Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20386
Total
1466
Critical
6177
High
6480
Medium
CVE ID Severity Score Description Published
CVE-2026-53326 UNKNOWN In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fill_pool() in early boot hardirq context When booting a debug PREEMPT_RT kernel … Jul 01, 2026
CVE-2026-13603 UNKNOWN The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following … Jul 01, 2026
CVE-2026-8387 LOW 2.4 A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting `.zip` archives using the `ZipFile.extractall()` method in `StorageManager._extract_to_cache()`. … Jul 01, 2026
CVE-2026-5120 HIGH 8.1 A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from another user. Jul 01, 2026
CVE-2026-53909 UNKNOWN MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged … Jul 01, 2026
CVE-2026-53908 UNKNOWN MCO is vulnerable to User Enumeration through authentication-related functionalities. The application returns distinguishable responses for valid and invalid users during username reminder and password reset … Jul 01, 2026
CVE-2026-53907 UNKNOWN MCO is vulnerable to Stored Cross‑Site Scripting (XSS) via the application logo upload functionality. An attacker with the ability to change the application logo can … Jul 01, 2026
CVE-2026-53906 UNKNOWN MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter … Jul 01, 2026
CVE-2026-53905 UNKNOWN MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An authenticated, low-privileged user can retrieve administrator access control structures without proper authorization checks. … Jul 01, 2026
CVE-2026-53904 UNKNOWN MCO is vulnerable to Account Denial of Service due to improper implementation of password reset functionality. Each password reset request invalidates previously set password as … Jul 01, 2026
CVE-2026-53903 UNKNOWN MCO is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatement endpoint. The application does not properly validate whether an authenticated user … Jul 01, 2026
CVE-2026-53902 UNKNOWN MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated user can modify their group membership without proper authorization checks, allowing privilege … Jul 01, 2026
CVE-2026-14198 CRITICAL 9.1 @fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before matching middleware paths, while Fastify's underlying router preserves the encoding … Jul 01, 2026
CVE-2026-14181 HIGH 7.5 @fastify/middie versions 9.1.0 through 9.3.2 fail to guard the URL normalization step used by the standalone engine when incoming request paths contain malformed percent-encoded sequences. … Jul 01, 2026
CVE-2026-13323 MEDIUM 4.1 In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. … Jul 01, 2026
CVE-2026-14258 MEDIUM 6.5 A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can … Jul 01, 2026
CVE-2026-13228 HIGH 8.8 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and … Jul 01, 2026
CVE-2026-12142 HIGH 7.2 The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via '_name[]' Array Parameter in all versions up … Jul 01, 2026
CVE-2026-10095 MEDIUM 6.4 The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtext' parameter in all versions up to, and including, … Jul 01, 2026
CVE-2026-27435 MEDIUM 5.3 Missing Authorization vulnerability in WofficeIO Woffice allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woffice: from n/a before 5.4.33. Jul 01, 2026
CVE-2026-13454 MEDIUM 6.5 The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 2.4.5 … Jul 01, 2026
CVE-2026-12754 MEDIUM 6.1 The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'layoutstyle' parameter in all versions up to, … Jul 01, 2026
CVE-2026-56016 MEDIUM 5.9 CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generate_id method builds the session id from a MD5 digest of … Jul 01, 2026
CVE-2026-50043 HIGH 7.2 Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary … Jul 01, 2026
CVE-2026-13733 MEDIUM 6.4 The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'no_data_msg' Shortcode Attribute in all versions up to, and including, 3.3.60 due … Jul 01, 2026