Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20470
Total
1466
Critical
6212
High
6509
Medium
CVE ID Severity Score Description Published
CVE-2025-7406 HIGH 7.8 Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root … Jun 30, 2026
CVE-2025-24816 MEDIUM 6.5 Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to … Jun 30, 2026
CVE-2025-24815 HIGH 7.8 Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to … Jun 30, 2026
CVE-2026-45822 UNKNOWN decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and calls decodeComponents(), exhibiting super-linear parsing … Jun 30, 2026
CVE-2026-12578 UNKNOWN The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code. Jun 30, 2026
CVE-2026-9576 MEDIUM 4.9 The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint, allowing users … Jun 30, 2026
CVE-2026-56809 MEDIUM 6.1 Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed … Jun 30, 2026
CVE-2026-56808 HIGH 7.2 DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a … Jun 30, 2026
CVE-2026-56137 HIGH 7.8 RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, … Jun 30, 2026
CVE-2026-14164 HIGH 7.5 A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale … Jun 30, 2026
CVE-2026-12819 UNKNOWN Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions. Jun 30, 2026
CVE-2026-12818 UNKNOWN Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling (CWE-770) within their Modbus TCP service. Jun 30, 2026
CVE-2026-12240 HIGH 8.0 The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all … Jun 30, 2026
CVE-2026-11590 HIGH 8.6 The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing … Jun 30, 2026
CVE-2026-11589 HIGH 8.8 The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious … Jun 30, 2026
CVE-2026-11581 MEDIUM 5.9 The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a … Jun 30, 2026
CVE-2026-8944 MEDIUM 4.3 The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This … Jun 30, 2026
CVE-2026-12560 MEDIUM 4.4 The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions … Jun 30, 2026
CVE-2026-12349 MEDIUM 5.3 The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and including, 1.1.1. This … Jun 30, 2026
CVE-2026-12073 CRITICAL 9.8 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and … Jun 30, 2026
CVE-2026-11367 MEDIUM 6.5 The PixMagix – WordPress Image Editor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.2 via the move_image_on_server … Jun 30, 2026
CVE-2026-14160 MEDIUM 5.9 Time-of-check time-of-use (TOCTOU) race condition vulnerability in Samsung Open Source Escargot allows Leveraging Race Conditions. This issue affects Escargot: bab3a5797557014ce3c2e28419a6310cfba90d0d. Jun 30, 2026
CVE-2026-12114 MEDIUM 4.4 The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up … Jun 30, 2026
CVE-2026-58302 HIGH 8.4 rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a … Jun 30, 2026
CVE-2026-12243 HIGH 7.5 NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in `nltk/data.py` checks … Jun 30, 2026