Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11067
Total
752
Critical
3202
High
3546
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-3360 | HIGH | 7.5 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, … | Apr 10, 2026 |
| CVE-2026-2712 | MEDIUM | 5.4 | The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the `receive_heartbeat()` function in `includes/class-wp-optimize-heartbeat.php` in all … | Apr 10, 2026 |
| CVE-2026-25203 | HIGH | 7.8 | Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1. | Apr 10, 2026 |
| CVE-2026-1924 | MEDIUM | 4.3 | The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to … | Apr 10, 2026 |
| CVE-2026-1263 | MEDIUM | 6.4 | The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient … | Apr 10, 2026 |
| CVE-2026-5995 | CRITICAL | 9.8 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a … | Apr 10, 2026 |
| CVE-2026-5994 | CRITICAL | 9.8 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | Apr 10, 2026 |
| CVE-2026-5993 | CRITICAL | 9.8 | A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation … | Apr 10, 2026 |
| CVE-2026-5992 | HIGH | 8.8 | A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based … | Apr 10, 2026 |
| CVE-2026-5991 | HIGH | 8.8 | A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument … | Apr 10, 2026 |
| CVE-2026-5990 | HIGH | 8.8 | A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the … | Apr 10, 2026 |
| CVE-2026-5989 | HIGH | 8.8 | A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page … | Apr 10, 2026 |
| CVE-2026-5460 | UNKNOWN | — | A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error handling path of TLSX_KeyShare_ProcessPqcHybridClient() in src/tls.c, the inner … | Apr 10, 2026 |
| CVE-2026-5448 | UNKNOWN | — | X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility … | Apr 10, 2026 |
| CVE-2026-5393 | UNKNOWN | — | Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and … | Apr 10, 2026 |
| CVE-2026-5392 | UNKNOWN | — | Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the … | Apr 10, 2026 |
| CVE-2026-5988 | HIGH | 8.8 | A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mit_ssid results … | Apr 09, 2026 |
| CVE-2026-5987 | MEDIUM | 4.7 | A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java of the component FreeMarker … | Apr 09, 2026 |
| CVE-2026-5986 | MEDIUM | 5.3 | A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of … | Apr 09, 2026 |
| CVE-2026-5985 | HIGH | 7.3 | A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The … | Apr 09, 2026 |
| CVE-2026-5507 | UNKNOWN | — | When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can … | Apr 09, 2026 |
| CVE-2026-5504 | UNKNOWN | — | A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In … | Apr 09, 2026 |
| CVE-2026-5503 | UNKNOWN | — | In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attacker-controlled publicName to the shared WOLFSSL_CTX … | Apr 09, 2026 |
| CVE-2026-5295 | UNKNOWN | — | A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo (ORI) … | Apr 09, 2026 |
| CVE-2026-34424 | CRITICAL | 9.8 | Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated … | Apr 09, 2026 |