Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10307
Total
705
Critical
2965
High
3260
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-9988 | MEDIUM | 4.3 | The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the create_advertiser AJAX action in all versions up … | May 13, 2026 |
| CVE-2025-9987 | MEDIUM | 5.3 | The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get_sponsored_meta() AJAX action. This … | May 13, 2026 |
| CVE-2025-14755 | MEDIUM | 5.3 | The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference (IDOR) in all versions up to, and … | May 13, 2026 |
| CVE-2026-8336 | HIGH | 7.5 | After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently … | May 13, 2026 |
| CVE-2026-8202 | MEDIUM | 4.3 | Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation … | May 13, 2026 |
| CVE-2026-8201 | MEDIUM | 6.4 | A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability requires control over … | May 13, 2026 |
| CVE-2026-8200 | LOW | 2.7 | When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may … | May 13, 2026 |
| CVE-2026-8199 | MEDIUM | 6.5 | An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure … | May 13, 2026 |
| CVE-2026-8053 | HIGH | 8.8 | An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod … | May 13, 2026 |
| CVE-2026-6888 | HIGH | 7.2 | Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker … | May 13, 2026 |
| CVE-2025-62627 | UNKNOWN | — | An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or … | May 13, 2026 |
| CVE-2025-62624 | UNKNOWN | — | A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code … | May 13, 2026 |
| CVE-2025-62623 | UNKNOWN | — | A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code … | May 13, 2026 |
| CVE-2025-61972 | UNKNOWN | — | Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary … | May 13, 2026 |
| CVE-2025-61971 | UNKNOWN | — | Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest … | May 13, 2026 |
| CVE-2024-36315 | UNKNOWN | — | Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of … | May 13, 2026 |
| CVE-2026-8108 | HIGH | 7.8 | The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions. | May 12, 2026 |
| CVE-2026-5371 | HIGH | 7.1 | The MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable to unauthorized access and modification of data due … | May 12, 2026 |
| CVE-2026-44548 | HIGH | 8.1 | ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a … | May 12, 2026 |
| CVE-2026-44547 | CRITICAL | 9.6 | ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently … | May 12, 2026 |
| CVE-2026-44352 | UNKNOWN | — | Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch … | May 12, 2026 |
| CVE-2026-44347 | MEDIUM | 5.8 | Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, … | May 12, 2026 |
| CVE-2026-44341 | MEDIUM | 5.3 | GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details … | May 12, 2026 |
| CVE-2026-44245 | MEDIUM | 6.1 | Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 2.5.2, Vue 3's v-html directive is the framework-documented mechanism for injecting … | May 12, 2026 |
| CVE-2026-43685 | HIGH | 7.2 | A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input … | May 12, 2026 |