Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10648
Total
723
Critical
3075
High
3393
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6001 | HIGH | 8.8 | Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers. This issue affects BAPSİS: before v.202604152042. | May 12, 2026 |
| CVE-2026-5029 | UNKNOWN | — | A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without … | May 12, 2026 |
| CVE-2026-44412 | HIGH | 7.8 | A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack based overflow vulnerability while … | May 12, 2026 |
| CVE-2026-44411 | HIGH | 7.8 | A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected application is vulnerable to uninitialized pointer access while … | May 12, 2026 |
| CVE-2026-41551 | CRITICAL | 9.1 | A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized. … | May 12, 2026 |
| CVE-2026-41125 | MEDIUM | 6.0 | A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions), blueplanet 105 TL3 (All versions), blueplanet 105 … | May 12, 2026 |
| CVE-2026-33893 | HIGH | 7.5 | A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter … | May 12, 2026 |
| CVE-2026-33862 | HIGH | 7.3 | A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter … | May 12, 2026 |
| CVE-2026-27662 | HIGH | 7.7 | Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could … | May 12, 2026 |
| CVE-2026-25789 | HIGH | 7.1 | Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user … | May 12, 2026 |
| CVE-2026-25787 | CRITICAL | 9.1 | Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could … | May 12, 2026 |
| CVE-2026-25786 | CRITICAL | 9.1 | Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated … | May 12, 2026 |
| CVE-2026-22925 | HIGH | 7.5 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application is susceptible to resource exhaustion when subjected to high … | May 12, 2026 |
| CVE-2026-22924 | CRITICAL | 9.1 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible … | May 12, 2026 |
| CVE-2026-1934 | MEDIUM | 4.3 | The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up … | May 12, 2026 |
| CVE-2025-6577 | CRITICAL | 9.8 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. … | May 12, 2026 |
| CVE-2025-40949 | CRITICAL | 9.1 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions … | May 12, 2026 |
| CVE-2025-40948 | MEDIUM | 6.8 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions … | May 12, 2026 |
| CVE-2025-40947 | HIGH | 7.5 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions … | May 12, 2026 |
| CVE-2025-40946 | HIGH | 8.3 | A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), … | May 12, 2026 |
| CVE-2025-40833 | HIGH | 7.5 | The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service … | May 12, 2026 |
| CVE-2024-54017 | MEDIUM | 5.3 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All … | May 12, 2026 |
| CVE-2026-7661 | MEDIUM | 6.4 | The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `box` shortcode in all versions up to, and including, 1.0. This … | May 12, 2026 |
| CVE-2026-7659 | MEDIUM | 6.4 | The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `social` shortcode in all versions up to, and including, … | May 12, 2026 |
| CVE-2026-7626 | MEDIUM | 5.3 | The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb_handle_slek_payment_redirect() function placing the … | May 12, 2026 |