Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20806
Total
1504
Critical
6313
High
6591
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-8330 | MEDIUM | 4.4 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain … | Jun 25, 2026 |
| CVE-2026-5952 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain … | Jun 25, 2026 |
| CVE-2026-5796 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain … | Jun 25, 2026 |
| CVE-2026-5309 | MEDIUM | 5.4 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain … | Jun 25, 2026 |
| CVE-2026-3176 | LOW | 3.1 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain … | Jun 25, 2026 |
| CVE-2026-2238 | MEDIUM | 5.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain … | Jun 25, 2026 |
| CVE-2026-1606 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain … | Jun 25, 2026 |
| CVE-2026-13311 | HIGH | 7.5 | shell-quote prior to 1.8.5 finalizes parsed tokens in parse() using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every … | Jun 25, 2026 |
| CVE-2026-12635 | NONE | — | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain … | Jun 25, 2026 |
| CVE-2026-12053 | HIGH | 8.6 | GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to … | Jun 25, 2026 |
| CVE-2026-11379 | MEDIUM | 5.3 | GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 … | Jun 25, 2026 |
| CVE-2026-10712 | HIGH | 8.0 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain … | Jun 25, 2026 |
| CVE-2026-10086 | HIGH | 8.7 | GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain … | Jun 25, 2026 |
| CVE-2026-0934 | LOW | 3.8 | GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain … | Jun 25, 2026 |
| CVE-2026-2508 | MEDIUM | 6.5 | The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staff_id’ parameter in all versions up to, and including, 2.7.1 … | Jun 25, 2026 |
| CVE-2026-12079 | MEDIUM | 6.5 | The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due … | Jun 25, 2026 |
| CVE-2026-12077 | HIGH | 7.5 | The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and … | Jun 25, 2026 |
| CVE-2026-10833 | MEDIUM | 6.4 | The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configurablePrefix' Block … | Jun 25, 2026 |
| CVE-2026-8662 | LOW | 3.3 | Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted … | Jun 25, 2026 |
| CVE-2026-8658 | MEDIUM | 6.0 | OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters … | Jun 25, 2026 |
| CVE-2026-8666 | HIGH | 7.7 | OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the … | Jun 25, 2026 |
| CVE-2026-8665 | HIGH | 7.7 | OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the … | Jun 25, 2026 |
| CVE-2026-8664 | MEDIUM | 6.0 | OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters … | Jun 25, 2026 |
| CVE-2026-8660 | HIGH | 7.7 | OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the … | Jun 25, 2026 |
| CVE-2026-8592 | HIGH | 7.7 | OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the … | Jun 25, 2026 |