Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22971
Total
1632
Critical
7220
High
7324
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5955 | CRITICAL | 9.8 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Inrove Software and Internet Services BiEticaret allows SQL Injection. This issue … | Jul 09, 2026 |
| CVE-2026-5793 | MEDIUM | 6.1 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Inrove Software and Internet Services BiEticaret allows Reflected XSS. This issue affects BiEticaret: … | Jul 09, 2026 |
| CVE-2026-56460 | MEDIUM | 6.5 | HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks … | Jul 09, 2026 |
| CVE-2026-56459 | MEDIUM | 6.2 | HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read … | Jul 09, 2026 |
| CVE-2026-56458 | MEDIUM | 5.4 | HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain … | Jul 09, 2026 |
| CVE-2026-2342 | CRITICAL | 9.3 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OceanicSoft Informatics Systems Ltd. ValeApp allows Stored XSS. This issue affects ValeApp: through … | Jul 09, 2026 |
| CVE-2026-1989 | HIGH | 7.5 | Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through … | Jul 09, 2026 |
| CVE-2026-1365 | MEDIUM | 6.5 | Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass. This issue affects OSOS: through 09072026. NOTE: The … | Jul 09, 2026 |
| CVE-2026-15158 | CRITICAL | 9.8 | The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the save_attachments function. This … | Jul 09, 2026 |
| CVE-2026-12433 | MEDIUM | 4.3 | The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, … | Jul 09, 2026 |
| CVE-2026-8996 | MEDIUM | 6.5 | The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 … | Jul 09, 2026 |
| CVE-2026-8848 | HIGH | 7.2 | The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder plugin for WordPress is vulnerable to authorization bypass in all … | Jul 09, 2026 |
| CVE-2026-7558 | MEDIUM | 5.3 | The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to unauthorized access in all versions up to and including … | Jul 09, 2026 |
| CVE-2026-6910 | MEDIUM | 6.4 | The Bookero.pl – system rezerwacji online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `bookero_products` shortcode's `hide_products` (and `filter_products`) attributes in versions … | Jul 09, 2026 |
| CVE-2026-59269 | LOW | 3.8 | A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were … | Jul 09, 2026 |
| CVE-2026-57111 | HIGH | 7.5 | Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.rest.server.filters.CORSFilter) in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a … | Jul 09, 2026 |
| CVE-2026-4653 | MEDIUM | 6.4 | The Block, Suspend, Report for BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter in versions up to and including … | Jul 09, 2026 |
| CVE-2026-33390 | HIGH | 8.1 | An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can … | Jul 09, 2026 |
| CVE-2026-31985 | HIGH | 8.1 | When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was … | Jul 09, 2026 |
| CVE-2026-31984 | HIGH | 7.5 | A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into … | Jul 09, 2026 |
| CVE-2026-31983 | MEDIUM | 5.3 | A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint … | Jul 09, 2026 |
| CVE-2026-31982 | HIGH | 7.1 | An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can … | Jul 09, 2026 |
| CVE-2026-31981 | MEDIUM | 5.9 | A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An … | Jul 09, 2026 |
| CVE-2026-15000 | HIGH | 7.2 | The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Mailchimp Merge Field Values in all versions up … | Jul 09, 2026 |
| CVE-2026-14343 | MEDIUM | 6.4 | The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'note_before' and 'note_after' Shortcode Attributes in all versions up to, and including, … | Jul 09, 2026 |