Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20328
Total
1466
Critical
6161
High
6456
Medium
CVE ID Severity Score Description Published
CVE-2022-4989 UNKNOWN ** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to access … Jul 03, 2026
CVE-2026-14327 HIGH 7.5 The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. … Jul 03, 2026
CVE-2026-12920 MEDIUM 4.9 The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in … Jul 03, 2026
CVE-2026-12734 MEDIUM 6.4 The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'connectorWidth' Block Attribute … Jul 03, 2026
CVE-2026-12731 MEDIUM 6.4 The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' … Jul 03, 2026
CVE-2026-12729 MEDIUM 4.3 The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Missing Authorization in versions up to and … Jul 03, 2026
CVE-2026-8247 UNKNOWN An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker on the same local network segment to execute arbitrary code. This vulnerability … Jul 03, 2026
CVE-2026-55726 MEDIUM 5.3 The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device … Jul 03, 2026
CVE-2026-54477 MEDIUM 5.4 The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks. Jul 03, 2026
CVE-2026-13768 CRITICAL 10.0 Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns … Jul 03, 2026
CVE-2026-13728 UNKNOWN In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability … Jul 03, 2026
CVE-2026-13722 UNKNOWN WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to … Jul 03, 2026
CVE-2026-13384 UNKNOWN An Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests … Jul 03, 2026
CVE-2026-13383 UNKNOWN An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests … Jul 03, 2026
CVE-2026-13377 UNKNOWN Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability … Jul 03, 2026
CVE-2026-13376 UNKNOWN Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is … Jul 03, 2026
CVE-2026-13375 UNKNOWN Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS. This … Jul 03, 2026
CVE-2026-13374 UNKNOWN Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS. This … Jul 03, 2026
CVE-2026-13373 UNKNOWN Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS. This … Jul 03, 2026
CVE-2026-13371 UNKNOWN An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the put_data endpoint, which … Jul 03, 2026
CVE-2026-13368 UNKNOWN WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated … Jul 03, 2026
CVE-2026-13084 UNKNOWN A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service (DoS) condition by sending specially crafted … Jul 03, 2026
CVE-2026-13079 UNKNOWN A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT … Jul 03, 2026
CVE-2026-13054 UNKNOWN A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. … Jul 03, 2026
CVE-2026-13053 UNKNOWN An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command. … Jul 03, 2026