Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11702
Total
781
Critical
3315
High
3732
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-27144 | UNKNOWN | — | The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the … | Apr 08, 2026 |
| CVE-2026-27143 | UNKNOWN | — | Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to … | Apr 08, 2026 |
| CVE-2026-27140 | UNKNOWN | — | SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass. | Apr 08, 2026 |
| CVE-2025-14732 | MEDIUM | 6.4 | The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget parameters in … | Apr 08, 2026 |
| CVE-2026-4788 | HIGH | 8.4 | IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user. | Apr 08, 2026 |
| CVE-2026-3357 | HIGH | 8.8 | IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting … | Apr 08, 2026 |
| CVE-2026-1346 | CRITICAL | 9.3 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 … | Apr 08, 2026 |
| CVE-2026-1343 | HIGH | 7.2 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 … | Apr 08, 2026 |
| CVE-2026-5747 | HIGH | 7.5 | An out-of-bounds write issue in the virtio PCI transport in Amazon Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow a local … | Apr 08, 2026 |
| CVE-2026-4406 | MEDIUM | 4.7 | The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `form_ids` parameter in the `gform_get_config` AJAX action in all versions up … | Apr 08, 2026 |
| CVE-2026-4401 | MEDIUM | 5.4 | The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the `actions_handler()` and `bulk_actions_handler()` methods in `class-dlm-downloads-path.php` in all versions up to, … | Apr 08, 2026 |
| CVE-2026-4394 | MEDIUM | 6.1 | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field (`input_<id>.4`) in all versions up … | Apr 08, 2026 |
| CVE-2026-2263 | MEDIUM | 5.3 | The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check … | Apr 08, 2026 |
| CVE-2026-1342 | HIGH | 8.5 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 … | Apr 08, 2026 |
| CVE-2026-4656 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Apr 07, 2026 |
| CVE-2026-39936 | UNKNOWN | — | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Score Extension allows Cross-Site Scripting (XSS).This issue affects … | Apr 07, 2026 |
| CVE-2026-39935 | UNKNOWN | — | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting (XSS).This issue affects … | Apr 07, 2026 |
| CVE-2025-20628 | UNKNOWN | — | An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers … | Apr 07, 2026 |
| CVE-2026-4065 | MEDIUM | 5.4 | The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wp_ajax_smart-slider3 controller … | Apr 07, 2026 |
| CVE-2026-39937 | UNKNOWN | — | Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects non … | Apr 07, 2026 |
| CVE-2026-39934 | UNKNOWN | — | Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.This issue … | Apr 07, 2026 |
| CVE-2026-39933 | UNKNOWN | — | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting (XSS).This issue affects … | Apr 07, 2026 |
| CVE-2026-39847 | CRITICAL | 9.1 | Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets (/__emmett__ paths) … | Apr 07, 2026 |
| CVE-2026-39846 | CRITICAL | 9.0 | SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan … | Apr 07, 2026 |
| CVE-2026-35568 | UNKNOWN | — | MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. … | Apr 07, 2026 |