Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6272 | UNKNOWN | — | A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. … | Apr 24, 2026 |
| CVE-2026-21728 | HIGH | 7.5 | Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can … | Apr 24, 2026 |
| CVE-2026-4078 | MEDIUM | 6.4 | The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes (iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice) in all versions up to and including … | Apr 24, 2026 |
| CVE-2026-3569 | MEDIUM | 5.3 | The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API … | Apr 24, 2026 |
| CVE-2026-3565 | MEDIUM | 4.3 | The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to a missing … | Apr 24, 2026 |
| CVE-2025-11762 | MEDIUM | 4.3 | The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, … | Apr 24, 2026 |
| CVE-2026-1952 | CRITICAL | 9.8 | Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability. | Apr 24, 2026 |
| CVE-2026-1951 | CRITICAL | 9.8 | Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability. | Apr 24, 2026 |
| CVE-2026-1950 | CRITICAL | 9.8 | Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability. | Apr 24, 2026 |
| CVE-2026-6810 | MEDIUM | 5.3 | The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the … | Apr 24, 2026 |
| CVE-2026-5428 | MEDIUM | 6.4 | The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to … | Apr 24, 2026 |
| CVE-2026-5364 | HIGH | 8.1 | The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, … | Apr 24, 2026 |
| CVE-2026-5347 | MEDIUM | 5.3 | The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence … | Apr 24, 2026 |
| CVE-2026-1949 | CRITICAL | 9.8 | Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service. | Apr 24, 2026 |
| CVE-2026-6947 | HIGH | 7.5 | DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform … | Apr 24, 2026 |
| CVE-2026-6393 | MEDIUM | 4.3 | The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check … | Apr 24, 2026 |
| CVE-2026-5488 | MEDIUM | 5.3 | The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is … | Apr 24, 2026 |
| CVE-2026-41485 | HIGH | 7.7 | Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the `forEach` … | Apr 24, 2026 |
| CVE-2026-41430 | UNKNOWN | — | Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Redirect parameter on login page is vulnerable to reflected … | Apr 24, 2026 |
| CVE-2026-41324 | HIGH | 7.5 | basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings … | Apr 24, 2026 |
| CVE-2026-41323 | HIGH | 8.1 | Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically … | Apr 24, 2026 |
| CVE-2026-41319 | MEDIUM | 6.5 | MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle … | Apr 24, 2026 |
| CVE-2026-41318 | MEDIUM | 5.4 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's … | Apr 24, 2026 |
| CVE-2026-41068 | HIGH | 7.7 | Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's `apiCall` context by … | Apr 24, 2026 |
| CVE-2026-2028 | MEDIUM | 5.3 | The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxi_remove_custom_image_size' AJAX action in … | Apr 24, 2026 |