Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20470
Total
1466
Critical
6212
High
6509
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-7406 | HIGH | 7.8 | Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root … | Jun 30, 2026 |
| CVE-2025-24816 | MEDIUM | 6.5 | Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to … | Jun 30, 2026 |
| CVE-2025-24815 | HIGH | 7.8 | Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to … | Jun 30, 2026 |
| CVE-2026-45822 | UNKNOWN | — | decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and calls decodeComponents(), exhibiting super-linear parsing … | Jun 30, 2026 |
| CVE-2026-12578 | UNKNOWN | — | The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code. | Jun 30, 2026 |
| CVE-2026-9576 | MEDIUM | 4.9 | The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint, allowing users … | Jun 30, 2026 |
| CVE-2026-56809 | MEDIUM | 6.1 | Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed … | Jun 30, 2026 |
| CVE-2026-56808 | HIGH | 7.2 | DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a … | Jun 30, 2026 |
| CVE-2026-56137 | HIGH | 7.8 | RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, … | Jun 30, 2026 |
| CVE-2026-14164 | HIGH | 7.5 | A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale … | Jun 30, 2026 |
| CVE-2026-12819 | UNKNOWN | — | Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions. | Jun 30, 2026 |
| CVE-2026-12818 | UNKNOWN | — | Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling (CWE-770) within their Modbus TCP service. | Jun 30, 2026 |
| CVE-2026-12240 | HIGH | 8.0 | The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all … | Jun 30, 2026 |
| CVE-2026-11590 | HIGH | 8.6 | The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing … | Jun 30, 2026 |
| CVE-2026-11589 | HIGH | 8.8 | The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious … | Jun 30, 2026 |
| CVE-2026-11581 | MEDIUM | 5.9 | The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a … | Jun 30, 2026 |
| CVE-2026-8944 | MEDIUM | 4.3 | The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This … | Jun 30, 2026 |
| CVE-2026-12560 | MEDIUM | 4.4 | The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions … | Jun 30, 2026 |
| CVE-2026-12349 | MEDIUM | 5.3 | The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and including, 1.1.1. This … | Jun 30, 2026 |
| CVE-2026-12073 | CRITICAL | 9.8 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and … | Jun 30, 2026 |
| CVE-2026-11367 | MEDIUM | 6.5 | The PixMagix – WordPress Image Editor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.2 via the move_image_on_server … | Jun 30, 2026 |
| CVE-2026-14160 | MEDIUM | 5.9 | Time-of-check time-of-use (TOCTOU) race condition vulnerability in Samsung Open Source Escargot allows Leveraging Race Conditions. This issue affects Escargot: bab3a5797557014ce3c2e28419a6310cfba90d0d. | Jun 30, 2026 |
| CVE-2026-12114 | MEDIUM | 4.4 | The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up … | Jun 30, 2026 |
| CVE-2026-58302 | HIGH | 8.4 | rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a … | Jun 30, 2026 |
| CVE-2026-12243 | HIGH | 7.5 | NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in `nltk/data.py` checks … | Jun 30, 2026 |