Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5243 | MEDIUM | 6.4 | The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting … | May 14, 2026 |
| CVE-2026-4527 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-4524 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-3829 | MEDIUM | 5.4 | The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized … | May 14, 2026 |
| CVE-2026-3607 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-3160 | MEDIUM | 5.8 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-3074 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-3073 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-2900 | LOW | 2.7 | GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level … | May 14, 2026 |
| CVE-2026-1659 | HIGH | 7.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-1338 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-1322 | MEDIUM | 6.8 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-1184 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2025-15345 | MEDIUM | 6.1 | The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'map' parameter in the display-map shortcode in all … | May 14, 2026 |
| CVE-2025-14870 | HIGH | 7.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2025-14869 | HIGH | 7.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2025-13874 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2025-12669 | MEDIUM | 5.4 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-7648 | MEDIUM | 4.3 | The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all … | May 14, 2026 |
| CVE-2026-7525 | MEDIUM | 4.3 | The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is … | May 14, 2026 |
| CVE-2026-5361 | MEDIUM | 6.4 | The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This … | May 14, 2026 |
| CVE-2026-5486 | MEDIUM | 6.5 | The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up … | May 14, 2026 |
| CVE-2026-46446 | HIGH | 7.1 | SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in … | May 14, 2026 |
| CVE-2026-46445 | HIGH | 7.1 | SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection. | May 14, 2026 |
| CVE-2026-46419 | HIGH | 7.5 | Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation. | May 14, 2026 |