Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23379
Total
1666
Critical
7346
High
7432
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6240 | UNKNOWN | — | A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion … | Jun 06, 2026 |
| CVE-2026-6239 | UNKNOWN | — | A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of … | Jun 06, 2026 |
| CVE-2026-34123 | UNKNOWN | — | On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a logic … | Jun 06, 2026 |
| CVE-2026-10038 | MEDIUM | 4.3 | The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / … | Jun 06, 2026 |
| CVE-2025-12656 | LOW | 3.8 | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in … | Jun 06, 2026 |
| CVE-2026-7654 | HIGH | 8.8 | The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This … | Jun 05, 2026 |
| CVE-2026-7523 | MEDIUM | 4.3 | The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin … | Jun 05, 2026 |
| CVE-2026-45409 | UNKNOWN | — | Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior … | Jun 05, 2026 |
| CVE-2026-11431 | UNKNOWN | — | A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a … | Jun 05, 2026 |
| CVE-2026-11429 | UNKNOWN | — | A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone … | Jun 05, 2026 |
| CVE-2026-11424 | UNKNOWN | — | A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit … | Jun 05, 2026 |
| CVE-2026-11416 | HIGH | 8.1 | MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating … | Jun 05, 2026 |
| CVE-2026-36785 | UNKNOWN | — | Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability … | Jun 05, 2026 |
| CVE-2026-11423 | UNKNOWN | — | A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file … | Jun 05, 2026 |
| CVE-2026-11422 | HIGH | 7.1 | Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript … | Jun 05, 2026 |
| CVE-2026-46493 | HIGH | 7.5 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use `uniqid` for generating salts, which is unsuitable. Version 26.0.1 … | Jun 05, 2026 |
| CVE-2026-46401 | UNKNOWN | — | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens … | Jun 05, 2026 |
| CVE-2026-46400 | UNKNOWN | — | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in … | Jun 05, 2026 |
| CVE-2026-46398 | UNKNOWN | — | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcms_refresh_token cookie is set … | Jun 05, 2026 |
| CVE-2026-46397 | MEDIUM | 6.5 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS … | Jun 05, 2026 |
| CVE-2026-46357 | MEDIUM | 6.5 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker … | Jun 05, 2026 |
| CVE-2026-45779 | UNKNOWN | — | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows … | Jun 05, 2026 |
| CVE-2026-45778 | UNKNOWN | — | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open … | Jun 05, 2026 |
| CVE-2026-45777 | UNKNOWN | — | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute … | Jun 05, 2026 |
| CVE-2026-45776 | UNKNOWN | — | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an … | Jun 05, 2026 |