Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20560
Total
1471
Critical
6231
High
6522
Medium
CVE ID Severity Score Description Published
CVE-2026-10643 HIGH 8.7 Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_control) buffer using only the payload length (msg-msg_controllen < pktinfo_len) before writing a full … Jun 28, 2026
CVE-2026-49416 UNKNOWN The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting … Jun 27, 2026
CVE-2026-49414 UNKNOWN The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As … Jun 27, 2026
CVE-2026-49417 UNKNOWN Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could … Jun 27, 2026
CVE-2026-49413 UNKNOWN The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at … Jun 27, 2026
CVE-2026-49412 UNKNOWN The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window … Jun 27, 2026
CVE-2026-45259 UNKNOWN sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not include a capability … Jun 27, 2026
CVE-2026-45258 UNKNOWN dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that … Jun 27, 2026
CVE-2026-9242 MEDIUM 5.3 The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data … Jun 27, 2026
CVE-2026-9233 MEDIUM 4.3 The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, … Jun 27, 2026
CVE-2026-3462 MEDIUM 6.5 The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'upload_csv' and 'process_batch' functions in … Jun 27, 2026
CVE-2026-13295 MEDIUM 6.4 The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panels_data Parameter in all versions up to, and including, 2.34.3 … Jun 27, 2026
CVE-2026-12471 MEDIUM 4.3 The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin function in all versions up to, … Jun 27, 2026
CVE-2026-12432 MEDIUM 5.3 The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfs_update_failed_payment_status AJAX action. … Jun 27, 2026
CVE-2026-12399 MEDIUM 4.4 The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions … Jun 27, 2026
CVE-2026-11987 MEDIUM 4.3 The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference … Jun 27, 2026
CVE-2026-11783 MEDIUM 6.4 The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … Jun 27, 2026
CVE-2026-11773 MEDIUM 4.3 The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, … Jun 27, 2026
CVE-2026-11597 MEDIUM 6.4 The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. … Jun 27, 2026
CVE-2026-11364 MEDIUM 4.3 The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. … Jun 27, 2026
CVE-2026-9677 UNKNOWN The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariff_infourl setting before outputting it in the frontend HTML … Jun 27, 2026
CVE-2026-13245 MEDIUM 6.1 The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, … Jun 27, 2026
CVE-2026-12404 MEDIUM 5.3 The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This … Jun 27, 2026
CVE-2026-10820 UNKNOWN The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user … Jun 27, 2026
CVE-2026-12415 CRITICAL 9.8 The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_edit_account() AJAX action in versions up … Jun 27, 2026