Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22874
Total
1630
Critical
7150
High
7293
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-56690 | HIGH | 8.5 | Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged … | Jul 10, 2026 |
| CVE-2026-56689 | HIGH | 7.7 | Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged … | Jul 10, 2026 |
| CVE-2026-56688 | CRITICAL | 9.1 | Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high … | Jul 10, 2026 |
| CVE-2026-54468 | MEDIUM | 6.5 | Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability … | Jul 10, 2026 |
| CVE-2026-53363 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags() iptfs_consume_frags() transfers paged fragments from one socket buffer … | Jul 10, 2026 |
| CVE-2026-58225 | UNKNOWN | — | SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing … | Jul 10, 2026 |
| CVE-2026-14461 | UNKNOWN | — | mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker who can influence the TXT response used for AS lookups can trigger this … | Jul 10, 2026 |
| CVE-2026-9857 | MEDIUM | 4.3 | The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.7.0. This is due to the plugin not … | Jul 10, 2026 |
| CVE-2026-41880 | UNKNOWN | — | R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) module. Multiple command execution functions accept user-controllable file paths without proper … | Jul 10, 2026 |
| CVE-2026-41879 | UNKNOWN | — | R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this … | Jul 10, 2026 |
| CVE-2026-41878 | UNKNOWN | — | R-SOFT DMS is vulnerable to Insecure Direct Object Reference (IDOR) attack in multiple file download endpoints. The application fetches files from the database by ID … | Jul 10, 2026 |
| CVE-2026-41877 | UNKNOWN | — | R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file … | Jul 10, 2026 |
| CVE-2026-41876 | UNKNOWN | — | R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction() function. The document converter executes shell commands using unsanitized file paths and format parameters. This … | Jul 10, 2026 |
| CVE-2026-15378 | CRITICAL | 9.3 | A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a … | Jul 10, 2026 |
| CVE-2026-15028 | LOW | 3.9 | A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The … | Jul 10, 2026 |
| CVE-2026-13710 | MEDIUM | 6.4 | The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … | Jul 10, 2026 |
| CVE-2026-13247 | MEDIUM | 6.4 | The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the … | Jul 10, 2026 |
| CVE-2026-13010 | MEDIUM | 6.5 | The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Injection via 'event' Shortcode Attribute … | Jul 10, 2026 |
| CVE-2026-12918 | MEDIUM | 4.9 | The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter … | Jul 10, 2026 |
| CVE-2026-11990 | MEDIUM | 5.3 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. … | Jul 10, 2026 |
| CVE-2026-9838 | MEDIUM | 6.1 | The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due … | Jul 10, 2026 |
| CVE-2026-6802 | MEDIUM | 5.3 | The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due … | Jul 10, 2026 |
| CVE-2026-6440 | MEDIUM | 4.3 | The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to … | Jul 10, 2026 |
| CVE-2026-3907 | MEDIUM | 6.4 | The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is … | Jul 10, 2026 |
| CVE-2026-1946 | MEDIUM | 4.3 | The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gwaiwebu_gravitywrite_disconnect_handler() function … | Jul 10, 2026 |