Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20412
Total
1466
Critical
6188
High
6493
Medium
CVE ID Severity Score Description Published
CVE-2026-12902 MEDIUM 4.3 The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, … Jul 01, 2026
CVE-2026-12135 MEDIUM 6.4 The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'video_player' shortcode 'align' attribute in all versions up to, … Jul 01, 2026
CVE-2026-12133 MEDIUM 4.3 The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in … Jul 01, 2026
CVE-2026-12127 MEDIUM 5.3 The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of … Jul 01, 2026
CVE-2026-12113 MEDIUM 4.3 The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.02 via the cpabc_appointments_filter_list. This … Jul 01, 2026
CVE-2026-12110 MEDIUM 6.5 The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'task_search' parameter … Jul 01, 2026
CVE-2026-12090 MEDIUM 6.5 The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'wppm_proj_filter' parameter … Jul 01, 2026
CVE-2026-11988 MEDIUM 6.5 The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions … Jul 01, 2026
CVE-2026-11981 MEDIUM 4.3 The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce validation … Jul 01, 2026
CVE-2026-11380 MEDIUM 6.4 The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due to insufficient … Jul 01, 2026
CVE-2026-20463 MEDIUM 6.7 In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious … Jul 01, 2026
CVE-2026-20462 MEDIUM 6.7 In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious … Jul 01, 2026
CVE-2026-20461 MEDIUM 5.3 In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service, if … Jul 01, 2026
CVE-2026-20460 MEDIUM 5.3 In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE has connected … Jul 01, 2026
CVE-2026-20459 MEDIUM 5.3 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has … Jul 01, 2026
CVE-2026-20458 HIGH 7.5 In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE … Jul 01, 2026
CVE-2026-20457 MEDIUM 5.3 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has … Jul 01, 2026
CVE-2026-14191 HIGH 7.8 An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) parser in WinRAR and UnRAR (RecVolumes5::ReadHeader in recvol5.cpp). The RecItems vector is sized only when … Jul 01, 2026
CVE-2026-57963 MEDIUM 6.5 An attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat … Jul 01, 2026
CVE-2026-57962 MEDIUM 5.3 A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the … Jul 01, 2026
CVE-2026-53488 UNKNOWN containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config … Jul 01, 2026
CVE-2026-41579 LOW 3.3 runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, … Jul 01, 2026
CVE-2026-54903 UNKNOWN Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap … Jul 01, 2026
CVE-2026-54902 UNKNOWN Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in … Jul 01, 2026
CVE-2026-54901 UNKNOWN Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does … Jul 01, 2026