Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10671
Total
727
Critical
3077
High
3393
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7252 | HIGH | 8.1 | The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion … | May 07, 2026 |
| CVE-2026-6692 | HIGH | 8.8 | The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is … | May 07, 2026 |
| CVE-2026-4348 | HIGH | 7.5 | The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `get_current_letter_docs` and `docs_sort_by_letter` AJAX actions in all versions up to, and including, … | May 07, 2026 |
| CVE-2026-41641 | HIGH | 7.2 | NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL … | May 07, 2026 |
| CVE-2026-41586 | UNKNOWN | — | Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() … | May 07, 2026 |
| CVE-2026-41413 | MEDIUM | 5.0 | Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a … | May 07, 2026 |
| CVE-2026-41143 | HIGH | 8.8 | YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. … | May 07, 2026 |
| CVE-2026-41139 | HIGH | 8.8 | Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression … | May 07, 2026 |
| CVE-2026-6214 | MEDIUM | 6.5 | The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen_for_saving_export_schedule() function … | May 07, 2026 |
| CVE-2026-44603 | LOW | 3.7 | Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007. | May 07, 2026 |
| CVE-2026-44602 | LOW | 3.7 | Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006. | May 07, 2026 |
| CVE-2026-44601 | LOW | 3.7 | Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009. | May 07, 2026 |
| CVE-2026-42217 | UNKNOWN | — | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to … | May 07, 2026 |
| CVE-2026-42216 | UNKNOWN | — | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to … | May 07, 2026 |
| CVE-2026-42194 | MEDIUM | 6.8 | Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetch_metadata.php validates the resolved IP address but passes … | May 07, 2026 |
| CVE-2026-41891 | UNKNOWN | — | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version … | May 07, 2026 |
| CVE-2026-41890 | UNKNOWN | — | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version … | May 07, 2026 |
| CVE-2026-41675 | UNKNOWN | — | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and … | May 07, 2026 |
| CVE-2026-41674 | UNKNOWN | — | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and … | May 07, 2026 |
| CVE-2026-41673 | UNKNOWN | — | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and … | May 07, 2026 |
| CVE-2026-41672 | UNKNOWN | — | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and … | May 07, 2026 |
| CVE-2026-41671 | MEDIUM | 6.8 | Admidio is an open-source user management solution. Prior to version 5.0.9, the OIDC token introspection endpoint (/modules/sso/index.php/oidc/introspect) always returns {"active": true} for every request, regardless … | May 07, 2026 |
| CVE-2026-41670 | HIGH | 8.2 | Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from … | May 07, 2026 |
| CVE-2026-41669 | HIGH | 8.2 | Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature() method … | May 07, 2026 |
| CVE-2026-41663 | LOW | 3.5 | Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module (database backup, test email, htaccess generation) fire … | May 07, 2026 |