Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22874
Total
1630
Critical
7150
High
7293
Medium
CVE ID Severity Score Description Published
CVE-2026-11785 MEDIUM 4.3 A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be … Jun 09, 2026
CVE-2026-46324 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use list_del_rcu for netlink hooks nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks need to use list_del_rcu(), this … Jun 09, 2026
CVE-2026-46323 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skb_gro_receive() can currently copy frags between the source and … Jun 09, 2026
CVE-2026-46322 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: tun: free page on build_skb failure in tun_xdp_one() When build_skb() fails in tun_xdp_one(), the function … Jun 09, 2026
CVE-2026-46321 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tun_xdp_one() tun_xdp_one() returns -EINVAL on a frame shorter … Jun 09, 2026
CVE-2026-46320 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tap_get_user_xdp() tap_get_user_xdp() rejects a frame shorter than ETH_HLEN … Jun 09, 2026
CVE-2026-46319 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: Only release RCU read lock after ct_ft When looking up a flow table … Jun 09, 2026
CVE-2026-46318 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: Revert "mm/hugetlbfs: update hugetlbfs to use mmap_prepare" This reverts commit ea52cb24cd3f ("mm/hugetlbfs: update hugetlbfs to … Jun 09, 2026
CVE-2026-46317 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nested_mmus array behind mmu_lock kvm->arch.nested_mmus[] is walked under kvm->mmu_lock, including from the … Jun 09, 2026
CVE-2026-46316 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks … Jun 09, 2026
CVE-2026-2638 UNKNOWN A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race … Jun 09, 2026
CVE-2026-11764 UNKNOWN When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the … Jun 09, 2026
CVE-2017-20251 CRITICAL 9.8 WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious … Jun 09, 2026
CVE-2017-20250 HIGH 7.5 Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send … Jun 09, 2026
CVE-2017-20249 HIGH 8.2 Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid … Jun 09, 2026
CVE-2017-20248 HIGH 7.5 Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send … Jun 09, 2026
CVE-2017-20247 HIGH 8.2 WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through … Jun 09, 2026
CVE-2017-20246 HIGH 8.2 KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers … Jun 09, 2026
CVE-2017-20245 HIGH 8.2 Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST … Jun 09, 2026
CVE-2017-20244 HIGH 8.2 Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST … Jun 09, 2026
CVE-2017-20243 HIGH 8.2 WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting … Jun 09, 2026
CVE-2016-20065 HIGH 8.2 Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code … Jun 09, 2026
CVE-2016-20064 MEDIUM 6.2 WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include … Jun 09, 2026
CVE-2016-20063 HIGH 7.1 Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message … Jun 09, 2026
CVE-2016-20062 HIGH 8.2 Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the … Jun 09, 2026