Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13326
Total
883
Critical
3881
High
4214
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-3177 | MEDIUM | 5.3 | The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity … | Apr 07, 2026 |
| CVE-2026-5465 | HIGH | 8.8 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and … | Apr 07, 2026 |
| CVE-2026-4079 | MEDIUM | 6.5 | The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for … | Apr 07, 2026 |
| CVE-2026-1900 | MEDIUM | 6.5 | The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates. | Apr 07, 2026 |
| CVE-2026-1114 | CRITICAL | 9.8 | In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing … | Apr 07, 2026 |
| CVE-2025-15611 | MEDIUM | 5.4 | The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before saving popup data, allowing unauthenticated attackers to perform … | Apr 07, 2026 |
| CVE-2026-1839 | MEDIUM | 6.5 | A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 … | Apr 07, 2026 |
| CVE-2025-65116 | MEDIUM | 5.5 | Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT … | Apr 07, 2026 |
| CVE-2025-65115 | HIGH | 8.8 | Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner … | Apr 07, 2026 |
| CVE-2026-0740 | CRITICAL | 9.8 | The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function … | Apr 07, 2026 |
| CVE-2026-20446 | MEDIUM | 4.3 | In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service, if … | Apr 07, 2026 |
| CVE-2026-20433 | HIGH | 8.8 | In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if … | Apr 07, 2026 |
| CVE-2026-20432 | HIGH | 8.0 | In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if … | Apr 07, 2026 |
| CVE-2026-20431 | MEDIUM | 6.5 | In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has … | Apr 07, 2026 |
| CVE-2026-5719 | MEDIUM | 6.3 | A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /borrowedtool.php. Executing a manipulation of the … | Apr 07, 2026 |
| CVE-2025-13044 | MEDIUM | 6.2 | IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. | Apr 07, 2026 |
| CVE-2026-5705 | MEDIUM | 4.3 | A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerability is an unknown functionality of the file /booknow.php of the component … | Apr 07, 2026 |
| CVE-2026-5692 | HIGH | 7.3 | A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in … | Apr 07, 2026 |
| CVE-2026-5691 | HIGH | 7.3 | A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads … | Apr 06, 2026 |
| CVE-2026-5690 | HIGH | 7.3 | A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the … | Apr 06, 2026 |
| CVE-2026-5689 | HIGH | 7.3 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument … | Apr 06, 2026 |
| CVE-2026-5688 | HIGH | 7.3 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider … | Apr 06, 2026 |
| CVE-2026-5709 | HIGH | 8.8 | Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute … | Apr 06, 2026 |
| CVE-2026-5708 | HIGH | 8.8 | Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated … | Apr 06, 2026 |
| CVE-2026-5707 | HIGH | 8.8 | Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might … | Apr 06, 2026 |