Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22874
Total
1630
Critical
7150
High
7293
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-15104 | MEDIUM | 6.5 | The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter … | Jul 10, 2026 |
| CVE-2026-15026 | MEDIUM | 4.3 | The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via … | Jul 10, 2026 |
| CVE-2026-14475 | MEDIUM | 4.9 | The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scan_id' parameter in … | Jul 10, 2026 |
| CVE-2026-12955 | MEDIUM | 4.3 | The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on … | Jul 10, 2026 |
| CVE-2026-12924 | MEDIUM | 6.4 | The Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etn_faq_content' parameter … | Jul 10, 2026 |
| CVE-2026-12400 | MEDIUM | 4.3 | The FlowForms – Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.1 via … | Jul 10, 2026 |
| CVE-2026-12108 | MEDIUM | 4.4 | The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due … | Jul 10, 2026 |
| CVE-2026-11992 | MEDIUM | 4.3 | The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin … | Jul 10, 2026 |
| CVE-2025-11977 | MEDIUM | 6.6 | The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File … | Jul 10, 2026 |
| CVE-2026-40454 | HIGH | 7.5 | Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server … | Jul 10, 2026 |
| CVE-2026-40452 | HIGH | 7.5 | Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: … | Jul 10, 2026 |
| CVE-2026-40009 | MEDIUM | 6.5 | Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor. This issue … | Jul 10, 2026 |
| CVE-2026-40008 | CRITICAL | 9.8 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name … | Jul 10, 2026 |
| CVE-2026-40007 | HIGH | 7.5 | Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the … | Jul 10, 2026 |
| CVE-2026-40006 | HIGH | 7.5 | Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=true, the … | Jul 10, 2026 |
| CVE-2026-40005 | CRITICAL | 9.1 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process … | Jul 10, 2026 |
| CVE-2026-28564 | CRITICAL | 9.8 | Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 … | Jul 10, 2026 |
| CVE-2026-13347 | HIGH | 7.5 | The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the he_wrapper_js and … | Jul 10, 2026 |
| CVE-2026-12685 | HIGH | 7.5 | The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key … | Jul 10, 2026 |
| CVE-2026-12276 | MEDIUM | 5.3 | The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account … | Jul 10, 2026 |
| CVE-2026-12123 | MEDIUM | 6.4 | The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. … | Jul 10, 2026 |
| CVE-2026-21057 | UNKNOWN | — | Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory. | Jul 10, 2026 |
| CVE-2026-21056 | UNKNOWN | — | Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information. | Jul 10, 2026 |
| CVE-2026-21055 | UNKNOWN | — | Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege. | Jul 10, 2026 |
| CVE-2026-21054 | UNKNOWN | — | Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data. | Jul 10, 2026 |