Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23329
Total
1657
Critical
7330
High
7410
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-57246 | HIGH | 7.8 | When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation … | Jul 08, 2026 |
| CVE-2026-57245 | HIGH | 7.8 | When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field … | Jul 08, 2026 |
| CVE-2026-57244 | HIGH | 7.8 | After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the … | Jul 08, 2026 |
| CVE-2026-57243 | MEDIUM | 6.1 | During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application … | Jul 08, 2026 |
| CVE-2026-57242 | HIGH | 7.8 | The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; … | Jul 08, 2026 |
| CVE-2026-57241 | MEDIUM | 6.1 | The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; … | Jul 08, 2026 |
| CVE-2026-57240 | HIGH | 7.8 | When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid … | Jul 08, 2026 |
| CVE-2026-57239 | HIGH | 8.2 | The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM. | Jul 08, 2026 |
| CVE-2026-57238 | HIGH | 7.8 | After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to … | Jul 08, 2026 |
| CVE-2026-57237 | HIGH | 7.8 | When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the … | Jul 08, 2026 |
| CVE-2026-56001 | HIGH | 8.5 | A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the … | Jul 08, 2026 |
| CVE-2026-56000 | UNKNOWN | — | Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a … | Jul 08, 2026 |
| CVE-2026-55999 | HIGH | 8.5 | Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a … | Jul 08, 2026 |
| CVE-2026-13129 | HIGH | 7.8 | When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form … | Jul 08, 2026 |
| CVE-2026-13128 | HIGH | 7.8 | Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document … | Jul 08, 2026 |
| CVE-2026-13127 | HIGH | 7.8 | The application opens the PDF file. JavaScript then rewrites the document to modify the page structure, resulting in the invalidation of the page objects. However, … | Jul 08, 2026 |
| CVE-2026-13126 | HIGH | 7.8 | The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up … | Jul 08, 2026 |
| CVE-2026-9695 | CRITICAL | 9.8 | An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to the server. | Jul 08, 2026 |
| CVE-2026-12378 | HIGH | 8.1 | The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing … | Jul 08, 2026 |
| CVE-2026-9731 | MEDIUM | 4.3 | The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.9. This is due to … | Jul 08, 2026 |
| CVE-2026-9700 | HIGH | 7.5 | The Eventer plugin for WordPress is vulnerable to time-based SQL Injection via the ‘code’ parameter in all versions up to, and including, 4.4.2 due to … | Jul 08, 2026 |
| CVE-2026-57895 | HIGH | 7.8 | Incorrect default permissions issue exists in Pupsman versions prior to 3.9.0. An attacker can place a malicious executable in the installation folder, which results in … | Jul 08, 2026 |
| CVE-2026-56437 | HIGH | 7.8 | Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the … | Jul 08, 2026 |
| CVE-2026-14500 | MEDIUM | 5.3 | The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due … | Jul 08, 2026 |
| CVE-2026-14495 | HIGH | 8.8 | The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists … | Jul 08, 2026 |