Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21903
Total
1562
Critical
6654
High
7000
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-12205 | CRITICAL | 9.1 | Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object … | Jun 15, 2026 |
| CVE-2026-5064 | UNKNOWN | — | Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial … | Jun 15, 2026 |
| CVE-2026-48714 | CRITICAL | 9.1 | i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the … | Jun 15, 2026 |
| CVE-2026-48713 | CRITICAL | 9.1 | Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. via i18next-http-middleware's missingKeyHandler exposed … | Jun 15, 2026 |
| CVE-2026-48157 | MEDIUM | 6.1 | Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses … | Jun 15, 2026 |
| CVE-2026-48017 | HIGH | 8.8 | DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into … | Jun 15, 2026 |
| CVE-2026-12087 | UNKNOWN | — | Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is … | Jun 15, 2026 |
| CVE-2026-11832 | UNKNOWN | — | Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which … | Jun 15, 2026 |
| CVE-2026-9691 | CRITICAL | 9.8 | Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions. | Jun 15, 2026 |
| CVE-2026-52703 | CRITICAL | 9.6 | Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. | Jun 15, 2026 |
| CVE-2026-52702 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. | Jun 15, 2026 |
| CVE-2026-52700 | HIGH | 8.5 | Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. | Jun 15, 2026 |
| CVE-2026-52699 | HIGH | 7.5 | Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions. | Jun 15, 2026 |
| CVE-2026-52697 | HIGH | 8.5 | Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. | Jun 15, 2026 |
| CVE-2026-52695 | HIGH | 7.5 | Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. | Jun 15, 2026 |
| CVE-2026-52694 | HIGH | 7.5 | Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. | Jun 15, 2026 |
| CVE-2026-52693 | CRITICAL | 9.3 | Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. | Jun 15, 2026 |
| CVE-2026-52692 | HIGH | 7.5 | Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. | Jun 15, 2026 |
| CVE-2026-49781 | CRITICAL | 9.8 | Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. | Jun 15, 2026 |
| CVE-2026-49780 | HIGH | 8.8 | Customer Privilege Escalation in Dokan <= 5.0.2 versions. | Jun 15, 2026 |
| CVE-2026-49776 | CRITICAL | 9.3 | Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions. | Jun 15, 2026 |
| CVE-2026-49775 | MEDIUM | 6.5 | Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions. | Jun 15, 2026 |
| CVE-2026-49773 | MEDIUM | 6.5 | Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions. | Jun 15, 2026 |
| CVE-2026-49770 | CRITICAL | 9.8 | Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. | Jun 15, 2026 |
| CVE-2026-49769 | CRITICAL | 9.8 | Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions. | Jun 15, 2026 |