Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23287
Total
1655
Critical
7324
High
7394
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-12406 | MEDIUM | 5.3 | The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to authorization bypass in all versions … | Jul 09, 2026 |
| CVE-2026-12170 | MEDIUM | 6.4 | The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' … | Jul 09, 2026 |
| CVE-2026-11359 | MEDIUM | 4.3 | The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up … | Jul 09, 2026 |
| CVE-2026-47840 | HIGH | 7.5 | A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP … | Jul 09, 2026 |
| CVE-2026-47831 | HIGH | 7.5 | Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via … | Jul 09, 2026 |
| CVE-2026-47830 | HIGH | 8.8 | Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service … | Jul 09, 2026 |
| CVE-2026-47829 | HIGH | 8.3 | Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh … | Jul 09, 2026 |
| CVE-2026-47828 | HIGH | 7.1 | During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without … | Jul 09, 2026 |
| CVE-2026-47826 | HIGH | 8.8 | The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH … | Jul 09, 2026 |
| CVE-2026-12517 | MEDIUM | 5.3 | The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, … | Jul 09, 2026 |
| CVE-2026-12516 | MEDIUM | 5.3 | The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated media-proxying endpoint, allowing anonymous users … | Jul 09, 2026 |
| CVE-2026-12270 | MEDIUM | 6.5 | The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several REST API endpoints belonging to its onboarding assistant: the capability check … | Jul 09, 2026 |
| CVE-2026-11875 | MEDIUM | 5.3 | The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it … | Jul 09, 2026 |
| CVE-2026-11869 | MEDIUM | 5.3 | The WP DSGVO Tools (GDPR) WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request … | Jul 09, 2026 |
| CVE-2026-11571 | HIGH | 7.5 | The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the … | Jul 09, 2026 |
| CVE-2026-5523 | HIGH | 8.8 | The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the update_user() … | Jul 09, 2026 |
| CVE-2026-41857 | HIGH | 7.8 | A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh (or bosh scp/bosh logs … | Jul 09, 2026 |
| CVE-2026-15138 | MEDIUM | 6.3 | A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affects the function _validate_file_path of the file mcp_text_editor/text_editor.py. Such manipulation of … | Jul 09, 2026 |
| CVE-2026-47646 | CRITICAL | 9.3 | Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network. | Jul 09, 2026 |
| CVE-2026-15137 | HIGH | 7.3 | A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument … | Jul 09, 2026 |
| CVE-2026-15135 | HIGH | 7.3 | A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects an unknown part of the file /edit_food_items.php. The manipulation of … | Jul 09, 2026 |
| CVE-2026-15134 | HIGH | 7.3 | A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing … | Jul 09, 2026 |
| CVE-2026-59723 | HIGH | 8.8 | Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the … | Jul 08, 2026 |
| CVE-2026-54784 | HIGH | 7.4 | CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose … | Jul 08, 2026 |
| CVE-2026-54783 | HIGH | 7.4 | CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and … | Jul 08, 2026 |