
| CVE-2026-54592 | HIGH | 7.5 | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doc#each_child, when invoked recursively over … | Jul 01, 2026 |
| CVE-2026-54502 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.dump is vulnerable to a … | Jul 01, 2026 |