Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11989
Total
791
Critical
3366
High
3787
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6127 | MEDIUM | 6.4 | The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _elementor_data meta field in versions up to, and including, 4.0.4. … | May 01, 2026 |
| CVE-2024-13362 | MEDIUM | 6.1 | Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and … | May 01, 2026 |
| CVE-2026-7553 | MEDIUM | 4.7 | A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_exercises.php. The manipulation of … | May 01, 2026 |
| CVE-2026-7550 | HIGH | 7.3 | A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=save_customer. The manipulation of … | May 01, 2026 |
| CVE-2026-7549 | HIGH | 7.3 | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_customer. Executing a manipulation … | May 01, 2026 |
| CVE-2026-42994 | UNKNOWN | — | Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident. | May 01, 2026 |
| CVE-2026-7548 | HIGH | 8.8 | A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results … | May 01, 2026 |
| CVE-2026-7546 | CRITICAL | 9.8 | A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the … | May 01, 2026 |
| CVE-2026-7545 | HIGH | 7.3 | A weakness has been identified in SourceCodester Advanced School Management System 1.0. The affected element is an unknown function of the file commonController.php of the … | May 01, 2026 |
| CVE-2026-7538 | CRITICAL | 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation … | May 01, 2026 |
| CVE-2026-7536 | MEDIUM | 5.3 | A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf_sess_add_by_ip_address of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a … | May 01, 2026 |
| CVE-2026-7535 | MEDIUM | 4.3 | A vulnerability was found in Open5GS up to 2.7.7. This affects the function amf_namf_comm_handle_registration_status_update_request in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/{ueContextId}/transfer-update. Performing a manipulation … | May 01, 2026 |
| CVE-2026-7519 | HIGH | 7.3 | A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. … | May 01, 2026 |
| CVE-2026-7518 | MEDIUM | 4.3 | A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amf_namf_callback_handle_sdm_data_change_notify of the file /namf-callback/v1/{id}/sdmsubscription-notify of the component AMF SBI … | May 01, 2026 |
| CVE-2026-7513 | HIGH | 8.8 | A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation … | May 01, 2026 |
| CVE-2026-7512 | HIGH | 8.8 | A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a … | May 01, 2026 |
| CVE-2026-5656 | HIGH | 7.0 | Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution | May 01, 2026 |
| CVE-2026-5405 | HIGH | 7.8 | RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution | May 01, 2026 |
| CVE-2026-5404 | MEDIUM | 4.7 | K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | May 01, 2026 |
| CVE-2026-5403 | HIGH | 7.8 | SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution | May 01, 2026 |
| CVE-2026-22726 | MEDIUM | 5.0 | Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer … | May 01, 2026 |
| CVE-2026-7510 | MEDIUM | 6.3 | A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation … | Apr 30, 2026 |
| CVE-2026-7508 | MEDIUM | 6.3 | A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a … | Apr 30, 2026 |
| CVE-2026-7506 | HIGH | 7.3 | A vulnerability has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument … | Apr 30, 2026 |
| CVE-2026-7505 | HIGH | 7.3 | A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This … | Apr 30, 2026 |