Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22971
Total
1632
Critical
7220
High
7324
Medium
CVE ID Severity Score Description Published
CVE-2026-9253 HIGH 7.2 The WP Cost Estimation & Payment Forms Builder (E&P Forms) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customerInfos' parameter in all … Jul 09, 2026
CVE-2026-15182 MEDIUM 5.3 A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwg_bmp of the file src/dwg.c of the component … Jul 09, 2026
CVE-2026-9240 MEDIUM 4.3 The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check … Jul 09, 2026
CVE-2026-9237 MEDIUM 4.3 The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, … Jul 09, 2026
CVE-2026-9235 MEDIUM 4.3 The DHL eCommerce (Benelux) for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and … Jul 09, 2026
CVE-2026-9028 MEDIUM 5.3 The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to … Jul 09, 2026
CVE-2026-9027 MEDIUM 5.3 The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and … Jul 09, 2026
CVE-2026-9021 MEDIUM 5.3 The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering … Jul 09, 2026
CVE-2026-59692 HIGH 7.5 A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a … Jul 09, 2026
CVE-2026-59691 HIGH 7.1 A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client connects to a malicious RFB/VNC server that advertises a 16bpp framebuffer … Jul 09, 2026
CVE-2026-58307 MEDIUM 6.1 Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c. Jul 09, 2026
CVE-2026-58306 MEDIUM 6.1 Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before ef525f337fafddecde77a3c426212a84bb20cb98. Jul 09, 2026
CVE-2026-58305 MEDIUM 6.1 Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a. Jul 09, 2026
CVE-2026-58304 MEDIUM 6.1 Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a. Jul 09, 2026
CVE-2026-58303 MEDIUM 6.1 Stack-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before b30b63fc63b403907d8137da1c65aaa4521fe74e. Jul 09, 2026
CVE-2026-56291 UNKNOWN The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. Jul 09, 2026
CVE-2026-56289 UNKNOWN GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in … Jul 09, 2026
CVE-2026-56288 UNKNOWN GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can … Jul 09, 2026
CVE-2026-50644 UNKNOWN SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parameters_all rights can inject SQL commands into the audit configuration form … Jul 09, 2026
CVE-2026-4298 MEDIUM 4.3 The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is … Jul 09, 2026
CVE-2026-4275 HIGH 8.8 The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up … Jul 09, 2026
CVE-2026-14372 HIGH 7.1 The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion … Jul 09, 2026
CVE-2026-13441 HIGH 7.2 The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_event_type_background_color' parameter in all versions up … Jul 09, 2026
CVE-2026-12590 LOW 3.7 Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such … Jul 09, 2026
CVE-2026-12428 MEDIUM 6.5 The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_all_values() function … Jul 09, 2026