Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22874
Total
1630
Critical
7150
High
7293
Medium
CVE ID Severity Score Description Published
CVE-2026-56690 HIGH 8.5 Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged … Jul 10, 2026
CVE-2026-56689 HIGH 7.7 Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged … Jul 10, 2026
CVE-2026-56688 CRITICAL 9.1 Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high … Jul 10, 2026
CVE-2026-54468 MEDIUM 6.5 Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability … Jul 10, 2026
CVE-2026-53363 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags() iptfs_consume_frags() transfers paged fragments from one socket buffer … Jul 10, 2026
CVE-2026-58225 UNKNOWN SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing … Jul 10, 2026
CVE-2026-14461 UNKNOWN mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker who can influence the TXT response used for AS lookups can trigger this … Jul 10, 2026
CVE-2026-9857 MEDIUM 4.3 The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.7.0. This is due to the plugin not … Jul 10, 2026
CVE-2026-41880 UNKNOWN R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) module. Multiple command execution functions accept user-controllable file paths without proper … Jul 10, 2026
CVE-2026-41879 UNKNOWN R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this … Jul 10, 2026
CVE-2026-41878 UNKNOWN R-SOFT DMS is vulnerable to Insecure Direct Object Reference (IDOR) attack in multiple file download endpoints. The application fetches files from the database by ID … Jul 10, 2026
CVE-2026-41877 UNKNOWN R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file … Jul 10, 2026
CVE-2026-41876 UNKNOWN R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction() function. The document converter executes shell commands using unsanitized file paths and format parameters. This … Jul 10, 2026
CVE-2026-15378 CRITICAL 9.3 A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a … Jul 10, 2026
CVE-2026-15028 LOW 3.9 A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The … Jul 10, 2026
CVE-2026-13710 MEDIUM 6.4 The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … Jul 10, 2026
CVE-2026-13247 MEDIUM 6.4 The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the … Jul 10, 2026
CVE-2026-13010 MEDIUM 6.5 The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Injection via 'event' Shortcode Attribute … Jul 10, 2026
CVE-2026-12918 MEDIUM 4.9 The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter … Jul 10, 2026
CVE-2026-11990 MEDIUM 5.3 The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. … Jul 10, 2026
CVE-2026-9838 MEDIUM 6.1 The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due … Jul 10, 2026
CVE-2026-6802 MEDIUM 5.3 The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due … Jul 10, 2026
CVE-2026-6440 MEDIUM 4.3 The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to … Jul 10, 2026
CVE-2026-3907 MEDIUM 6.4 The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is … Jul 10, 2026
CVE-2026-1946 MEDIUM 4.3 The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gwaiwebu_gravitywrite_disconnect_handler() function … Jul 10, 2026