Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33999 | HIGH | 7.8 | A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local … | Apr 23, 2026 |
| CVE-2026-23751 | CRITICAL | 9.8 | Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 … | Apr 23, 2026 |
| CVE-2025-62373 | CRITICAL | 9.8 | Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` – an … | Apr 23, 2026 |
| CVE-2025-50229 | UNKNOWN | — | Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module. | Apr 23, 2026 |
| CVE-2026-41461 | HIGH | 8.5 | SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter … | Apr 23, 2026 |
| CVE-2026-41460 | CRITICAL | 9.8 | SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized … | Apr 23, 2026 |
| CVE-2026-35225 | UNKNOWN | — | An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections. | Apr 23, 2026 |
| CVE-2025-70994 | HIGH | 7.3 | Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF … | Apr 23, 2026 |
| CVE-2026-39440 | CRITICAL | 9.9 | Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1. | Apr 23, 2026 |
| CVE-2025-66286 | MEDIUM | 4.7 | An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect … | Apr 23, 2026 |
| CVE-2025-13763 | MEDIUM | 5.7 | Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device … | Apr 23, 2026 |
| CVE-2026-31532 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-after-free in raw_rcv() raw_release() unregisters raw CAN receive filters via can_rx_unregister(), … | Apr 23, 2026 |
| CVE-2026-31531 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop() When querying a nexthop object via RTM_GETNEXTHOP, the … | Apr 23, 2026 |
| CVE-2026-28040 | MEDIUM | 6.5 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects Taxi … | Apr 23, 2026 |
| CVE-2025-62110 | MEDIUM | 6.5 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a … | Apr 23, 2026 |
| CVE-2025-62104 | MEDIUM | 4.3 | Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through … | Apr 23, 2026 |
| CVE-2026-6903 | HIGH | 7.5 | The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability … | Apr 23, 2026 |
| CVE-2026-6887 | CRITICAL | 9.8 | Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL … | Apr 23, 2026 |
| CVE-2026-6886 | CRITICAL | 9.8 | Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the … | Apr 23, 2026 |
| CVE-2026-6885 | CRITICAL | 9.8 | Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and … | Apr 23, 2026 |
| CVE-2026-5464 | HIGH | 7.2 | The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation in all … | Apr 23, 2026 |
| CVE-2026-3960 | MEDIUM | 5.9 | A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to … | Apr 23, 2026 |
| CVE-2026-3259 | UNKNOWN | — | A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated … | Apr 23, 2026 |
| CVE-2026-41564 | HIGH | 7.5 | CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed … | Apr 23, 2026 |
| CVE-2026-4512 | LOW | 3.5 | The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context … | Apr 23, 2026 |