Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20679
Total
1492
Critical
6280
High
6554
Medium
CVE ID Severity Score Description Published
CVE-2026-47214 HIGH 7.1 Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI … Jun 26, 2026
CVE-2026-45195 HIGH 7.8 Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside … Jun 26, 2026
CVE-2026-44018 MEDIUM 5.5 Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing … Jun 26, 2026
CVE-2026-21734 HIGH 7.7 A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in … Jun 26, 2026
CVE-2026-12411 HIGH 8.4 Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via … Jun 26, 2026
CVE-2026-0828 HIGH 7.5 Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes. Jun 26, 2026
CVE-2026-0685 CRITICAL 9.8 Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution … Jun 26, 2026
CVE-2025-11919 CRITICAL 9.6 The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file … Jun 26, 2026
CVE-2023-20572 UNKNOWN An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the … Jun 26, 2026
CVE-2023-20540 UNKNOWN An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary … Jun 26, 2026
CVE-2026-9699 MEDIUM 6.8 Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to … Jun 26, 2026
CVE-2026-57667 HIGH 8.5 Sales Representative SQL Injection in Groundhogg <= 4.5 versions. Jun 26, 2026
CVE-2026-57665 MEDIUM 5.3 Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions. Jun 26, 2026
CVE-2026-57664 MEDIUM 4.3 Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions. Jun 26, 2026
CVE-2026-57663 HIGH 8.5 Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions. Jun 26, 2026
CVE-2026-57662 HIGH 8.5 Contributor SQL Injection in Contest Gallery <= 30.0.0 versions. Jun 26, 2026
CVE-2026-57661 MEDIUM 5.4 Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions. Jun 26, 2026
CVE-2026-57660 MEDIUM 5.3 Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions. Jun 26, 2026
CVE-2026-57659 HIGH 8.8 Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions. Jun 26, 2026
CVE-2026-57658 CRITICAL 9.1 Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions. Jun 26, 2026
CVE-2026-57657 MEDIUM 4.3 Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions. Jun 26, 2026
CVE-2026-57656 MEDIUM 5.9 Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions. Jun 26, 2026
CVE-2026-57655 HIGH 8.2 Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions. Jun 26, 2026
CVE-2026-57654 MEDIUM 6.5 Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions. Jun 26, 2026
CVE-2026-57653 HIGH 8.5 Contributor SQL Injection in WP Job Portal <= 2.5.2 versions. Jun 26, 2026