Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23287
Total
1655
Critical
7324
High
7394
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5005 | MEDIUM | 5.4 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Stored … | Jul 09, 2026 |
| CVE-2026-56292 | UNKNOWN | — | A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage. | Jul 09, 2026 |
| CVE-2026-54801 | HIGH | 7.2 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient … | Jul 09, 2026 |
| CVE-2026-54800 | MEDIUM | 4.8 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with … | Jul 09, 2026 |
| CVE-2026-54799 | MEDIUM | 6.7 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a … | Jul 09, 2026 |
| CVE-2026-54798 | MEDIUM | 6.5 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a … | Jul 09, 2026 |
| CVE-2026-60095 | MEDIUM | 6.5 | Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlink_server service that allows unauthenticated remote attackers … | Jul 09, 2026 |
| CVE-2026-60094 | MEDIUM | 6.5 | Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by … | Jul 09, 2026 |
| CVE-2026-4256 | HIGH | 8.2 | Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection. This issue affects PassGate: … | Jul 09, 2026 |
| CVE-2026-15186 | MEDIUM | 6.3 | A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The … | Jul 09, 2026 |
| CVE-2026-15185 | LOW | 3.3 | A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsub_read_idx of the file /src/media_tools/vobsub.c of the component MP4Box. Executing a manipulation of the … | Jul 09, 2026 |
| CVE-2026-14261 | CRITICAL | 9.1 | A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall … | Jul 09, 2026 |
| CVE-2026-12879 | UNKNOWN | — | An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to … | Jul 09, 2026 |
| CVE-2026-12593 | UNKNOWN | — | The implementation of an internal and undocumented Dashboard API endpoint (POST /api/users/~/{user}/tokens) forgot to ensure an HTTP request for creating an API Token for another … | Jul 09, 2026 |
| CVE-2026-12116 | CRITICAL | 9.8 | A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to … | Jul 09, 2026 |
| CVE-2026-15184 | LOW | 3.3 | A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwg_next_entity of the file src/dwg.c of the component DWG … | Jul 09, 2026 |
| CVE-2026-9253 | HIGH | 7.2 | The WP Cost Estimation & Payment Forms Builder (E&P Forms) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customerInfos' parameter in all … | Jul 09, 2026 |
| CVE-2026-15182 | MEDIUM | 5.3 | A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwg_bmp of the file src/dwg.c of the component … | Jul 09, 2026 |
| CVE-2026-9240 | MEDIUM | 4.3 | The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check … | Jul 09, 2026 |
| CVE-2026-9237 | MEDIUM | 4.3 | The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, … | Jul 09, 2026 |
| CVE-2026-9235 | MEDIUM | 4.3 | The DHL eCommerce (Benelux) for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and … | Jul 09, 2026 |
| CVE-2026-9028 | MEDIUM | 5.3 | The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to … | Jul 09, 2026 |
| CVE-2026-9027 | MEDIUM | 5.3 | The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and … | Jul 09, 2026 |
| CVE-2026-9021 | MEDIUM | 5.3 | The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering … | Jul 09, 2026 |
| CVE-2026-59692 | HIGH | 7.5 | A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a … | Jul 09, 2026 |