Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20528
Total
1468
Critical
6215
High
6518
Medium
CVE ID Severity Score Description Published
CVE-2026-12560 MEDIUM 4.4 The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions … Jun 30, 2026
CVE-2026-12349 MEDIUM 5.3 The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and including, 1.1.1. This … Jun 30, 2026
CVE-2026-12073 CRITICAL 9.8 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and … Jun 30, 2026
CVE-2026-11367 MEDIUM 6.5 The PixMagix – WordPress Image Editor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.2 via the move_image_on_server … Jun 30, 2026
CVE-2026-14160 MEDIUM 5.9 Time-of-check time-of-use (TOCTOU) race condition vulnerability in Samsung Open Source Escargot allows Leveraging Race Conditions. This issue affects Escargot: bab3a5797557014ce3c2e28419a6310cfba90d0d. Jun 30, 2026
CVE-2026-12114 MEDIUM 4.4 The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up … Jun 30, 2026
CVE-2026-58302 HIGH 8.4 rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a … Jun 30, 2026
CVE-2026-12243 HIGH 7.5 NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in `nltk/data.py` checks … Jun 30, 2026
CVE-2026-8023 HIGH 7.5 Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE_TYPE_STATIC_FS, available when CONFIG_FILE_SYSTEM is enabled) that serves files from a configured root directory. Before this … Jun 29, 2026
CVE-2026-7656 HIGH 8.1 The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (handle_ra_input, handle_ns_input, handle_na_input) used an incorrect boolean expression that combined the RFC 4861 validity checks with the ICMPv6 … Jun 29, 2026
CVE-2026-51219 MEDIUM 6.5 A heap buffer overflow in the HighPriorityASDUQueue_hasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service (DoS) via a crafted … Jun 29, 2026
CVE-2026-51218 MEDIUM 6.5 A heap buffer overflow in the TS7Worker::PerformFunctionWrite() function (/core/s7_server.cpp) of snap7 v1.4.3 allows attackers to cause a Denial of Service (DoS) via a crafted packet. Jun 29, 2026
CVE-2026-10648 MEDIUM 6.2 mcumgr_serial_process_frag() in subsys/mgmt/mcumgr/transport/src/serial_util.c calls net_buf_reset() on the result of smp_packet_alloc() before checking it for NULL. smp_packet_alloc() uses net_buf_alloc(K_NO_WAIT) against the shared MCUmgr packet pool (CONFIG_MCUMGR_TRANSPORT_NETBUF_COUNT, … Jun 29, 2026
CVE-2026-57997 MEDIUM 4.8 Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing … Jun 29, 2026
CVE-2026-51221 HIGH 7.5 A buffer overflow in the Get_Attribute_List function of EIPStackGroup OpENer commit 76b95c allows attackers to cause a Denial of Service (DoS) via supplying a crafted … Jun 29, 2026
CVE-2026-34592 HIGH 7.7 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, Coolify server and project lookups are not scoped to … Jun 29, 2026
CVE-2026-10647 MEDIUM 5.3 The USB CDC-NCM device class (subsys/usb/device_next/class/usbd_cdc_ncm.c) ignores the return value of usbd_ep_enqueue() in its ethernet transmit callback cdc_ncm_send(). When the enqueue fails, the function still … Jun 29, 2026
CVE-2026-55957 HIGH 7.3 Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided … Jun 29, 2026
CVE-2026-55956 MEDIUM 6.5 Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of … Jun 29, 2026
CVE-2026-55955 MEDIUM 6.5 Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through … Jun 29, 2026
CVE-2026-55276 CRITICAL 9.1 Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. … Jun 29, 2026
CVE-2026-53434 CRITICAL 9.1 Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 … Jun 29, 2026
CVE-2026-53404 HIGH 7.3 Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were … Jun 29, 2026
CVE-2026-50229 MEDIUM 6.1 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat. This issue affects Apache … Jun 29, 2026
CVE-2026-41896 HIGH 7.5 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the HMAC key is the application's manual_webhook_secret_github field, which … Jun 29, 2026