Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22971
Total
1632
Critical
7220
High
7324
Medium
CVE ID Severity Score Description Published
CVE-2026-5955 CRITICAL 9.8 Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Inrove Software and Internet Services BiEticaret allows SQL Injection. This issue … Jul 09, 2026
CVE-2026-5793 MEDIUM 6.1 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Inrove Software and Internet Services BiEticaret allows Reflected XSS. This issue affects BiEticaret: … Jul 09, 2026
CVE-2026-56460 MEDIUM 6.5 HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks … Jul 09, 2026
CVE-2026-56459 MEDIUM 6.2 HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read … Jul 09, 2026
CVE-2026-56458 MEDIUM 5.4 HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain … Jul 09, 2026
CVE-2026-2342 CRITICAL 9.3 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OceanicSoft Informatics Systems Ltd. ValeApp allows Stored XSS. This issue affects ValeApp: through … Jul 09, 2026
CVE-2026-1989 HIGH 7.5 Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through … Jul 09, 2026
CVE-2026-1365 MEDIUM 6.5 Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass. This issue affects OSOS: through 09072026. NOTE: The … Jul 09, 2026
CVE-2026-15158 CRITICAL 9.8 The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the save_attachments function. This … Jul 09, 2026
CVE-2026-12433 MEDIUM 4.3 The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, … Jul 09, 2026
CVE-2026-8996 MEDIUM 6.5 The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 … Jul 09, 2026
CVE-2026-8848 HIGH 7.2 The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder plugin for WordPress is vulnerable to authorization bypass in all … Jul 09, 2026
CVE-2026-7558 MEDIUM 5.3 The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to unauthorized access in all versions up to and including … Jul 09, 2026
CVE-2026-6910 MEDIUM 6.4 The Bookero.pl – system rezerwacji online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `bookero_products` shortcode's `hide_products` (and `filter_products`) attributes in versions … Jul 09, 2026
CVE-2026-59269 LOW 3.8 A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were … Jul 09, 2026
CVE-2026-57111 HIGH 7.5 Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.rest.server.filters.CORSFilter) in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a … Jul 09, 2026
CVE-2026-4653 MEDIUM 6.4 The Block, Suspend, Report for BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter in versions up to and including … Jul 09, 2026
CVE-2026-33390 HIGH 8.1 An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can … Jul 09, 2026
CVE-2026-31985 HIGH 8.1 When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was … Jul 09, 2026
CVE-2026-31984 HIGH 7.5 A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into … Jul 09, 2026
CVE-2026-31983 MEDIUM 5.3 A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint … Jul 09, 2026
CVE-2026-31982 HIGH 7.1 An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can … Jul 09, 2026
CVE-2026-31981 MEDIUM 5.9 A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An … Jul 09, 2026
CVE-2026-15000 HIGH 7.2 The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Mailchimp Merge Field Values in all versions up … Jul 09, 2026
CVE-2026-14343 MEDIUM 6.4 The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'note_before' and 'note_after' Shortcode Attributes in all versions up to, and including, … Jul 09, 2026