Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-3581 | MEDIUM | 5.3 | The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the … | Apr 16, 2026 |
| CVE-2026-3551 | MEDIUM | 4.4 | The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and … | Apr 16, 2026 |
| CVE-2026-22619 | HIGH | 7.8 | Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with … | Apr 16, 2026 |
| CVE-2026-22618 | MEDIUM | 5.9 | A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users … | Apr 16, 2026 |
| CVE-2026-22617 | MEDIUM | 5.7 | Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a … | Apr 16, 2026 |
| CVE-2026-40118 | MEDIUM | 6.3 | UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the … | Apr 16, 2026 |
| CVE-2026-22616 | MEDIUM | 6.5 | Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has … | Apr 16, 2026 |
| CVE-2026-22615 | MEDIUM | 6.0 | Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and … | Apr 16, 2026 |
| CVE-2023-5872 | MEDIUM | 4.3 | In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific … | Apr 16, 2026 |
| CVE-2023-3634 | HIGH | 8.8 | In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to … | Apr 16, 2026 |
| CVE-2026-5070 | MEDIUM | 6.4 | The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to … | Apr 16, 2026 |
| CVE-2026-4032 | MEDIUM | 6.1 | The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, … | Apr 16, 2026 |
| CVE-2026-3878 | MEDIUM | 6.4 | The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_options[icon_size]' parameter in all versions up to, and including, 2.2.9 due … | Apr 16, 2026 |
| CVE-2026-6351 | HIGH | 7.5 | MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files. | Apr 16, 2026 |
| CVE-2026-6350 | CRITICAL | 9.8 | MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code. | Apr 16, 2026 |
| CVE-2026-6349 | UNKNOWN | — | The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the … | Apr 16, 2026 |
| CVE-2026-6348 | HIGH | 8.8 | WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local … | Apr 16, 2026 |
| CVE-2026-41015 | HIGH | 7.4 | radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to … | Apr 16, 2026 |
| CVE-2026-3885 | MEDIUM | 6.4 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_box' shortcode in all versions up … | Apr 16, 2026 |
| CVE-2026-3428 | UNKNOWN | — | A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center(华硕大厅) allows a local user to achieve privilege escalation to … | Apr 16, 2026 |
| CVE-2026-1880 | UNKNOWN | — | An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources … | Apr 16, 2026 |
| CVE-2026-40962 | MEDIUM | 4.9 | FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c. | Apr 16, 2026 |
| CVE-2026-40505 | LOW | 3.3 | MuPDF mutool does not sanitize PDF metadata fields before writing them to terminal output, allowing attackers to inject arbitrary ANSI escape sequences through crafted PDF … | Apr 16, 2026 |
| CVE-2026-40504 | CRITICAL | 9.8 | Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with … | Apr 16, 2026 |
| CVE-2026-3299 | MEDIUM | 6.4 | The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lyte' shortcode in all versions up to, and including, … | Apr 16, 2026 |