Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10238
Total
701
Critical
2952
High
3222
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-3607 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-3160 | MEDIUM | 5.8 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-3074 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-3073 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-2900 | LOW | 2.7 | GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level … | May 14, 2026 |
| CVE-2026-1659 | HIGH | 7.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-1338 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-1322 | MEDIUM | 6.8 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-1184 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2025-15345 | MEDIUM | 6.1 | The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'map' parameter in the display-map shortcode in all … | May 14, 2026 |
| CVE-2025-14870 | HIGH | 7.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2025-14869 | HIGH | 7.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2025-13874 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2025-12669 | MEDIUM | 5.4 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-7648 | MEDIUM | 4.3 | The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all … | May 14, 2026 |
| CVE-2026-7525 | MEDIUM | 4.3 | The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is … | May 14, 2026 |
| CVE-2026-5361 | MEDIUM | 6.4 | The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This … | May 14, 2026 |
| CVE-2026-5486 | MEDIUM | 6.5 | The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up … | May 14, 2026 |
| CVE-2026-46446 | HIGH | 7.1 | SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in … | May 14, 2026 |
| CVE-2026-46445 | HIGH | 7.1 | SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection. | May 14, 2026 |
| CVE-2026-46419 | HIGH | 7.5 | Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation. | May 14, 2026 |
| CVE-2026-44919 | MEDIUM | 4.3 | In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL. | May 14, 2026 |
| CVE-2026-41281 | MEDIUM | 4.8 | Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of Sensitive Information (CWE-319) vulnerability. A man-in-the-middle attacker may access and modify communications … | May 14, 2026 |
| CVE-2026-8500 | CRITICAL | 9.8 | Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The … | May 13, 2026 |
| CVE-2026-32991 | HIGH | 7.1 | Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account. | May 13, 2026 |