Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13055
Total
867
Critical
3775
High
4128
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5809 | HIGH | 7.1 | The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step … | Apr 11, 2026 |
| CVE-2026-34621 | CRITICAL | 9.6 | Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in … | Apr 11, 2026 |
| CVE-2026-5226 | MEDIUM | 6.1 | The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and … | Apr 11, 2026 |
| CVE-2026-5217 | HIGH | 7.2 | The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored … | Apr 11, 2026 |
| CVE-2026-5207 | MEDIUM | 6.5 | The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due … | Apr 11, 2026 |
| CVE-2026-5144 | HIGH | 8.8 | The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group … | Apr 11, 2026 |
| CVE-2026-4979 | MEDIUM | 5.0 | The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request … | Apr 11, 2026 |
| CVE-2026-4895 | MEDIUM | 6.4 | The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This … | Apr 11, 2026 |
| CVE-2026-3498 | MEDIUM | 6.4 | The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to, and including, 2.2.15. … | Apr 11, 2026 |
| CVE-2026-3371 | MEDIUM | 4.3 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and … | Apr 11, 2026 |
| CVE-2026-3358 | MEDIUM | 5.4 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and … | Apr 11, 2026 |
| CVE-2026-5496 | HIGH | 7.8 | Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of … | Apr 11, 2026 |
| CVE-2026-5495 | HIGH | 7.8 | Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of … | Apr 11, 2026 |
| CVE-2026-5494 | HIGH | 7.8 | Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of … | Apr 11, 2026 |
| CVE-2026-5493 | HIGH | 7.8 | Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of … | Apr 11, 2026 |
| CVE-2026-5059 | CRITICAL | 9.8 | aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is … | Apr 11, 2026 |
| CVE-2026-5058 | CRITICAL | 9.8 | aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required … | Apr 11, 2026 |
| CVE-2026-5055 | HIGH | 7.8 | NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must … | Apr 11, 2026 |
| CVE-2026-5054 | HIGH | 7.8 | NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker … | Apr 11, 2026 |
| CVE-2026-5053 | HIGH | 7.1 | NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An … | Apr 11, 2026 |
| CVE-2026-4158 | HIGH | 7.3 | KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An … | Apr 11, 2026 |
| CVE-2026-4157 | HIGH | 7.5 | ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint … | Apr 11, 2026 |
| CVE-2026-4156 | HIGH | 7.5 | ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of … | Apr 11, 2026 |
| CVE-2026-4155 | HIGH | 7.5 | ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations … | Apr 11, 2026 |
| CVE-2026-4154 | HIGH | 7.8 | GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User … | Apr 11, 2026 |