Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23287
Total
1655
Critical
7324
High
7394
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-59691 | HIGH | 7.1 | A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client connects to a malicious RFB/VNC server that advertises a 16bpp framebuffer … | Jul 09, 2026 |
| CVE-2026-58307 | MEDIUM | 6.1 | Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c. | Jul 09, 2026 |
| CVE-2026-58306 | MEDIUM | 6.1 | Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before ef525f337fafddecde77a3c426212a84bb20cb98. | Jul 09, 2026 |
| CVE-2026-58305 | MEDIUM | 6.1 | Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a. | Jul 09, 2026 |
| CVE-2026-58304 | MEDIUM | 6.1 | Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a. | Jul 09, 2026 |
| CVE-2026-58303 | MEDIUM | 6.1 | Stack-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before b30b63fc63b403907d8137da1c65aaa4521fe74e. | Jul 09, 2026 |
| CVE-2026-56291 | UNKNOWN | — | The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. | Jul 09, 2026 |
| CVE-2026-56289 | UNKNOWN | — | GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in … | Jul 09, 2026 |
| CVE-2026-56288 | UNKNOWN | — | GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can … | Jul 09, 2026 |
| CVE-2026-50644 | UNKNOWN | — | SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parameters_all rights can inject SQL commands into the audit configuration form … | Jul 09, 2026 |
| CVE-2026-4298 | MEDIUM | 4.3 | The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is … | Jul 09, 2026 |
| CVE-2026-4275 | HIGH | 8.8 | The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up … | Jul 09, 2026 |
| CVE-2026-14372 | HIGH | 7.1 | The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion … | Jul 09, 2026 |
| CVE-2026-13441 | HIGH | 7.2 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_event_type_background_color' parameter in all versions up … | Jul 09, 2026 |
| CVE-2026-12590 | LOW | 3.7 | Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such … | Jul 09, 2026 |
| CVE-2026-12428 | MEDIUM | 6.5 | The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_all_values() function … | Jul 09, 2026 |
| CVE-2026-5955 | CRITICAL | 9.8 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Inrove Software and Internet Services BiEticaret allows SQL Injection. This issue … | Jul 09, 2026 |
| CVE-2026-5793 | MEDIUM | 6.1 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Inrove Software and Internet Services BiEticaret allows Reflected XSS. This issue affects BiEticaret: … | Jul 09, 2026 |
| CVE-2026-56460 | MEDIUM | 6.5 | HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks … | Jul 09, 2026 |
| CVE-2026-56459 | MEDIUM | 6.2 | HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read … | Jul 09, 2026 |
| CVE-2026-56458 | MEDIUM | 5.4 | HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain … | Jul 09, 2026 |
| CVE-2026-2342 | CRITICAL | 9.3 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OceanicSoft Informatics Systems Ltd. ValeApp allows Stored XSS. This issue affects ValeApp: through … | Jul 09, 2026 |
| CVE-2026-1989 | HIGH | 7.5 | Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through … | Jul 09, 2026 |
| CVE-2026-1365 | MEDIUM | 6.5 | Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass. This issue affects OSOS: through 09072026. NOTE: The … | Jul 09, 2026 |
| CVE-2026-15158 | CRITICAL | 9.8 | The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the save_attachments function. This … | Jul 09, 2026 |