Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-21016 | MEDIUM | 5.5 | Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information. | May 13, 2026 |
| CVE-2026-21015 | MEDIUM | 5.5 | Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier. | May 13, 2026 |
| CVE-2025-14033 | MEDIUM | 5.3 | The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ticket_content_callback' … | May 13, 2026 |
| CVE-2025-11159 | CRITICAL | 9.1 | Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when … | May 13, 2026 |
| CVE-2026-7635 | HIGH | 8.1 | The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is … | May 13, 2026 |
| CVE-2026-7619 | MEDIUM | 6.5 | The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the … | May 13, 2026 |
| CVE-2026-7051 | MEDIUM | 5.4 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This … | May 13, 2026 |
| CVE-2026-6962 | MEDIUM | 6.4 | The Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_cog_product_cost' and … | May 13, 2026 |
| CVE-2026-6828 | MEDIUM | 6.4 | The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permission_message' … | May 13, 2026 |
| CVE-2025-9989 | MEDIUM | 4.4 | The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient … | May 13, 2026 |
| CVE-2025-9988 | MEDIUM | 4.3 | The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the create_advertiser AJAX action in all versions up … | May 13, 2026 |
| CVE-2025-9987 | MEDIUM | 5.3 | The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get_sponsored_meta() AJAX action. This … | May 13, 2026 |
| CVE-2025-14755 | MEDIUM | 5.3 | The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference (IDOR) in all versions up to, and … | May 13, 2026 |
| CVE-2026-8336 | HIGH | 7.5 | After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently … | May 13, 2026 |
| CVE-2026-8202 | MEDIUM | 4.3 | Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation … | May 13, 2026 |
| CVE-2026-8201 | MEDIUM | 6.4 | A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability requires control over … | May 13, 2026 |
| CVE-2026-8200 | LOW | 2.7 | When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may … | May 13, 2026 |
| CVE-2026-8199 | MEDIUM | 6.5 | An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure … | May 13, 2026 |
| CVE-2026-8053 | HIGH | 8.8 | An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod … | May 13, 2026 |
| CVE-2026-6888 | HIGH | 7.2 | Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker … | May 13, 2026 |
| CVE-2025-62627 | UNKNOWN | — | An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or … | May 13, 2026 |
| CVE-2025-62624 | UNKNOWN | — | A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code … | May 13, 2026 |
| CVE-2025-62623 | UNKNOWN | — | A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code … | May 13, 2026 |
| CVE-2025-61972 | UNKNOWN | — | Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary … | May 13, 2026 |
| CVE-2025-61971 | UNKNOWN | — | Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest … | May 13, 2026 |