Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20528
Total
1468
Critical
6215
High
6518
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-9711 | CRITICAL | 9.8 | The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress (full) is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up … | Jun 30, 2026 |
| CVE-2026-8141 | HIGH | 7.2 | The Ajax Load More - Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'taxonomy_include_children' parameter in all versions up to, and … | Jun 30, 2026 |
| CVE-2026-6954 | UNKNOWN | — | Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into … | Jun 30, 2026 |
| CVE-2026-6953 | UNKNOWN | — | HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim … | Jun 30, 2026 |
| CVE-2026-13149 | UNKNOWN | — | brace-expansion through 5.0.6 is vulnerable to denial of service. The expand() function exhibits exponential-time complexity in the number of consecutive non-expanding '{}' brace groups. An … | Jun 30, 2026 |
| CVE-2026-12610 | MEDIUM | 6.4 | A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory … | Jun 30, 2026 |
| CVE-2026-12076 | UNKNOWN | — | Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline. The vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL statements … | Jun 30, 2026 |
| CVE-2026-10763 | UNKNOWN | — | PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server. | Jun 30, 2026 |
| CVE-2025-7406 | HIGH | 7.8 | Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root … | Jun 30, 2026 |
| CVE-2025-24816 | MEDIUM | 6.5 | Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to … | Jun 30, 2026 |
| CVE-2025-24815 | HIGH | 7.8 | Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to … | Jun 30, 2026 |
| CVE-2026-45822 | UNKNOWN | — | decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and calls decodeComponents(), exhibiting super-linear parsing … | Jun 30, 2026 |
| CVE-2026-12578 | UNKNOWN | — | The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code. | Jun 30, 2026 |
| CVE-2026-9576 | MEDIUM | 4.9 | The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint, allowing users … | Jun 30, 2026 |
| CVE-2026-56809 | MEDIUM | 6.1 | Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed … | Jun 30, 2026 |
| CVE-2026-56808 | HIGH | 7.2 | DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a … | Jun 30, 2026 |
| CVE-2026-56137 | HIGH | 7.8 | RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, … | Jun 30, 2026 |
| CVE-2026-14164 | HIGH | 7.5 | A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale … | Jun 30, 2026 |
| CVE-2026-12819 | UNKNOWN | — | Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions. | Jun 30, 2026 |
| CVE-2026-12818 | UNKNOWN | — | Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling (CWE-770) within their Modbus TCP service. | Jun 30, 2026 |
| CVE-2026-12240 | HIGH | 8.0 | The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all … | Jun 30, 2026 |
| CVE-2026-11590 | HIGH | 8.6 | The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing … | Jun 30, 2026 |
| CVE-2026-11589 | HIGH | 8.8 | The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious … | Jun 30, 2026 |
| CVE-2026-11581 | MEDIUM | 5.9 | The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a … | Jun 30, 2026 |
| CVE-2026-8944 | MEDIUM | 4.3 | The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This … | Jun 30, 2026 |