Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-2719 | MEDIUM | 4.4 | The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. … | Apr 22, 2026 |
| CVE-2026-2717 | MEDIUM | 5.5 | The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization … | Apr 22, 2026 |
| CVE-2026-2714 | MEDIUM | 4.4 | The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, … | Apr 22, 2026 |
| CVE-2026-1845 | MEDIUM | 5.5 | The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due … | Apr 22, 2026 |
| CVE-2026-1379 | MEDIUM | 4.4 | The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to … | Apr 22, 2026 |
| CVE-2026-6842 | LOW | 2.5 | A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for … | Apr 22, 2026 |
| CVE-2026-6023 | HIGH | 8.1 | In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state … | Apr 22, 2026 |
| CVE-2026-6022 | HIGH | 7.5 | In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum … | Apr 22, 2026 |
| CVE-2026-40542 | HIGH | 7.3 | Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. … | Apr 22, 2026 |
| CVE-2026-6840 | MEDIUM | 5.5 | Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0. | Apr 22, 2026 |
| CVE-2026-6839 | MEDIUM | 6.6 | Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source … | Apr 22, 2026 |
| CVE-2026-41667 | MEDIUM | 6.6 | Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is … | Apr 22, 2026 |
| CVE-2026-41666 | MEDIUM | 6.6 | Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation. Affected version … | Apr 22, 2026 |
| CVE-2026-41665 | MEDIUM | 6.1 | Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors. Affected version is prior … | Apr 22, 2026 |
| CVE-2026-41664 | MEDIUM | 6.6 | Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes. Affected version is … | Apr 22, 2026 |
| CVE-2026-40450 | MEDIUM | 6.6 | Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors. Affected … | Apr 22, 2026 |
| CVE-2026-40449 | MEDIUM | 6.6 | Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsung Open Source ONE. Affected version … | Apr 22, 2026 |
| CVE-2026-40448 | MEDIUM | 5.3 | Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE. Affected version is … | Apr 22, 2026 |
| CVE-2026-22754 | HIGH | 7.5 | Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then the servlet … | Apr 22, 2026 |
| CVE-2026-22753 | HIGH | 7.5 | Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter … | Apr 22, 2026 |
| CVE-2026-22748 | MEDIUM | 5.3 | Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator<Jwt> separately, for example by calling … | Apr 22, 2026 |
| CVE-2026-22747 | MEDIUM | 6.8 | Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for … | Apr 22, 2026 |
| CVE-2026-22746 | LOW | 3.7 | Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's … | Apr 22, 2026 |
| CVE-2026-40451 | MEDIUM | 6.1 | DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's … | Apr 22, 2026 |
| CVE-2026-6835 | MEDIUM | 6.1 | The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, … | Apr 22, 2026 |