Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-13822 | UNKNOWN | — | MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions … | Apr 14, 2026 |
| CVE-2026-4109 | MEDIUM | 4.3 | The Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) plugin for WordPress is vulnerable to unauthorized access of data due to a … | Apr 14, 2026 |
| CVE-2026-33929 | MEDIUM | 4.3 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: … | Apr 14, 2026 |
| CVE-2026-33892 | HIGH | 7.1 | A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= … | Apr 14, 2026 |
| CVE-2026-31924 | MEDIUM | 5.3 | Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users … | Apr 14, 2026 |
| CVE-2026-31923 | HIGH | 7.5 | Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to `ssl_verify` in openid-connect plugin configuration being set to false by default. … | Apr 14, 2026 |
| CVE-2026-31908 | UNKNOWN | — | Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache … | Apr 14, 2026 |
| CVE-2026-27668 | HIGH | 8.8 | A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they … | Apr 14, 2026 |
| CVE-2026-25654 | HIGH | 8.8 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset … | Apr 14, 2026 |
| CVE-2026-24032 | HIGH | 7.3 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient … | Apr 14, 2026 |
| CVE-2025-40745 | LOW | 3.7 | A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), … | Apr 14, 2026 |
| CVE-2026-2582 | MEDIUM | 6.5 | The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_holder' parameter in all versions up to, and including, 3.20.5. … | Apr 14, 2026 |
| CVE-2026-3017 | HIGH | 7.2 | The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in … | Apr 14, 2026 |
| CVE-2026-4479 | MEDIUM | 4.4 | The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and … | Apr 14, 2026 |
| CVE-2026-4059 | MEDIUM | 6.4 | The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentor_quickview_button shortcode's button_text attribute in all versions up to, and including, 3.3.5. … | Apr 14, 2026 |
| CVE-2026-40315 | UNKNOWN | — | PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the table_prefix configuration value is directly … | Apr 14, 2026 |
| CVE-2026-40313 | CRITICAL | 9.1 | PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector … | Apr 14, 2026 |
| CVE-2026-40289 | CRITICAL | 9.1 | PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to … | Apr 14, 2026 |
| CVE-2026-40288 | CRITICAL | 9.8 | PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and … | Apr 14, 2026 |
| CVE-2026-40287 | HIGH | 8.4 | PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from … | Apr 14, 2026 |
| CVE-2026-1607 | MEDIUM | 6.4 | The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `surbma-bookingcom` shortcode in all versions up to, and … | Apr 14, 2026 |
| CVE-2026-6264 | CRITICAL | 9.8 | A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the … | Apr 14, 2026 |
| CVE-2026-6227 | HIGH | 7.2 | The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/backwpup/v1/getblock` REST endpoint in all versions up to, … | Apr 14, 2026 |
| CVE-2026-4388 | HIGH | 7.2 | The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box input type) in form submissions … | Apr 14, 2026 |
| CVE-2026-34984 | UNKNOWN | — | External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in … | Apr 14, 2026 |