Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-42648 | MEDIUM | 4.3 | Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.19.22. | Apr 29, 2026 |
| CVE-2026-42646 | HIGH | 7.6 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: … | Apr 29, 2026 |
| CVE-2026-42645 | MEDIUM | 4.3 | Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Cross Site Request Forgery.This … | Apr 29, 2026 |
| CVE-2026-42644 | MEDIUM | 5.3 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a … | Apr 29, 2026 |
| CVE-2026-42643 | MEDIUM | 5.9 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a … | Apr 29, 2026 |
| CVE-2026-42642 | MEDIUM | 5.3 | Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 4.14.5. | Apr 29, 2026 |
| CVE-2026-42641 | MEDIUM | 5.4 | Server-Side Request Forgery (SSRF) vulnerability in ILLID Share This Image share-this-image allows Server Side Request Forgery.This issue affects Share This Image: from n/a through <= … | Apr 29, 2026 |
| CVE-2026-42249 | UNKNOWN | — | Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, … | Apr 29, 2026 |
| CVE-2026-42248 | UNKNOWN | — | Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine … | Apr 29, 2026 |
| CVE-2026-2902 | MEDIUM | 6.1 | The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontend_rewrite' function's 'WPMETEOR[N]WPMETEOR' placeholder content in all … | Apr 29, 2026 |
| CVE-2026-22745 | MEDIUM | 5.3 | Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all … | Apr 29, 2026 |
| CVE-2026-22741 | LOW | 3.1 | Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following … | Apr 29, 2026 |
| CVE-2026-22740 | MEDIUM | 6.5 | A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not … | Apr 29, 2026 |
| CVE-2026-4019 | MEDIUM | 5.3 | The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is … | Apr 29, 2026 |
| CVE-2026-42518 | UNKNOWN | — | This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit … | Apr 29, 2026 |
| CVE-2026-42517 | UNKNOWN | — | This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by … | Apr 29, 2026 |
| CVE-2026-42516 | UNKNOWN | — | This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in … | Apr 29, 2026 |
| CVE-2026-42515 | UNKNOWN | — | This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in … | Apr 29, 2026 |
| CVE-2026-42514 | UNKNOWN | — | This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API … | Apr 29, 2026 |
| CVE-2026-42513 | UNKNOWN | — | This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit … | Apr 29, 2026 |
| CVE-2026-42412 | MEDIUM | 6.5 | Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through … | Apr 29, 2026 |
| CVE-2026-3325 | UNKNOWN | — | SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the “id_territorio” parameter of the “/web_comunications/cms/get_provincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user … | Apr 29, 2026 |
| CVE-2025-10503 | MEDIUM | 6.1 | The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of … | Apr 29, 2026 |
| CVE-2026-42377 | HIGH | 7.3 | Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0. | Apr 29, 2026 |
| CVE-2026-35155 | HIGH | 7.1 | Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to … | Apr 29, 2026 |