Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23287
Total
1655
Critical
7324
High
7394
Medium
CVE ID Severity Score Description Published
CVE-2026-5005 MEDIUM 5.4 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Stored … Jul 09, 2026
CVE-2026-56292 UNKNOWN A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage. Jul 09, 2026
CVE-2026-54801 HIGH 7.2 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient … Jul 09, 2026
CVE-2026-54800 MEDIUM 4.8 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with … Jul 09, 2026
CVE-2026-54799 MEDIUM 6.7 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a … Jul 09, 2026
CVE-2026-54798 MEDIUM 6.5 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a … Jul 09, 2026
CVE-2026-60095 MEDIUM 6.5 Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlink_server service that allows unauthenticated remote attackers … Jul 09, 2026
CVE-2026-60094 MEDIUM 6.5 Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by … Jul 09, 2026
CVE-2026-4256 HIGH 8.2 Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection. This issue affects PassGate: … Jul 09, 2026
CVE-2026-15186 MEDIUM 6.3 A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The … Jul 09, 2026
CVE-2026-15185 LOW 3.3 A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsub_read_idx of the file /src/media_tools/vobsub.c of the component MP4Box. Executing a manipulation of the … Jul 09, 2026
CVE-2026-14261 CRITICAL 9.1 A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall … Jul 09, 2026
CVE-2026-12879 UNKNOWN An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to … Jul 09, 2026
CVE-2026-12593 UNKNOWN The implementation of an internal and undocumented Dashboard API endpoint (POST /api/users/~/{user}/tokens) forgot to ensure an HTTP request for creating an API Token for another … Jul 09, 2026
CVE-2026-12116 CRITICAL 9.8 A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to … Jul 09, 2026
CVE-2026-15184 LOW 3.3 A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwg_next_entity of the file src/dwg.c of the component DWG … Jul 09, 2026
CVE-2026-9253 HIGH 7.2 The WP Cost Estimation & Payment Forms Builder (E&P Forms) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customerInfos' parameter in all … Jul 09, 2026
CVE-2026-15182 MEDIUM 5.3 A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwg_bmp of the file src/dwg.c of the component … Jul 09, 2026
CVE-2026-9240 MEDIUM 4.3 The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check … Jul 09, 2026
CVE-2026-9237 MEDIUM 4.3 The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, … Jul 09, 2026
CVE-2026-9235 MEDIUM 4.3 The DHL eCommerce (Benelux) for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and … Jul 09, 2026
CVE-2026-9028 MEDIUM 5.3 The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to … Jul 09, 2026
CVE-2026-9027 MEDIUM 5.3 The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and … Jul 09, 2026
CVE-2026-9021 MEDIUM 5.3 The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering … Jul 09, 2026
CVE-2026-59692 HIGH 7.5 A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a … Jul 09, 2026