Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2023-54345 | HIGH | 8.8 | Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting … | May 05, 2026 |
| CVE-2023-54344 | CRITICAL | 9.8 | Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the … | May 05, 2026 |
| CVE-2023-54342 | CRITICAL | 9.8 | Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code … | May 05, 2026 |
| CVE-2026-6322 | HIGH | 7.5 | fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed … | May 05, 2026 |
| CVE-2025-42611 | MEDIUM | 6.5 | RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, … | May 05, 2026 |
| CVE-2026-43870 | UNKNOWN | — | Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting'), … | May 05, 2026 |
| CVE-2026-43868 | MEDIUM | 5.3 | Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, … | May 05, 2026 |
| CVE-2026-3601 | MEDIUM | 4.3 | The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `embed_form_action()` function … | May 05, 2026 |
| CVE-2026-3359 | HIGH | 7.5 | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter … | May 05, 2026 |
| CVE-2026-43869 | UNKNOWN | — | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version … | May 05, 2026 |
| CVE-2026-7824 | UNKNOWN | — | An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" (diagnostic) mode is enabled, the application inadvertently records administrative credentials … | May 05, 2026 |
| CVE-2026-6418 | UNKNOWN | — | An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path … | May 05, 2026 |
| CVE-2026-6180 | UNKNOWN | — | A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order … | May 05, 2026 |
| CVE-2026-5192 | HIGH | 7.5 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and … | May 05, 2026 |
| CVE-2026-40797 | CRITICAL | 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection. This issue affects WebinarIgnition: … | May 05, 2026 |
| CVE-2026-3454 | MEDIUM | 6.5 | The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing … | May 05, 2026 |
| CVE-2026-2729 | MEDIUM | 5.3 | The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not … | May 05, 2026 |
| CVE-2026-7823 | CRITICAL | 9.8 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable … | May 05, 2026 |
| CVE-2026-7822 | MEDIUM | 6.3 | A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /print_pdets.php. The manipulation of the argument ids … | May 05, 2026 |
| CVE-2026-7812 | HIGH | 7.3 | A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP … | May 05, 2026 |
| CVE-2026-7811 | HIGH | 7.3 | A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component … | May 05, 2026 |
| CVE-2026-4362 | MEDIUM | 6.5 | The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `Live_Action::reset()` function in … | May 05, 2026 |
| CVE-2026-7810 | HIGH | 7.3 | A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create_notebook/read_notebook/edit_cell/add_cell of the file server.py. This manipulation causes path traversal. … | May 05, 2026 |
| CVE-2026-5957 | MEDIUM | 6.5 | The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed … | May 05, 2026 |
| CVE-2026-5294 | CRITICAL | 9.8 | The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX … | May 05, 2026 |