Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-8735 | MEDIUM | 6.3 | A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such … | May 17, 2026 |
| CVE-2026-8734 | HIGH | 7.3 | A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulation … | May 17, 2026 |
| CVE-2026-8733 | MEDIUM | 6.3 | A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub_3B4610 of the file SlimPDFReader.exe. The manipulation results … | May 17, 2026 |
| CVE-2026-8731 | MEDIUM | 4.3 | A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs_sbi_client_add in the library /lib/sbi/client.c of the component NRF. The manipulation … | May 17, 2026 |
| CVE-2026-8730 | MEDIUM | 4.3 | A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs_sbi_nf_instance_set_id in the library /lib/sbi/context.c of the component NRF. Executing a … | May 17, 2026 |
| CVE-2026-8729 | MEDIUM | 4.3 | A vulnerability was detected in Open5GS up to 2.7.7. This affects an unknown function in the library /lib/sbi/message.c of the component NRF. Performing a manipulation … | May 17, 2026 |
| CVE-2026-8728 | MEDIUM | 4.3 | A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_discovery_option_parse_plmn_list in the library /lib/sbi/conv.c of the component … | May 17, 2026 |
| CVE-2026-8719 | HIGH | 8.8 | The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is … | May 17, 2026 |
| CVE-2026-8725 | HIGH | 7.3 | A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component … | May 17, 2026 |
| CVE-2026-8724 | MEDIUM | 4.7 | A security flaw has been discovered in Dataease 2.10.20. Impacted is the function SqlparserUtils.transFilter of the file SqlparserUtils.java of the component Data Dashboard. The manipulation … | May 17, 2026 |
| CVE-2026-8723 | MEDIUM | 5.3 | ### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and … | May 17, 2026 |
| CVE-2026-6050 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | May 16, 2026 |
| CVE-2026-46728 | HIGH | 8.2 | Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash. | May 16, 2026 |
| CVE-2021-47981 | MEDIUM | 5.4 | Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the … | May 16, 2026 |
| CVE-2021-47980 | HIGH | 7.1 | Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter … | May 16, 2026 |
| CVE-2021-47979 | HIGH | 8.8 | WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. … | May 16, 2026 |
| CVE-2021-47978 | MEDIUM | 6.2 | ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send … | May 16, 2026 |
| CVE-2021-47977 | HIGH | 7.5 | WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file … | May 16, 2026 |
| CVE-2021-47976 | HIGH | 8.8 | TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers … | May 16, 2026 |
| CVE-2021-47975 | HIGH | 7.2 | WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit … | May 16, 2026 |
| CVE-2021-47974 | HIGH | 7.8 | VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate … | May 16, 2026 |
| CVE-2021-47973 | HIGH | 7.5 | Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note … | May 16, 2026 |
| CVE-2021-47972 | HIGH | 7.5 | Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long … | May 16, 2026 |
| CVE-2021-47971 | HIGH | 7.5 | My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note … | May 16, 2026 |
| CVE-2021-47970 | HIGH | 7.5 | Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers … | May 16, 2026 |