Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-43079 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Skip discovery table for offline dies This warning can be triggered if NUMA is … | May 06, 2026 |
| CVE-2026-43078 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl When page reassignment was added to … | May 06, 2026 |
| CVE-2026-43077 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Fix minimum RX size check for decryption The check for the minimum … | May 06, 2026 |
| CVE-2026-43076 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate inline data i_size during inode read When reading an inode from disk, ocfs2_validate_inode_block() … | May 06, 2026 |
| CVE-2026-43075 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix out-of-bounds write in ocfs2_write_end_inline KASAN reports a use-after-free write of 4086 bytes in … | May 06, 2026 |
| CVE-2026-43074 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain situations, ep_free() in eventpoll.c … | May 06, 2026 |
| CVE-2026-42509 | MEDIUM | 6.1 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from … | May 06, 2026 |
| CVE-2026-40010 | CRITICAL | 9.1 | Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue … | May 06, 2026 |
| CVE-2026-40001 | MEDIUM | 5.2 | There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, … | May 06, 2026 |
| CVE-2026-35255 | MEDIUM | 6.6 | Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily … | May 06, 2026 |
| CVE-2026-1719 | HIGH | 7.5 | The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on … | May 06, 2026 |
| CVE-2026-7841 | HIGH | 8.8 | A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on … | May 06, 2026 |
| CVE-2026-7457 | MEDIUM | 6.4 | The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input … | May 06, 2026 |
| CVE-2026-7448 | HIGH | 7.2 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'first_name' parameter in all … | May 06, 2026 |
| CVE-2026-7332 | HIGH | 7.2 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking_form_page_url' parameter in all … | May 06, 2026 |
| CVE-2026-6672 | MEDIUM | 6.4 | The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and … | May 06, 2026 |
| CVE-2026-6344 | MEDIUM | 4.9 | The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path … | May 06, 2026 |
| CVE-2026-35254 | MEDIUM | 6.1 | Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated … | May 06, 2026 |
| CVE-2026-35253 | MEDIUM | 4.7 | Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated … | May 06, 2026 |
| CVE-2026-23928 | UNKNOWN | — | The Item history widget (in Zabbix 7.0+) or the Plain text widget (in Zabbix 6.0) can execute injected JavaScript when HTML display is enabled. This … | May 06, 2026 |
| CVE-2026-23927 | UNKNOWN | — | A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 … | May 06, 2026 |
| CVE-2026-23926 | UNKNOWN | — | An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance … | May 06, 2026 |
| CVE-2026-2306 | MEDIUM | 4.3 | The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the … | May 06, 2026 |
| CVE-2026-5753 | MEDIUM | 6.5 | The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to … | May 06, 2026 |
| CVE-2026-3208 | MEDIUM | 5.3 | The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mp_pix_image' … | May 06, 2026 |