Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23287
Total
1655
Critical
7324
High
7394
Medium
CVE ID Severity Score Description Published
CVE-2026-12406 MEDIUM 5.3 The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to authorization bypass in all versions … Jul 09, 2026
CVE-2026-12170 MEDIUM 6.4 The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' … Jul 09, 2026
CVE-2026-11359 MEDIUM 4.3 The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up … Jul 09, 2026
CVE-2026-47840 HIGH 7.5 A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP … Jul 09, 2026
CVE-2026-47831 HIGH 7.5 Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via … Jul 09, 2026
CVE-2026-47830 HIGH 8.8 Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service … Jul 09, 2026
CVE-2026-47829 HIGH 8.3 Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh … Jul 09, 2026
CVE-2026-47828 HIGH 7.1 During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without … Jul 09, 2026
CVE-2026-47826 HIGH 8.8 The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH … Jul 09, 2026
CVE-2026-12517 MEDIUM 5.3 The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, … Jul 09, 2026
CVE-2026-12516 MEDIUM 5.3 The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated media-proxying endpoint, allowing anonymous users … Jul 09, 2026
CVE-2026-12270 MEDIUM 6.5 The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several REST API endpoints belonging to its onboarding assistant: the capability check … Jul 09, 2026
CVE-2026-11875 MEDIUM 5.3 The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it … Jul 09, 2026
CVE-2026-11869 MEDIUM 5.3 The WP DSGVO Tools (GDPR) WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request … Jul 09, 2026
CVE-2026-11571 HIGH 7.5 The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the … Jul 09, 2026
CVE-2026-5523 HIGH 8.8 The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the update_user() … Jul 09, 2026
CVE-2026-41857 HIGH 7.8 A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh (or bosh scp/bosh logs … Jul 09, 2026
CVE-2026-15138 MEDIUM 6.3 A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affects the function _validate_file_path of the file mcp_text_editor/text_editor.py. Such manipulation of … Jul 09, 2026
CVE-2026-47646 CRITICAL 9.3 Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network. Jul 09, 2026
CVE-2026-15137 HIGH 7.3 A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument … Jul 09, 2026
CVE-2026-15135 HIGH 7.3 A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects an unknown part of the file /edit_food_items.php. The manipulation of … Jul 09, 2026
CVE-2026-15134 HIGH 7.3 A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing … Jul 09, 2026
CVE-2026-59723 HIGH 8.8 Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the … Jul 08, 2026
CVE-2026-54784 HIGH 7.4 CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose … Jul 08, 2026
CVE-2026-54783 HIGH 7.4 CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and … Jul 08, 2026