Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22874
Total
1630
Critical
7150
High
7293
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-11785 | MEDIUM | 4.3 | A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be … | Jun 09, 2026 |
| CVE-2026-46324 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use list_del_rcu for netlink hooks nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks need to use list_del_rcu(), this … | Jun 09, 2026 |
| CVE-2026-46323 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skb_gro_receive() can currently copy frags between the source and … | Jun 09, 2026 |
| CVE-2026-46322 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: tun: free page on build_skb failure in tun_xdp_one() When build_skb() fails in tun_xdp_one(), the function … | Jun 09, 2026 |
| CVE-2026-46321 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tun_xdp_one() tun_xdp_one() returns -EINVAL on a frame shorter … | Jun 09, 2026 |
| CVE-2026-46320 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tap_get_user_xdp() tap_get_user_xdp() rejects a frame shorter than ETH_HLEN … | Jun 09, 2026 |
| CVE-2026-46319 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: Only release RCU read lock after ct_ft When looking up a flow table … | Jun 09, 2026 |
| CVE-2026-46318 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: Revert "mm/hugetlbfs: update hugetlbfs to use mmap_prepare" This reverts commit ea52cb24cd3f ("mm/hugetlbfs: update hugetlbfs to … | Jun 09, 2026 |
| CVE-2026-46317 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nested_mmus array behind mmu_lock kvm->arch.nested_mmus[] is walked under kvm->mmu_lock, including from the … | Jun 09, 2026 |
| CVE-2026-46316 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks … | Jun 09, 2026 |
| CVE-2026-2638 | UNKNOWN | — | A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race … | Jun 09, 2026 |
| CVE-2026-11764 | UNKNOWN | — | When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the … | Jun 09, 2026 |
| CVE-2017-20251 | CRITICAL | 9.8 | WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious … | Jun 09, 2026 |
| CVE-2017-20250 | HIGH | 7.5 | Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send … | Jun 09, 2026 |
| CVE-2017-20249 | HIGH | 8.2 | Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid … | Jun 09, 2026 |
| CVE-2017-20248 | HIGH | 7.5 | Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send … | Jun 09, 2026 |
| CVE-2017-20247 | HIGH | 8.2 | WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through … | Jun 09, 2026 |
| CVE-2017-20246 | HIGH | 8.2 | KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers … | Jun 09, 2026 |
| CVE-2017-20245 | HIGH | 8.2 | Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST … | Jun 09, 2026 |
| CVE-2017-20244 | HIGH | 8.2 | Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST … | Jun 09, 2026 |
| CVE-2017-20243 | HIGH | 8.2 | WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting … | Jun 09, 2026 |
| CVE-2016-20065 | HIGH | 8.2 | Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code … | Jun 09, 2026 |
| CVE-2016-20064 | MEDIUM | 6.2 | WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include … | Jun 09, 2026 |
| CVE-2016-20063 | HIGH | 7.1 | Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message … | Jun 09, 2026 |
| CVE-2016-20062 | HIGH | 8.2 | Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the … | Jun 09, 2026 |