Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20386
Total
1466
Critical
6177
High
6480
Medium
CVE ID Severity Score Description Published
CVE-2025-15666 MEDIUM 5.3 A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::SceneCombiner::Copy of the … Jul 01, 2026
CVE-2026-9107 MEDIUM 6.4 The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'meta[kaliforms_field_components]' parameter in all versions … Jul 01, 2026
CVE-2026-7840 CRITICAL 9.8 UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c write the caller-supplied … Jul 01, 2026
CVE-2026-7839 CRITICAL 9.1 UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater … Jul 01, 2026
CVE-2026-7838 HIGH 8.8 UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte … Jul 01, 2026
CVE-2026-7831 HIGH 7.6 UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.cpp, when the server-supplied nameLength equals exactly 2024 … Jul 01, 2026
CVE-2026-7830 HIGH 7.4 UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth). In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit … Jul 01, 2026
CVE-2026-7829 HIGH 7.2 UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpy_s copies a rule token into temp1[rule1] (25-byte … Jul 01, 2026
CVE-2026-7828 MEDIUM 5.3 UltraVNC repeater through 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, the win_log() function allocates list nodes via malloc(sizeof(struct LIST) … Jul 01, 2026
CVE-2026-7517 HIGH 7.2 The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alg_wc_cpg_input_fields' parameter in all versions up to, and … Jul 01, 2026
CVE-2026-6070 CRITICAL 9.1 The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path … Jul 01, 2026
CVE-2026-58519 UNKNOWN Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects … Jul 01, 2026
CVE-2026-58518 UNKNOWN Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: … Jul 01, 2026
CVE-2026-44042 LOW 3.7 UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wi_uudecode() function checks whether … Jul 01, 2026
CVE-2026-44041 MEDIUM 4.3 UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the vncWc2Mb() function passes a caller-supplied WCHAR pointer to … Jul 01, 2026
CVE-2026-44040 MEDIUM 4.8 UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes() function seeds libc rand() with … Jul 01, 2026
CVE-2026-2387 MEDIUM 6.4 The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.12.9. This is due to the … Jul 01, 2026
CVE-2026-13731 HIGH 7.2 The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter … Jul 01, 2026
CVE-2026-13468 HIGH 7.5 The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and … Jul 01, 2026
CVE-2026-13443 MEDIUM 6.4 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Lesson Attachment Title in all versions … Jul 01, 2026
CVE-2026-13246 MEDIUM 6.4 The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block_id' (and other) shortcode attributes of … Jul 01, 2026
CVE-2026-13015 MEDIUM 6.1 The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, … Jul 01, 2026
CVE-2026-12923 HIGH 7.5 The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation … Jul 01, 2026
CVE-2026-12904 MEDIUM 4.3 The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and … Jul 01, 2026
CVE-2026-12902 MEDIUM 4.3 The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, … Jul 01, 2026