Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10648
Total
723
Critical
3075
High
3393
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35071 | HIGH | 8.2 | Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability. A high … | May 12, 2026 |
| CVE-2026-33603 | MEDIUM | 6.8 | Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able … | May 12, 2026 |
| CVE-2026-27851 | HIGH | 7.4 | When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to … | May 12, 2026 |
| CVE-2025-12659 | UNKNOWN | — | The affected applications contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context … | May 12, 2026 |
| CVE-2026-4827 | UNKNOWN | — | CWE‑331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections. | May 12, 2026 |
| CVE-2026-45218 | HIGH | 7.7 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects … | May 12, 2026 |
| CVE-2026-45215 | MEDIUM | 5.3 | Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a … | May 12, 2026 |
| CVE-2026-45214 | HIGH | 8.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects … | May 12, 2026 |
| CVE-2026-45213 | HIGH | 7.6 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from … | May 12, 2026 |
| CVE-2026-45212 | MEDIUM | 5.3 | Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page … | May 12, 2026 |
| CVE-2026-45211 | HIGH | 8.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This … | May 12, 2026 |
| CVE-2026-45210 | MEDIUM | 5.4 | Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.2. | May 12, 2026 |
| CVE-2026-42742 | HIGH | 8.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection.This issue affects … | May 12, 2026 |
| CVE-2026-42741 | HIGH | 8.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Ninja Forms Views – Display & Edit Ninja Forms Submissions … | May 12, 2026 |
| CVE-2026-41713 | HIGH | 8.2 | A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the … | May 12, 2026 |
| CVE-2026-41712 | HIGH | 7.5 | Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users. | May 12, 2026 |
| CVE-2026-32684 | LOW | 2.9 | The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information. | May 12, 2026 |
| CVE-2026-2465 | HIGH | 8.8 | Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR-S allows Privilege Escalation. This issue affects … | May 12, 2026 |
| CVE-2026-8162 | HIGH | 7.5 | multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename* parameter … | May 12, 2026 |
| CVE-2026-8161 | HIGH | 7.5 | multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with … | May 12, 2026 |
| CVE-2026-8159 | HIGH | 7.5 | multiparty@4.2.3 and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with … | May 12, 2026 |
| CVE-2026-8072 | UNKNOWN | — | Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access … | May 12, 2026 |
| CVE-2026-7428 | UNKNOWN | — | Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password … | May 12, 2026 |
| CVE-2026-6813 | MEDIUM | 4.4 | The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient … | May 12, 2026 |
| CVE-2026-6800 | MEDIUM | 4.4 | The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient … | May 12, 2026 |