Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33261 | MEDIUM | 5.9 | A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service. | Apr 22, 2026 |
| CVE-2026-33260 | MEDIUM | 5.3 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal … | Apr 22, 2026 |
| CVE-2026-33259 | MEDIUM | 5.0 | Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent … | Apr 22, 2026 |
| CVE-2026-33258 | MEDIUM | 5.3 | By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches. | Apr 22, 2026 |
| CVE-2026-33257 | MEDIUM | 5.3 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal … | Apr 22, 2026 |
| CVE-2026-33256 | MEDIUM | 5.3 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal … | Apr 22, 2026 |
| CVE-2026-1930 | MEDIUM | 4.3 | The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the page_options_ajax_disconnect() function in all versions … | Apr 22, 2026 |
| CVE-2026-1913 | MEDIUM | 6.4 | The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login_link shortcode in all versions up to, and including, … | Apr 22, 2026 |
| CVE-2026-1395 | MEDIUM | 6.4 | The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider block's block_id attribute in all versions up to, and including, … | Apr 22, 2026 |
| CVE-2026-6846 | HIGH | 7.8 | A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. … | Apr 22, 2026 |
| CVE-2026-6845 | MEDIUM | 5.0 | A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by … | Apr 22, 2026 |
| CVE-2026-6844 | MEDIUM | 5.5 | A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing … | Apr 22, 2026 |
| CVE-2026-6843 | MEDIUM | 5.5 | A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a … | Apr 22, 2026 |
| CVE-2026-6396 | MEDIUM | 4.3 | The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is … | Apr 22, 2026 |
| CVE-2026-6294 | MEDIUM | 4.3 | The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4. This is due to missing … | Apr 22, 2026 |
| CVE-2026-6246 | MEDIUM | 6.4 | The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'container_right_width' attribute of the 'simple_random_posts' shortcode in all versions … | Apr 22, 2026 |
| CVE-2026-6236 | MEDIUM | 6.4 | The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 … | Apr 22, 2026 |
| CVE-2026-6235 | CRITICAL | 9.8 | The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This … | Apr 22, 2026 |
| CVE-2026-6041 | MEDIUM | 4.4 | The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' (buzz_comments_avatar_image) setting in all versions up to, and … | Apr 22, 2026 |
| CVE-2026-5820 | MEDIUM | 6.4 | The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, … | Apr 22, 2026 |
| CVE-2026-5767 | MEDIUM | 6.4 | The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `slideShowProSC` shortcode in all versions up to, and including, 1.0.2 … | Apr 22, 2026 |
| CVE-2026-5748 | MEDIUM | 6.4 | The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ts` shortcode in all versions up to, and including, 0.0.1 … | Apr 22, 2026 |
| CVE-2026-4353 | MEDIUM | 6.4 | The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `cihub_metadata` shortcode in all versions up … | Apr 22, 2026 |
| CVE-2026-4280 | MEDIUM | 6.5 | The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to … | Apr 22, 2026 |
| CVE-2026-4279 | MEDIUM | 6.4 | The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button' shortcode in all versions up to, and including, 8.2.0.25. … | Apr 22, 2026 |