Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10192
Total
692
Critical
2939
High
3205
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41970 | MEDIUM | 6.8 | Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability. | May 15, 2026 |
| CVE-2026-41969 | MEDIUM | 6.2 | Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | May 15, 2026 |
| CVE-2026-41968 | MEDIUM | 5.9 | Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | May 15, 2026 |
| CVE-2026-41967 | MEDIUM | 5.9 | Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | May 15, 2026 |
| CVE-2026-41966 | MEDIUM | 5.6 | Permission control vulnerability in the smart sensing service. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | May 15, 2026 |
| CVE-2026-41965 | MEDIUM | 5.6 | Use-After-Free (UAF) vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability. | May 15, 2026 |
| CVE-2026-41964 | HIGH | 8.4 | Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability. | May 15, 2026 |
| CVE-2026-41963 | LOW | 2.8 | Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability. | May 15, 2026 |
| CVE-2026-41962 | LOW | 3.6 | Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | May 15, 2026 |
| CVE-2026-41961 | MEDIUM | 5.9 | Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability. | May 15, 2026 |
| CVE-2026-41960 | MEDIUM | 5.8 | Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability. | May 15, 2026 |
| CVE-2026-8425 | MEDIUM | 4.3 | The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing … | May 15, 2026 |
| CVE-2026-8398 | CRITICAL | 9.8 | A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between … | May 15, 2026 |
| CVE-2026-7563 | MEDIUM | 4.3 | The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and … | May 15, 2026 |
| CVE-2026-7046 | MEDIUM | 4.9 | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions … | May 15, 2026 |
| CVE-2026-6415 | MEDIUM | 6.4 | The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due … | May 15, 2026 |
| CVE-2026-6403 | HIGH | 7.5 | The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation … | May 15, 2026 |
| CVE-2026-6228 | HIGH | 8.8 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient … | May 15, 2026 |
| CVE-2026-5229 | CRITICAL | 9.8 | The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting … | May 15, 2026 |
| CVE-2026-4683 | MEDIUM | 6.5 | The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST … | May 15, 2026 |
| CVE-2026-44088 | UNKNOWN | — | SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file), but loads classes using class JarFile/URLClassLoader … | May 15, 2026 |
| CVE-2026-8654 | UNKNOWN | — | Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host. | May 15, 2026 |
| CVE-2026-6646 | MEDIUM | 6.4 | The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dt_default_button' shortcode in all versions up to, and including, 14.3.2. This is … | May 15, 2026 |
| CVE-2026-4094 | HIGH | 8.1 | The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the … | May 15, 2026 |
| CVE-2026-41702 | HIGH | 7.8 | VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user … | May 15, 2026 |