Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23329
Total
1657
Critical
7330
High
7410
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-56217 | MEDIUM | 4.3 | Capgo before 12.128.2 contains a policy bypass vulnerability in app_versions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers … | Jul 08, 2026 |
| CVE-2026-56086 | HIGH | 8.8 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … | Jul 08, 2026 |
| CVE-2026-54061 | CRITICAL | 9.1 | Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exposes the RPCs used for external snapshot import on the public … | Jul 08, 2026 |
| CVE-2026-53482 | HIGH | 7.5 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … | Jul 08, 2026 |
| CVE-2026-53480 | LOW | 2.7 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … | Jul 08, 2026 |
| CVE-2026-44840 | HIGH | 7.5 | Dgraph is an open source distributed GraphQL database. Prior to version 25.3.4, the `checkUserPassword` GraphQL query in Dgraph is vulnerable to DQL (Dgraph Query Language) … | Jul 08, 2026 |
| CVE-2026-41122 | HIGH | 7.1 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through … | Jul 08, 2026 |
| CVE-2026-22927 | HIGH | 7.8 | Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability. | Jul 08, 2026 |
| CVE-2026-15053 | HIGH | 7.5 | Tanium addressed a denial of service vulnerability in Tanium Server. | Jul 08, 2026 |
| CVE-2026-15035 | MEDIUM | 5.3 | A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function async_run_command of the file src/openllm/common.py of the component Model Repository Directory Name Handler. … | Jul 08, 2026 |
| CVE-2026-15034 | MEDIUM | 4.3 | A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request … | Jul 08, 2026 |
| CVE-2026-15033 | MEDIUM | 6.3 | A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this vulnerability is the function shelljs.exec of the file dist/packageUtils.js of the … | Jul 08, 2026 |
| CVE-2026-8315 | MEDIUM | 5.4 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Webbeyaz Web Design Mediküm Web allows Stored XSS. This issue affects Mediküm Web: … | Jul 08, 2026 |
| CVE-2026-8310 | MEDIUM | 6.1 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Webbeyaz Web Design Mediküm Web allows Reflected XSS. This issue affects Mediküm Web: … | Jul 08, 2026 |
| CVE-2026-8307 | CRITICAL | 9.8 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Webbeyaz Web Design Mediküm Web allows SQL Injection. This issue affects … | Jul 08, 2026 |
| CVE-2026-6820 | HIGH | 7.2 | The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in all versions up to, … | Jul 08, 2026 |
| CVE-2026-6740 | MEDIUM | 6.4 | The Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'commentIcon' parameter … | Jul 08, 2026 |
| CVE-2026-6459 | MEDIUM | 6.4 | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar widget … | Jul 08, 2026 |
| CVE-2026-5459 | MEDIUM | 5.3 | The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in … | Jul 08, 2026 |
| CVE-2026-5356 | HIGH | 7.5 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and … | Jul 08, 2026 |
| CVE-2026-14454 | UNKNOWN | — | Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as … | Jul 08, 2026 |
| CVE-2026-12002 | MEDIUM | 4.7 | The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, … | Jul 08, 2026 |
| CVE-2026-6854 | HIGH | 7.5 | The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'mc_auth' parameter in all versions up … | Jul 08, 2026 |
| CVE-2026-6818 | HIGH | 7.2 | The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'special_requests' parameter in all versions up to, … | Jul 08, 2026 |
| CVE-2026-6742 | MEDIUM | 6.4 | The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in all versions up to, and including, 2026.1 due … | Jul 08, 2026 |