Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20679
Total
1492
Critical
6280
High
6554
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-47214 | HIGH | 7.1 | Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI … | Jun 26, 2026 |
| CVE-2026-45195 | HIGH | 7.8 | Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside … | Jun 26, 2026 |
| CVE-2026-44018 | MEDIUM | 5.5 | Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing … | Jun 26, 2026 |
| CVE-2026-21734 | HIGH | 7.7 | A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in … | Jun 26, 2026 |
| CVE-2026-12411 | HIGH | 8.4 | Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via … | Jun 26, 2026 |
| CVE-2026-0828 | HIGH | 7.5 | Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes. | Jun 26, 2026 |
| CVE-2026-0685 | CRITICAL | 9.8 | Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution … | Jun 26, 2026 |
| CVE-2025-11919 | CRITICAL | 9.6 | The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file … | Jun 26, 2026 |
| CVE-2023-20572 | UNKNOWN | — | An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the … | Jun 26, 2026 |
| CVE-2023-20540 | UNKNOWN | — | An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary … | Jun 26, 2026 |
| CVE-2026-9699 | MEDIUM | 6.8 | Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to … | Jun 26, 2026 |
| CVE-2026-57667 | HIGH | 8.5 | Sales Representative SQL Injection in Groundhogg <= 4.5 versions. | Jun 26, 2026 |
| CVE-2026-57665 | MEDIUM | 5.3 | Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions. | Jun 26, 2026 |
| CVE-2026-57664 | MEDIUM | 4.3 | Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions. | Jun 26, 2026 |
| CVE-2026-57663 | HIGH | 8.5 | Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions. | Jun 26, 2026 |
| CVE-2026-57662 | HIGH | 8.5 | Contributor SQL Injection in Contest Gallery <= 30.0.0 versions. | Jun 26, 2026 |
| CVE-2026-57661 | MEDIUM | 5.4 | Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions. | Jun 26, 2026 |
| CVE-2026-57660 | MEDIUM | 5.3 | Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions. | Jun 26, 2026 |
| CVE-2026-57659 | HIGH | 8.8 | Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions. | Jun 26, 2026 |
| CVE-2026-57658 | CRITICAL | 9.1 | Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions. | Jun 26, 2026 |
| CVE-2026-57657 | MEDIUM | 4.3 | Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions. | Jun 26, 2026 |
| CVE-2026-57656 | MEDIUM | 5.9 | Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions. | Jun 26, 2026 |
| CVE-2026-57655 | HIGH | 8.2 | Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions. | Jun 26, 2026 |
| CVE-2026-57654 | MEDIUM | 6.5 | Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions. | Jun 26, 2026 |
| CVE-2026-57653 | HIGH | 8.5 | Contributor SQL Injection in WP Job Portal <= 2.5.2 versions. | Jun 26, 2026 |