Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10671
Total
727
Critical
3077
High
3393
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41642 | HIGH | 7.5 | GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service (DoS) vulnerability … | May 07, 2026 |
| CVE-2026-3953 | HIGH | 8.8 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting (XSS), … | May 07, 2026 |
| CVE-2026-33589 | MEDIUM | 6.5 | Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the … | May 07, 2026 |
| CVE-2026-33588 | HIGH | 8.1 | Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the … | May 07, 2026 |
| CVE-2026-33587 | CRITICAL | 10.0 | Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container … | May 07, 2026 |
| CVE-2026-28201 | HIGH | 7.8 | An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to … | May 07, 2026 |
| CVE-2026-27415 | MEDIUM | 4.3 | Cross-Site Request Forgery (CSRF) vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5. | May 07, 2026 |
| CVE-2026-6805 | UNKNOWN | — | Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline … | May 07, 2026 |
| CVE-2026-44407 | MEDIUM | 4.7 | A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service. | May 07, 2026 |
| CVE-2026-27421 | MEDIUM | 6.5 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: … | May 07, 2026 |
| CVE-2026-27416 | MEDIUM | 5.3 | Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1. | May 07, 2026 |
| CVE-2026-27329 | MEDIUM | 5.3 | Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: … | May 07, 2026 |
| CVE-2026-25468 | MEDIUM | 5.3 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects … | May 07, 2026 |
| CVE-2026-25436 | MEDIUM | 5.3 | Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a before … | May 07, 2026 |
| CVE-2025-68604 | MEDIUM | 5.4 | Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3. | May 07, 2026 |
| CVE-2025-68060 | HIGH | 7.6 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection. This issue affects Team … | May 07, 2026 |
| CVE-2025-66105 | MEDIUM | 5.3 | Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket … | May 07, 2026 |
| CVE-2025-62127 | MEDIUM | 5.9 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo … | May 07, 2026 |
| CVE-2025-2514 | MEDIUM | 5.3 | Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage … | May 07, 2026 |
| CVE-2025-1978 | HIGH | 8.3 | Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, … | May 07, 2026 |
| CVE-2024-43384 | HIGH | 8.0 | A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer. | May 07, 2026 |
| CVE-2026-4430 | UNKNOWN | — | Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, … | May 07, 2026 |
| CVE-2026-44406 | MEDIUM | 5.7 | ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, … | May 07, 2026 |
| CVE-2025-9661 | HIGH | 8.1 | OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects … | May 07, 2026 |
| CVE-2026-8063 | MEDIUM | 6.5 | An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects … | May 07, 2026 |