Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12556
Total
848
Critical
3598
High
3935
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41220 | HIGH | 7.8 | Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent … | Apr 29, 2026 |
| CVE-2026-38992 | UNKNOWN | — | Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system … | Apr 29, 2026 |
| CVE-2026-36841 | CRITICAL | 9.8 | TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function. | Apr 29, 2026 |
| CVE-2026-36837 | HIGH | 7.5 | TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function. | Apr 29, 2026 |
| CVE-2026-25852 | MEDIUM | 6.7 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212. | Apr 29, 2026 |
| CVE-2026-5140 | HIGH | 8.8 | Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus allows Authentication Bypass. This issue affects Pardus: from <=0.6.4 … | Apr 29, 2026 |
| CVE-2026-42525 | MEDIUM | 4.3 | Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks. | Apr 29, 2026 |
| CVE-2026-42524 | HIGH | 8.0 | Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting … | Apr 29, 2026 |
| CVE-2026-42523 | CRITICAL | 9.0 | Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for … | Apr 29, 2026 |
| CVE-2026-42522 | MEDIUM | 4.3 | A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with … | Apr 29, 2026 |
| CVE-2026-42521 | MEDIUM | 6.5 | Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the … | Apr 29, 2026 |
| CVE-2026-42520 | HIGH | 7.5 | Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to … | Apr 29, 2026 |
| CVE-2026-42519 | MEDIUM | 4.3 | A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. | Apr 29, 2026 |
| CVE-2026-42652 | HIGH | 7.1 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a … | Apr 29, 2026 |
| CVE-2026-42648 | MEDIUM | 4.3 | Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.19.22. | Apr 29, 2026 |
| CVE-2026-42646 | HIGH | 7.6 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: … | Apr 29, 2026 |
| CVE-2026-42645 | MEDIUM | 4.3 | Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Cross Site Request Forgery.This … | Apr 29, 2026 |
| CVE-2026-42644 | MEDIUM | 5.3 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a … | Apr 29, 2026 |
| CVE-2026-42643 | MEDIUM | 5.9 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a … | Apr 29, 2026 |
| CVE-2026-42642 | MEDIUM | 5.3 | Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 4.14.5. | Apr 29, 2026 |
| CVE-2026-42641 | MEDIUM | 5.4 | Server-Side Request Forgery (SSRF) vulnerability in ILLID Share This Image share-this-image allows Server Side Request Forgery.This issue affects Share This Image: from n/a through <= … | Apr 29, 2026 |
| CVE-2026-42249 | UNKNOWN | — | Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, … | Apr 29, 2026 |
| CVE-2026-42248 | UNKNOWN | — | Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine … | Apr 29, 2026 |
| CVE-2026-2902 | MEDIUM | 6.1 | The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontend_rewrite' function's 'WPMETEOR[N]WPMETEOR' placeholder content in all … | Apr 29, 2026 |
| CVE-2026-22745 | MEDIUM | 5.3 | Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all … | Apr 29, 2026 |