Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20328
Total
1466
Critical
6161
High
6456
Medium
CVE ID Severity Score Description Published
CVE-2026-8927 UNKNOWN When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if … Jul 03, 2026
CVE-2026-8926 UNKNOWN When asking curl to use a `.netrc` file to find credentials and at the same time specifying a URL with a username(without a password), like … Jul 03, 2026
CVE-2026-8925 UNKNOWN The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it … Jul 03, 2026
CVE-2026-8924 UNKNOWN A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables … Jul 03, 2026
CVE-2026-8458 UNKNOWN libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl … Jul 03, 2026
CVE-2026-8286 UNKNOWN A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration … Jul 03, 2026
CVE-2026-4967 HIGH 7.5 In IMS, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with … Jul 03, 2026
CVE-2026-12064 UNKNOWN When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl. The … Jul 03, 2026
CVE-2026-11856 UNKNOWN Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with **Digest** authentication and then changing the origin to a different one … Jul 03, 2026
CVE-2026-11586 UNKNOWN By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can … Jul 03, 2026
CVE-2026-11564 UNKNOWN libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that … Jul 03, 2026
CVE-2026-11352 UNKNOWN An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl … Jul 03, 2026
CVE-2026-10536 UNKNOWN A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and finally terminates the … Jul 03, 2026
CVE-2026-9725 CRITICAL 9.1 The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 … Jul 03, 2026
CVE-2026-9626 MEDIUM 6.4 The JSON API User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content' parameter of the post_comment API endpoint in versions up … Jul 03, 2026
CVE-2026-9180 MEDIUM 5.3 The MotoPress Appointment Booking plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.4.4. This is … Jul 03, 2026
CVE-2026-8892 MEDIUM 6.4 The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in … Jul 03, 2026
CVE-2026-8489 MEDIUM 6.4 The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … Jul 03, 2026
CVE-2026-14352 HIGH 7.5 The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. … Jul 03, 2026
CVE-2026-13040 HIGH 7.2 The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'real_val__' parameter in all versions up … Jul 03, 2026
CVE-2026-12557 MEDIUM 5.3 The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due … Jul 03, 2026
CVE-2026-11397 MEDIUM 5.5 The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpie_import_upload_file_from_url … Jul 03, 2026
CVE-2026-8921 UNKNOWN External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a … Jul 03, 2026
CVE-2026-12960 UNKNOWN An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent … Jul 03, 2026
CVE-2022-4990 UNKNOWN ** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass … Jul 03, 2026