Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10307
Total
705
Critical
2965
High
3260
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41050 | CRITICAL | 9.9 | Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to … | May 13, 2026 |
| CVE-2026-3004 | MEDIUM | 6.4 | The Snow Monkey Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-slick' attribute in all versions up to, and including, 24.1.11 … | May 13, 2026 |
| CVE-2026-25705 | HIGH | 8.4 | A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside … | May 13, 2026 |
| CVE-2025-14767 | MEDIUM | 5.5 | The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcbm_best_seller` shortcode in all … | May 13, 2026 |
| CVE-2026-6965 | MEDIUM | 5.3 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including … | May 13, 2026 |
| CVE-2026-6929 | HIGH | 7.5 | The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' … | May 13, 2026 |
| CVE-2026-44612 | HIGH | 7.8 | Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when … | May 13, 2026 |
| CVE-2026-32661 | CRITICAL | 9.8 | Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to … | May 13, 2026 |
| CVE-2026-2725 | UNKNOWN | — | Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch … | May 13, 2026 |
| CVE-2026-21024 | UNKNOWN | — | Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions. | May 13, 2026 |
| CVE-2026-21022 | MEDIUM | 5.5 | Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information. | May 13, 2026 |
| CVE-2026-21021 | MEDIUM | 6.8 | Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity. | May 13, 2026 |
| CVE-2026-21020 | HIGH | 7.8 | Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions. | May 13, 2026 |
| CVE-2026-21019 | UNKNOWN | — | Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege. | May 13, 2026 |
| CVE-2026-21018 | MEDIUM | 6.7 | Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code. | May 13, 2026 |
| CVE-2026-21016 | MEDIUM | 5.5 | Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information. | May 13, 2026 |
| CVE-2026-21015 | MEDIUM | 5.5 | Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier. | May 13, 2026 |
| CVE-2025-14033 | MEDIUM | 5.3 | The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ticket_content_callback' … | May 13, 2026 |
| CVE-2025-11159 | CRITICAL | 9.1 | Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when … | May 13, 2026 |
| CVE-2026-7635 | HIGH | 8.1 | The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is … | May 13, 2026 |
| CVE-2026-7619 | MEDIUM | 6.5 | The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the … | May 13, 2026 |
| CVE-2026-7051 | MEDIUM | 5.4 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This … | May 13, 2026 |
| CVE-2026-6962 | MEDIUM | 6.4 | The Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_cog_product_cost' and … | May 13, 2026 |
| CVE-2026-6828 | MEDIUM | 6.4 | The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permission_message' … | May 13, 2026 |
| CVE-2025-9989 | MEDIUM | 4.4 | The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient … | May 13, 2026 |