Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22971
Total
1632
Critical
7220
High
7324
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-9253 | HIGH | 7.2 | The WP Cost Estimation & Payment Forms Builder (E&P Forms) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customerInfos' parameter in all … | Jul 09, 2026 |
| CVE-2026-15182 | MEDIUM | 5.3 | A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwg_bmp of the file src/dwg.c of the component … | Jul 09, 2026 |
| CVE-2026-9240 | MEDIUM | 4.3 | The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check … | Jul 09, 2026 |
| CVE-2026-9237 | MEDIUM | 4.3 | The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, … | Jul 09, 2026 |
| CVE-2026-9235 | MEDIUM | 4.3 | The DHL eCommerce (Benelux) for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and … | Jul 09, 2026 |
| CVE-2026-9028 | MEDIUM | 5.3 | The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to … | Jul 09, 2026 |
| CVE-2026-9027 | MEDIUM | 5.3 | The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and … | Jul 09, 2026 |
| CVE-2026-9021 | MEDIUM | 5.3 | The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering … | Jul 09, 2026 |
| CVE-2026-59692 | HIGH | 7.5 | A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a … | Jul 09, 2026 |
| CVE-2026-59691 | HIGH | 7.1 | A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client connects to a malicious RFB/VNC server that advertises a 16bpp framebuffer … | Jul 09, 2026 |
| CVE-2026-58307 | MEDIUM | 6.1 | Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c. | Jul 09, 2026 |
| CVE-2026-58306 | MEDIUM | 6.1 | Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before ef525f337fafddecde77a3c426212a84bb20cb98. | Jul 09, 2026 |
| CVE-2026-58305 | MEDIUM | 6.1 | Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a. | Jul 09, 2026 |
| CVE-2026-58304 | MEDIUM | 6.1 | Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a. | Jul 09, 2026 |
| CVE-2026-58303 | MEDIUM | 6.1 | Stack-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before b30b63fc63b403907d8137da1c65aaa4521fe74e. | Jul 09, 2026 |
| CVE-2026-56291 | UNKNOWN | — | The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. | Jul 09, 2026 |
| CVE-2026-56289 | UNKNOWN | — | GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in … | Jul 09, 2026 |
| CVE-2026-56288 | UNKNOWN | — | GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can … | Jul 09, 2026 |
| CVE-2026-50644 | UNKNOWN | — | SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parameters_all rights can inject SQL commands into the audit configuration form … | Jul 09, 2026 |
| CVE-2026-4298 | MEDIUM | 4.3 | The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is … | Jul 09, 2026 |
| CVE-2026-4275 | HIGH | 8.8 | The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up … | Jul 09, 2026 |
| CVE-2026-14372 | HIGH | 7.1 | The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion … | Jul 09, 2026 |
| CVE-2026-13441 | HIGH | 7.2 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_event_type_background_color' parameter in all versions up … | Jul 09, 2026 |
| CVE-2026-12590 | LOW | 3.7 | Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such … | Jul 09, 2026 |
| CVE-2026-12428 | MEDIUM | 6.5 | The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_all_values() function … | Jul 09, 2026 |