Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20560
Total
1471
Critical
6231
High
6522
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-10643 | HIGH | 8.7 | Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_control) buffer using only the payload length (msg-msg_controllen < pktinfo_len) before writing a full … | Jun 28, 2026 |
| CVE-2026-49416 | UNKNOWN | — | The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting … | Jun 27, 2026 |
| CVE-2026-49414 | UNKNOWN | — | The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As … | Jun 27, 2026 |
| CVE-2026-49417 | UNKNOWN | — | Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could … | Jun 27, 2026 |
| CVE-2026-49413 | UNKNOWN | — | The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at … | Jun 27, 2026 |
| CVE-2026-49412 | UNKNOWN | — | The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window … | Jun 27, 2026 |
| CVE-2026-45259 | UNKNOWN | — | sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not include a capability … | Jun 27, 2026 |
| CVE-2026-45258 | UNKNOWN | — | dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that … | Jun 27, 2026 |
| CVE-2026-9242 | MEDIUM | 5.3 | The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data … | Jun 27, 2026 |
| CVE-2026-9233 | MEDIUM | 4.3 | The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, … | Jun 27, 2026 |
| CVE-2026-3462 | MEDIUM | 6.5 | The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'upload_csv' and 'process_batch' functions in … | Jun 27, 2026 |
| CVE-2026-13295 | MEDIUM | 6.4 | The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panels_data Parameter in all versions up to, and including, 2.34.3 … | Jun 27, 2026 |
| CVE-2026-12471 | MEDIUM | 4.3 | The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin function in all versions up to, … | Jun 27, 2026 |
| CVE-2026-12432 | MEDIUM | 5.3 | The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfs_update_failed_payment_status AJAX action. … | Jun 27, 2026 |
| CVE-2026-12399 | MEDIUM | 4.4 | The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions … | Jun 27, 2026 |
| CVE-2026-11987 | MEDIUM | 4.3 | The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference … | Jun 27, 2026 |
| CVE-2026-11783 | MEDIUM | 6.4 | The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … | Jun 27, 2026 |
| CVE-2026-11773 | MEDIUM | 4.3 | The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, … | Jun 27, 2026 |
| CVE-2026-11597 | MEDIUM | 6.4 | The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. … | Jun 27, 2026 |
| CVE-2026-11364 | MEDIUM | 4.3 | The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. … | Jun 27, 2026 |
| CVE-2026-9677 | UNKNOWN | — | The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariff_infourl setting before outputting it in the frontend HTML … | Jun 27, 2026 |
| CVE-2026-13245 | MEDIUM | 6.1 | The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, … | Jun 27, 2026 |
| CVE-2026-12404 | MEDIUM | 5.3 | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This … | Jun 27, 2026 |
| CVE-2026-10820 | UNKNOWN | — | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user … | Jun 27, 2026 |
| CVE-2026-12415 | CRITICAL | 9.8 | The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_edit_account() AJAX action in versions up … | Jun 27, 2026 |