Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23813
Total
1705
Critical
7468
High
7599
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-53440 | HIGH | 8.1 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue … | Jun 02, 2026 |
| CVE-2026-5422 | MEDIUM | 6.8 | A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. The check … | Jun 02, 2026 |
| CVE-2026-5191 | MEDIUM | 5.4 | The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and … | Jun 02, 2026 |
| CVE-2026-46718 | MEDIUM | 6.5 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users … | Jun 02, 2026 |
| CVE-2026-41115 | MEDIUM | 4.3 | An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates the DESCRIBE operation on the GROUP resource … | Jun 02, 2026 |
| CVE-2026-34907 | UNKNOWN | — | Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a … | Jun 02, 2026 |
| CVE-2026-34906 | UNKNOWN | — | Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient … | Jun 02, 2026 |
| CVE-2026-10549 | UNKNOWN | — | LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in … | Jun 02, 2026 |
| CVE-2025-53346 | MEDIUM | 4.3 | Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3. | Jun 02, 2026 |
| CVE-2025-53345 | HIGH | 8.8 | Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3. | Jun 02, 2026 |
| CVE-2025-53302 | MEDIUM | 5.3 | Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5. | Jun 02, 2026 |
| CVE-2025-53209 | CRITICAL | 9.8 | Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0. | Jun 02, 2026 |
| CVE-2025-52766 | MEDIUM | 6.5 | Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from … | Jun 02, 2026 |
| CVE-2025-52759 | HIGH | 7.1 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a … | Jun 02, 2026 |
| CVE-2026-9730 | MEDIUM | 4.3 | The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due … | Jun 02, 2026 |
| CVE-2026-9723 | MEDIUM | 4.3 | The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due … | Jun 02, 2026 |
| CVE-2026-9722 | MEDIUM | 4.3 | The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing … | Jun 02, 2026 |
| CVE-2026-9599 | MEDIUM | 4.3 | The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing … | Jun 02, 2026 |
| CVE-2026-9234 | MEDIUM | 4.3 | The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability … | Jun 02, 2026 |
| CVE-2026-8885 | MEDIUM | 6.4 | The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. … | Jun 02, 2026 |
| CVE-2026-8422 | MEDIUM | 4.3 | The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This … | Jun 02, 2026 |
| CVE-2026-4081 | MEDIUM | 6.4 | The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [zemstl] shortcode in all versions up to and including 1.0. This … | Jun 02, 2026 |
| CVE-2026-4080 | MEDIUM | 6.4 | The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_to_cart' shortcode in all versions up to and including 1.8. This … | Jun 02, 2026 |
| CVE-2026-4071 | MEDIUM | 4.3 | The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce … | Jun 02, 2026 |
| CVE-2026-3620 | MEDIUM | 4.4 | The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This … | Jun 02, 2026 |