Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10110
Total
681
Critical
2907
High
3176
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-8719 | HIGH | 8.8 | The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is … | May 17, 2026 |
| CVE-2026-8725 | HIGH | 7.3 | A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component … | May 17, 2026 |
| CVE-2026-8724 | MEDIUM | 4.7 | A security flaw has been discovered in Dataease 2.10.20. Impacted is the function SqlparserUtils.transFilter of the file SqlparserUtils.java of the component Data Dashboard. The manipulation … | May 17, 2026 |
| CVE-2026-8723 | MEDIUM | 5.3 | ### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and … | May 17, 2026 |
| CVE-2026-6050 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | May 16, 2026 |
| CVE-2026-46728 | HIGH | 8.2 | Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash. | May 16, 2026 |
| CVE-2021-47981 | MEDIUM | 5.4 | Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the … | May 16, 2026 |
| CVE-2021-47980 | HIGH | 7.1 | Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter … | May 16, 2026 |
| CVE-2021-47979 | HIGH | 8.8 | WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. … | May 16, 2026 |
| CVE-2021-47978 | MEDIUM | 6.2 | ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send … | May 16, 2026 |
| CVE-2021-47977 | HIGH | 7.5 | WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file … | May 16, 2026 |
| CVE-2021-47976 | HIGH | 8.8 | TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers … | May 16, 2026 |
| CVE-2021-47975 | HIGH | 7.2 | WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit … | May 16, 2026 |
| CVE-2021-47974 | HIGH | 7.8 | VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate … | May 16, 2026 |
| CVE-2021-47973 | HIGH | 7.5 | Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note … | May 16, 2026 |
| CVE-2021-47972 | HIGH | 7.5 | Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long … | May 16, 2026 |
| CVE-2021-47971 | HIGH | 7.5 | My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note … | May 16, 2026 |
| CVE-2021-47970 | HIGH | 7.5 | Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers … | May 16, 2026 |
| CVE-2021-47969 | HIGH | 7.5 | Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. … | May 16, 2026 |
| CVE-2021-47957 | MEDIUM | 6.4 | Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar … | May 16, 2026 |
| CVE-2021-47956 | HIGH | 8.2 | EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers … | May 16, 2026 |
| CVE-2021-47955 | MEDIUM | 5.4 | CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. … | May 16, 2026 |
| CVE-2021-47954 | HIGH | 8.2 | LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can … | May 16, 2026 |
| CVE-2021-47952 | CRITICAL | 9.8 | python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. … | May 16, 2026 |
| CVE-2021-47942 | HIGH | 7.5 | Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ … | May 16, 2026 |