Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10671
Total
727
Critical
3077
High
3393
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-66170 | UNKNOWN | — | The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this … | May 08, 2026 |
| CVE-2022-50994 | HIGH | 8.1 | DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to … | May 08, 2026 |
| CVE-2026-8153 | CRITICAL | 9.8 | OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.21.1 allows unauthenticated attacker to craft commands that will execute code … | May 08, 2026 |
| CVE-2026-8076 | UNKNOWN | — | Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system … | May 08, 2026 |
| CVE-2026-3318 | UNKNOWN | — | Open redirection vulnerability in the latest demo version of the Cradle eCommerce platform. The vulnerability occurs in the login form endpoint, where the ‘returnUrl’ parameter … | May 08, 2026 |
| CVE-2026-7650 | MEDIUM | 6.4 | The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `e2pdf-download` shortcode … | May 08, 2026 |
| CVE-2026-7475 | MEDIUM | 6.4 | The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `sky-custom-scripts` custom post type in all versions up to, and including, … | May 08, 2026 |
| CVE-2026-6213 | UNKNOWN | — | A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root … | May 08, 2026 |
| CVE-2026-5341 | MEDIUM | 6.4 | The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `strava_nmr_connect` shortcode in all versions up to, and including, … | May 08, 2026 |
| CVE-2026-7330 | HIGH | 7.2 | The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient … | May 08, 2026 |
| CVE-2026-5127 | HIGH | 8.8 | The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in … | May 08, 2026 |
| CVE-2026-44928 | LOW | 2.9 | In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal. | May 08, 2026 |
| CVE-2026-44927 | LOW | 2.9 | In uriparser before 1.0.2, there is pointer difference truncation to int in various places. | May 08, 2026 |
| CVE-2026-43284 | HIGH | 7.8 | In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a … | May 08, 2026 |
| CVE-2013-10075 | UNKNOWN | — | Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can … | May 08, 2026 |
| CVE-2026-8149 | UNKNOWN | — | A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. … | May 08, 2026 |
| CVE-2026-8069 | UNKNOWN | — | PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal … | May 08, 2026 |
| CVE-2026-4935 | HIGH | 8.6 | The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow … | May 08, 2026 |
| CVE-2026-44916 | LOW | 3.0 | In OpenStack Ironic through 35.x, instance_info['ks_template'] is rendered without sandboxing. | May 08, 2026 |
| CVE-2025-69691 | UNKNOWN | — | Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available … | May 08, 2026 |
| CVE-2025-69690 | UNKNOWN | — | Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. … | May 08, 2026 |
| CVE-2025-69599 | UNKNOWN | — | RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is … | May 08, 2026 |
| CVE-2025-67888 | HIGH | 7.3 | An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php (when the "api" parameter … | May 08, 2026 |
| CVE-2025-67887 | UNKNOWN | — | 1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a … | May 08, 2026 |
| CVE-2025-67886 | UNKNOWN | — | Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a … | May 08, 2026 |