Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23287
Total
1655
Critical
7324
High
7394
Medium
CVE ID Severity Score Description Published
CVE-2026-59691 HIGH 7.1 A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client connects to a malicious RFB/VNC server that advertises a 16bpp framebuffer … Jul 09, 2026
CVE-2026-58307 MEDIUM 6.1 Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c. Jul 09, 2026
CVE-2026-58306 MEDIUM 6.1 Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before ef525f337fafddecde77a3c426212a84bb20cb98. Jul 09, 2026
CVE-2026-58305 MEDIUM 6.1 Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a. Jul 09, 2026
CVE-2026-58304 MEDIUM 6.1 Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a. Jul 09, 2026
CVE-2026-58303 MEDIUM 6.1 Stack-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before b30b63fc63b403907d8137da1c65aaa4521fe74e. Jul 09, 2026
CVE-2026-56291 UNKNOWN The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. Jul 09, 2026
CVE-2026-56289 UNKNOWN GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in … Jul 09, 2026
CVE-2026-56288 UNKNOWN GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can … Jul 09, 2026
CVE-2026-50644 UNKNOWN SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parameters_all rights can inject SQL commands into the audit configuration form … Jul 09, 2026
CVE-2026-4298 MEDIUM 4.3 The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is … Jul 09, 2026
CVE-2026-4275 HIGH 8.8 The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up … Jul 09, 2026
CVE-2026-14372 HIGH 7.1 The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion … Jul 09, 2026
CVE-2026-13441 HIGH 7.2 The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_event_type_background_color' parameter in all versions up … Jul 09, 2026
CVE-2026-12590 LOW 3.7 Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such … Jul 09, 2026
CVE-2026-12428 MEDIUM 6.5 The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_all_values() function … Jul 09, 2026
CVE-2026-5955 CRITICAL 9.8 Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Inrove Software and Internet Services BiEticaret allows SQL Injection. This issue … Jul 09, 2026
CVE-2026-5793 MEDIUM 6.1 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Inrove Software and Internet Services BiEticaret allows Reflected XSS. This issue affects BiEticaret: … Jul 09, 2026
CVE-2026-56460 MEDIUM 6.5 HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks … Jul 09, 2026
CVE-2026-56459 MEDIUM 6.2 HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read … Jul 09, 2026
CVE-2026-56458 MEDIUM 5.4 HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain … Jul 09, 2026
CVE-2026-2342 CRITICAL 9.3 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OceanicSoft Informatics Systems Ltd. ValeApp allows Stored XSS. This issue affects ValeApp: through … Jul 09, 2026
CVE-2026-1989 HIGH 7.5 Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through … Jul 09, 2026
CVE-2026-1365 MEDIUM 6.5 Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass. This issue affects OSOS: through 09072026. NOTE: The … Jul 09, 2026
CVE-2026-15158 CRITICAL 9.8 The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the save_attachments function. This … Jul 09, 2026