Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12462
Total
832
Critical
3555
High
3875
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-39666 | UNKNOWN | — | Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0b3 allows a site user … | Apr 07, 2026 |
| CVE-2021-4473 | CRITICAL | 9.8 | Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplying … | Apr 07, 2026 |
| CVE-2026-31842 | HIGH | 7.5 | Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The is_chunked_transfer() function uses … | Apr 07, 2026 |
| CVE-2026-4420 | UNKNOWN | — | Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its page creating functionality. An authenticated attacker with page creation privileges (such as Author, Editor, or … | Apr 07, 2026 |
| CVE-2026-34904 | HIGH | 7.5 | Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from … | Apr 07, 2026 |
| CVE-2026-34903 | MEDIUM | 5.4 | Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3. | Apr 07, 2026 |
| CVE-2026-34899 | MEDIUM | 5.3 | Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight … | Apr 07, 2026 |
| CVE-2026-34896 | HIGH | 7.5 | Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, Coming Soon & Maintenance Mode allows Cross Site Request Forgery.This issue affects Under Construction, Coming Soon … | Apr 07, 2026 |
| CVE-2026-34197 | HIGH | 8.8 | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP … | Apr 07, 2026 |
| CVE-2026-33227 | MEDIUM | 4.3 | Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All. In two instances (when creating … | Apr 07, 2026 |
| CVE-2026-28810 | UNKNOWN | — | Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, … | Apr 07, 2026 |
| CVE-2026-3177 | MEDIUM | 5.3 | The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity … | Apr 07, 2026 |
| CVE-2026-5465 | HIGH | 8.8 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and … | Apr 07, 2026 |
| CVE-2026-4079 | MEDIUM | 6.5 | The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for … | Apr 07, 2026 |
| CVE-2026-1900 | MEDIUM | 6.5 | The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates. | Apr 07, 2026 |
| CVE-2026-1114 | CRITICAL | 9.8 | In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing … | Apr 07, 2026 |
| CVE-2025-15611 | MEDIUM | 5.4 | The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before saving popup data, allowing unauthenticated attackers to perform … | Apr 07, 2026 |
| CVE-2026-1839 | MEDIUM | 6.5 | A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 … | Apr 07, 2026 |
| CVE-2025-65116 | MEDIUM | 5.5 | Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT … | Apr 07, 2026 |
| CVE-2025-65115 | HIGH | 8.8 | Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner … | Apr 07, 2026 |
| CVE-2026-0740 | CRITICAL | 9.8 | The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function … | Apr 07, 2026 |
| CVE-2026-20446 | MEDIUM | 4.3 | In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service, if … | Apr 07, 2026 |
| CVE-2026-20433 | HIGH | 8.8 | In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if … | Apr 07, 2026 |
| CVE-2026-20432 | HIGH | 8.0 | In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if … | Apr 07, 2026 |
| CVE-2026-20431 | MEDIUM | 6.5 | In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has … | Apr 07, 2026 |