Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10557
Total
721
Critical
3059
High
3365
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-8388 | MEDIUM | 6.5 | Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3. | May 12, 2026 |
| CVE-2026-6865 | UNKNOWN | — | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) vulnerability that could cause unauthorized access to sensitive files when user-supplied input is … | May 12, 2026 |
| CVE-2026-45091 | CRITICAL | 9.1 | sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal … | May 12, 2026 |
| CVE-2026-43930 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race … | May 12, 2026 |
| CVE-2026-43916 | UNKNOWN | — | pam_authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer_lookup_tcp … | May 12, 2026 |
| CVE-2026-42006 | MEDIUM | 4.3 | An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, … | May 12, 2026 |
| CVE-2026-40638 | MEDIUM | 6.7 | Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this … | May 12, 2026 |
| CVE-2026-40020 | LOW | 3.1 | Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed … | May 12, 2026 |
| CVE-2026-40016 | MEDIUM | 5.3 | Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of … | May 12, 2026 |
| CVE-2026-35071 | HIGH | 8.2 | Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability. A high … | May 12, 2026 |
| CVE-2026-33603 | MEDIUM | 6.8 | Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able … | May 12, 2026 |
| CVE-2026-27851 | HIGH | 7.4 | When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to … | May 12, 2026 |
| CVE-2025-12659 | UNKNOWN | — | The affected applications contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context … | May 12, 2026 |
| CVE-2026-4827 | UNKNOWN | — | CWE‑331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections. | May 12, 2026 |
| CVE-2026-45218 | HIGH | 7.7 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects … | May 12, 2026 |
| CVE-2026-45215 | MEDIUM | 5.3 | Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a … | May 12, 2026 |
| CVE-2026-45214 | HIGH | 8.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects … | May 12, 2026 |
| CVE-2026-45213 | HIGH | 7.6 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from … | May 12, 2026 |
| CVE-2026-45212 | MEDIUM | 5.3 | Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page … | May 12, 2026 |
| CVE-2026-45211 | HIGH | 8.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This … | May 12, 2026 |
| CVE-2026-45210 | MEDIUM | 5.4 | Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.2. | May 12, 2026 |
| CVE-2026-42742 | HIGH | 8.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection.This issue affects … | May 12, 2026 |
| CVE-2026-42741 | HIGH | 8.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Ninja Forms Views – Display & Edit Ninja Forms Submissions … | May 12, 2026 |
| CVE-2026-41713 | HIGH | 8.2 | A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the … | May 12, 2026 |
| CVE-2026-41712 | HIGH | 7.5 | Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users. | May 12, 2026 |