Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11567
Total
772
Critical
3269
High
3678
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-3513 | MEDIUM | 6.4 | The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableon_button' shortcode in all versions up to … | Apr 08, 2026 |
| CVE-2026-3239 | MEDIUM | 6.4 | The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonial_view shortcode in all versions up to, and including, 3.2.21 … | Apr 08, 2026 |
| CVE-2026-4379 | MEDIUM | 6.4 | The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `group` attribute in the `[gallery]` shortcode in all versions up to, … | Apr 08, 2026 |
| CVE-2026-2988 | MEDIUM | 6.4 | The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'powerpress' and 'podcast' shortcodes in versions up to, and including, 11.15.15 … | Apr 08, 2026 |
| CVE-2026-5726 | HIGH | 7.8 | ASDA-Soft Stack-based Buffer Overflow Vulnerability | Apr 08, 2026 |
| CVE-2026-1163 | MEDIUM | 4.1 | An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an … | Apr 08, 2026 |
| CVE-2026-3499 | HIGH | 8.8 | The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 13.4.6 … | Apr 08, 2026 |
| CVE-2026-3296 | CRITICAL | 9.8 | The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input … | Apr 08, 2026 |
| CVE-2026-33810 | UNKNOWN | — | When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than … | Apr 08, 2026 |
| CVE-2026-32289 | UNKNOWN | — | Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template … | Apr 08, 2026 |
| CVE-2026-32288 | UNKNOWN | — | tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU … | Apr 08, 2026 |
| CVE-2026-32283 | UNKNOWN | — | If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of … | Apr 08, 2026 |
| CVE-2026-32282 | UNKNOWN | — | On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target … | Apr 08, 2026 |
| CVE-2026-32281 | UNKNOWN | — | Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial … | Apr 08, 2026 |
| CVE-2026-32280 | HIGH | 7.5 | During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, … | Apr 08, 2026 |
| CVE-2026-27144 | UNKNOWN | — | The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the … | Apr 08, 2026 |
| CVE-2026-27143 | UNKNOWN | — | Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to … | Apr 08, 2026 |
| CVE-2026-27140 | UNKNOWN | — | SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass. | Apr 08, 2026 |
| CVE-2025-14732 | MEDIUM | 6.4 | The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget parameters in … | Apr 08, 2026 |
| CVE-2026-4788 | HIGH | 8.4 | IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user. | Apr 08, 2026 |
| CVE-2026-3357 | HIGH | 8.8 | IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting … | Apr 08, 2026 |
| CVE-2026-1346 | CRITICAL | 9.3 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 … | Apr 08, 2026 |
| CVE-2026-1343 | HIGH | 7.2 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 … | Apr 08, 2026 |
| CVE-2026-5747 | HIGH | 7.5 | An out-of-bounds write issue in the virtio PCI transport in Amazon Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow a local … | Apr 08, 2026 |
| CVE-2026-4406 | MEDIUM | 4.7 | The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `form_ids` parameter in the `gform_get_config` AJAX action in all versions up … | Apr 08, 2026 |