Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20412
Total
1466
Critical
6188
High
6493
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-12902 | MEDIUM | 4.3 | The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, … | Jul 01, 2026 |
| CVE-2026-12135 | MEDIUM | 6.4 | The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'video_player' shortcode 'align' attribute in all versions up to, … | Jul 01, 2026 |
| CVE-2026-12133 | MEDIUM | 4.3 | The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in … | Jul 01, 2026 |
| CVE-2026-12127 | MEDIUM | 5.3 | The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of … | Jul 01, 2026 |
| CVE-2026-12113 | MEDIUM | 4.3 | The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.02 via the cpabc_appointments_filter_list. This … | Jul 01, 2026 |
| CVE-2026-12110 | MEDIUM | 6.5 | The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'task_search' parameter … | Jul 01, 2026 |
| CVE-2026-12090 | MEDIUM | 6.5 | The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'wppm_proj_filter' parameter … | Jul 01, 2026 |
| CVE-2026-11988 | MEDIUM | 6.5 | The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions … | Jul 01, 2026 |
| CVE-2026-11981 | MEDIUM | 4.3 | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce validation … | Jul 01, 2026 |
| CVE-2026-11380 | MEDIUM | 6.4 | The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due to insufficient … | Jul 01, 2026 |
| CVE-2026-20463 | MEDIUM | 6.7 | In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious … | Jul 01, 2026 |
| CVE-2026-20462 | MEDIUM | 6.7 | In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious … | Jul 01, 2026 |
| CVE-2026-20461 | MEDIUM | 5.3 | In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service, if … | Jul 01, 2026 |
| CVE-2026-20460 | MEDIUM | 5.3 | In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE has connected … | Jul 01, 2026 |
| CVE-2026-20459 | MEDIUM | 5.3 | In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has … | Jul 01, 2026 |
| CVE-2026-20458 | HIGH | 7.5 | In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE … | Jul 01, 2026 |
| CVE-2026-20457 | MEDIUM | 5.3 | In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has … | Jul 01, 2026 |
| CVE-2026-14191 | HIGH | 7.8 | An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) parser in WinRAR and UnRAR (RecVolumes5::ReadHeader in recvol5.cpp). The RecItems vector is sized only when … | Jul 01, 2026 |
| CVE-2026-57963 | MEDIUM | 6.5 | An attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat … | Jul 01, 2026 |
| CVE-2026-57962 | MEDIUM | 5.3 | A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the … | Jul 01, 2026 |
| CVE-2026-53488 | UNKNOWN | — | containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config … | Jul 01, 2026 |
| CVE-2026-41579 | LOW | 3.3 | runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, … | Jul 01, 2026 |
| CVE-2026-54903 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap … | Jul 01, 2026 |
| CVE-2026-54902 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in … | Jul 01, 2026 |
| CVE-2026-54901 | UNKNOWN | — | Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does … | Jul 01, 2026 |