Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12600
Total
849
Critical
3629
High
3944
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-21515 | CRITICAL | 9.9 | Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network. | Apr 24, 2026 |
| CVE-2026-6043 | UNKNOWN | — | P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user … | Apr 24, 2026 |
| CVE-2026-4313 | UNKNOWN | — | AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the … | Apr 24, 2026 |
| CVE-2026-23902 | HIGH | 8.1 | Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow … | Apr 24, 2026 |
| CVE-2026-41044 | HIGH | 8.8 | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can … | Apr 24, 2026 |
| CVE-2026-41043 | MEDIUM | 6.5 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious … | Apr 24, 2026 |
| CVE-2026-40466 | HIGH | 8.8 | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may … | Apr 24, 2026 |
| CVE-2025-62233 | MEDIUM | 6.3 | Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version >= 3.2.0 and < 3.3.1. Attackers who can access … | Apr 24, 2026 |
| CVE-2026-6272 | UNKNOWN | — | A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. … | Apr 24, 2026 |
| CVE-2026-21728 | HIGH | 7.5 | Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can … | Apr 24, 2026 |
| CVE-2026-4078 | MEDIUM | 6.4 | The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes (iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice) in all versions up to and including … | Apr 24, 2026 |
| CVE-2026-3569 | MEDIUM | 5.3 | The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API … | Apr 24, 2026 |
| CVE-2026-3565 | MEDIUM | 4.3 | The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to a missing … | Apr 24, 2026 |
| CVE-2025-11762 | MEDIUM | 4.3 | The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, … | Apr 24, 2026 |
| CVE-2026-1952 | CRITICAL | 9.8 | Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability. | Apr 24, 2026 |
| CVE-2026-1951 | CRITICAL | 9.8 | Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability. | Apr 24, 2026 |
| CVE-2026-1950 | CRITICAL | 9.8 | Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability. | Apr 24, 2026 |
| CVE-2026-6810 | MEDIUM | 5.3 | The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the … | Apr 24, 2026 |
| CVE-2026-5428 | MEDIUM | 6.4 | The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to … | Apr 24, 2026 |
| CVE-2026-5364 | HIGH | 8.1 | The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, … | Apr 24, 2026 |
| CVE-2026-5347 | MEDIUM | 5.3 | The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence … | Apr 24, 2026 |
| CVE-2026-1949 | CRITICAL | 9.8 | Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service. | Apr 24, 2026 |
| CVE-2026-6947 | HIGH | 7.5 | DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform … | Apr 24, 2026 |
| CVE-2026-6393 | MEDIUM | 4.3 | The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check … | Apr 24, 2026 |
| CVE-2026-5488 | MEDIUM | 5.3 | The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is … | Apr 24, 2026 |