Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21903
Total
1562
Critical
6654
High
7000
Medium
CVE ID Severity Score Description Published
CVE-2026-12205 CRITICAL 9.1 Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object … Jun 15, 2026
CVE-2026-5064 UNKNOWN Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial … Jun 15, 2026
CVE-2026-48714 CRITICAL 9.1 i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the … Jun 15, 2026
CVE-2026-48713 CRITICAL 9.1 Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. via i18next-http-middleware's missingKeyHandler exposed … Jun 15, 2026
CVE-2026-48157 MEDIUM 6.1 Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses … Jun 15, 2026
CVE-2026-48017 HIGH 8.8 DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into … Jun 15, 2026
CVE-2026-12087 UNKNOWN Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is … Jun 15, 2026
CVE-2026-11832 UNKNOWN Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which … Jun 15, 2026
CVE-2026-9691 CRITICAL 9.8 Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions. Jun 15, 2026
CVE-2026-52703 CRITICAL 9.6 Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. Jun 15, 2026
CVE-2026-52702 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. Jun 15, 2026
CVE-2026-52700 HIGH 8.5 Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. Jun 15, 2026
CVE-2026-52699 HIGH 7.5 Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions. Jun 15, 2026
CVE-2026-52697 HIGH 8.5 Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. Jun 15, 2026
CVE-2026-52695 HIGH 7.5 Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. Jun 15, 2026
CVE-2026-52694 HIGH 7.5 Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. Jun 15, 2026
CVE-2026-52693 CRITICAL 9.3 Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. Jun 15, 2026
CVE-2026-52692 HIGH 7.5 Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. Jun 15, 2026
CVE-2026-49781 CRITICAL 9.8 Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. Jun 15, 2026
CVE-2026-49780 HIGH 8.8 Customer Privilege Escalation in Dokan <= 5.0.2 versions. Jun 15, 2026
CVE-2026-49776 CRITICAL 9.3 Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions. Jun 15, 2026
CVE-2026-49775 MEDIUM 6.5 Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions. Jun 15, 2026
CVE-2026-49773 MEDIUM 6.5 Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions. Jun 15, 2026
CVE-2026-49770 CRITICAL 9.8 Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. Jun 15, 2026
CVE-2026-49769 CRITICAL 9.8 Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions. Jun 15, 2026