Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5773 | HIGH | 7.5 | libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse … | May 13, 2026 |
| CVE-2026-5545 | MEDIUM | 6.5 | libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the … | May 13, 2026 |
| CVE-2026-4873 | MEDIUM | 5.9 | A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made … | May 13, 2026 |
| CVE-2026-4798 | HIGH | 7.5 | The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘product_order’ parameter in all versions up to, and including, 3.15.1 due … | May 13, 2026 |
| CVE-2026-4782 | MEDIUM | 6.5 | The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusion_get_svg_from_file' function with … | May 13, 2026 |
| CVE-2026-44931 | UNKNOWN | — | The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd | May 13, 2026 |
| CVE-2026-41051 | MEDIUM | 5.0 | csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories. | May 13, 2026 |
| CVE-2026-2515 | MEDIUM | 5.3 | The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check … | May 13, 2026 |
| CVE-2026-25710 | UNKNOWN | — | The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown() arbitrary files in … | May 13, 2026 |
| CVE-2024-47091 | UNKNOWN | — | Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a … | May 13, 2026 |
| CVE-2026-41050 | CRITICAL | 9.9 | Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to … | May 13, 2026 |
| CVE-2026-3004 | MEDIUM | 6.4 | The Snow Monkey Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-slick' attribute in all versions up to, and including, 24.1.11 … | May 13, 2026 |
| CVE-2026-25705 | HIGH | 8.4 | A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside … | May 13, 2026 |
| CVE-2025-14767 | MEDIUM | 5.5 | The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcbm_best_seller` shortcode in all … | May 13, 2026 |
| CVE-2026-6965 | MEDIUM | 5.3 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including … | May 13, 2026 |
| CVE-2026-6929 | HIGH | 7.5 | The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' … | May 13, 2026 |
| CVE-2026-44612 | HIGH | 7.8 | Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when … | May 13, 2026 |
| CVE-2026-32661 | CRITICAL | 9.8 | Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to … | May 13, 2026 |
| CVE-2026-2725 | UNKNOWN | — | Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch … | May 13, 2026 |
| CVE-2026-21024 | UNKNOWN | — | Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions. | May 13, 2026 |
| CVE-2026-21022 | MEDIUM | 5.5 | Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information. | May 13, 2026 |
| CVE-2026-21021 | MEDIUM | 6.8 | Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity. | May 13, 2026 |
| CVE-2026-21020 | HIGH | 7.8 | Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions. | May 13, 2026 |
| CVE-2026-21019 | UNKNOWN | — | Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege. | May 13, 2026 |
| CVE-2026-21018 | MEDIUM | 6.7 | Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code. | May 13, 2026 |