Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13087
Total
868
Critical
3778
High
4150
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6005 | MEDIUM | 6.3 | A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematology_print.php. Executing a … | Apr 10, 2026 |
| CVE-2026-5501 | UNKNOWN | — | wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate … | Apr 10, 2026 |
| CVE-2026-5500 | UNKNOWN | — | wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac … | Apr 10, 2026 |
| CVE-2026-5479 | UNKNOWN | — | In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning … | Apr 10, 2026 |
| CVE-2026-5466 | UNKNOWN | — | wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, … | Apr 10, 2026 |
| CVE-2026-5188 | UNKNOWN | — | An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry … | Apr 10, 2026 |
| CVE-2026-2305 | MEDIUM | 6.4 | The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `aFhfc_head_code`, `aFhfc_body_code`, and `aFhfc_footer_code` post meta values in … | Apr 10, 2026 |
| CVE-2026-6004 | HIGH | 7.3 | A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the … | Apr 10, 2026 |
| CVE-2026-6003 | LOW | 2.4 | A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation … | Apr 10, 2026 |
| CVE-2026-6000 | MEDIUM | 4.3 | A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unknown function of the file /sql/library.sql of the component SQL Database … | Apr 10, 2026 |
| CVE-2026-5999 | MEDIUM | 6.3 | A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. … | Apr 10, 2026 |
| CVE-2026-33551 | LOW | 3.5 | An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using … | Apr 10, 2026 |
| CVE-2026-5998 | MEDIUM | 5.3 | A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file agent/memory/service.py of the component API … | Apr 10, 2026 |
| CVE-2026-5997 | CRITICAL | 9.8 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The … | Apr 10, 2026 |
| CVE-2026-5996 | CRITICAL | 9.8 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI … | Apr 10, 2026 |
| CVE-2026-4977 | MEDIUM | 4.3 | The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress is vulnerable to Improper Access Control in all versions … | Apr 10, 2026 |
| CVE-2026-4664 | MEDIUM | 5.3 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.103.0. This is due to … | Apr 10, 2026 |
| CVE-2026-4351 | HIGH | 8.1 | The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due … | Apr 10, 2026 |
| CVE-2026-4305 | MEDIUM | 6.1 | The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpr_pending_template' parameter in all versions up to, … | Apr 10, 2026 |
| CVE-2026-4057 | MEDIUM | 4.3 | The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `makeMediaPublic()` and `makeMediaPrivate()` functions … | Apr 10, 2026 |
| CVE-2026-3360 | HIGH | 7.5 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, … | Apr 10, 2026 |
| CVE-2026-2712 | MEDIUM | 5.4 | The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the `receive_heartbeat()` function in `includes/class-wp-optimize-heartbeat.php` in all … | Apr 10, 2026 |
| CVE-2026-25203 | HIGH | 7.8 | Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1. | Apr 10, 2026 |
| CVE-2026-1924 | MEDIUM | 4.3 | The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to … | Apr 10, 2026 |
| CVE-2026-1263 | MEDIUM | 6.4 | The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient … | Apr 10, 2026 |