Total CVEs

143,126

Critical Severity

4,045

High Severity

14,563

Last 7 Days

1,262
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 21 - 40 of 39,531 CVEs
CVE-2026-9253 HIGH - 7.2

The WP Cost Estimation & Payment Forms Builder (E&P Forms) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customerInfos' parameter in all versions up to, and including, 10.5.97 due to insufficient input sanitization and output escaping. This makes it pos...

Published: Jul 09, 2026
Source: NVD
CVE-2026-15182 MEDIUM - 5.3

A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwg_bmp of the file src/dwg.c of the component BMP Image Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the pub...

Vendor: GNU
Product: LibreDWG
Published: Jul 09, 2026
Source: NVD
CVE-2026-9240 MEDIUM - 4.3

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod() function (registered to the wp_ajax_lpc_order_affect AJAX action) in versions up to, and including, ...

Published: Jul 09, 2026
Source: NVD
CVE-2026-9237 MEDIUM - 4.3

The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authent...

Published: Jul 09, 2026
Source: NVD
CVE-2026-9235 MEDIUM - 4.3

The DHL eCommerce (Benelux) for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the create_label() and delete_label() functions in versions up to, and including, 2.2.3. These functions ar...

Published: Jul 09, 2026
Source: NVD
CVE-2026-9028 MEDIUM - 5.3

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to c...

Published: Jul 09, 2026
Source: NVD
CVE-2026-9027 MEDIUM - 5.3

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The `corvuspay_success_handler` function registers the REST endpoint `POST /wp-json/corvuspay/success/` wit...

Published: Jul 09, 2026
Source: NVD
CVE-2026-9021 MEDIUM - 5.3

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easy_invoice_accept_quote and easy_invoice_decline_quote AJAX actions via wp_ajax_nopriv_ hooks and relying solely on a quote-scoped nonce ...

Published: Jul 09, 2026
Source: NVD
CVE-2026-59692 HIGH - 7.5

A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking. A remote unauthenticated attacker can send a certificate with an over...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Jul 09, 2026
Source: NVD
CVE-2026-59691 HIGH - 7.1

A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client connects to a malicious RFB/VNC server that advertises a 16bpp framebuffer and sends Hextile-encoded updates, the Hextile background fill path writes 32-bit pixel values into a buffer allocated for 16-bit...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Jul 09, 2026
Source: NVD
CVE-2026-58307 MEDIUM - 6.1

Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c.

Vendor: Samsung Open Source
Product: Escargot
Published: Jul 09, 2026
Source: NVD
CVE-2026-58306 MEDIUM - 6.1

Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before ef525f337fafddecde77a3c426212a84bb20cb98.

Vendor: Samsung Open Source
Product: Escargot
Published: Jul 09, 2026
Source: NVD
CVE-2026-58305 MEDIUM - 6.1

Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a.

Vendor: Samsung Open Source
Product: Escargot
Published: Jul 09, 2026
Source: NVD
CVE-2026-58304 MEDIUM - 6.1

Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a.

Vendor: Samsung Open Source
Product: Escargot
Published: Jul 09, 2026
Source: NVD
CVE-2026-58303 MEDIUM - 6.1

Stack-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before b30b63fc63b403907d8137da1c65aaa4521fe74e.

Vendor: Samsung Open Source
Product: Escargot
Published: Jul 09, 2026
Source: NVD

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

Vendor: balbooa.com
Product: balbooa.com Balbooa Forms extension for Joomla
Published: Jul 09, 2026
Source: NVD

GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...

Vendor: GNU
Product: patch
Published: Jul 09, 2026
Source: NVD

GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer ...

Vendor: GNU
Product: patch
Published: Jul 09, 2026
Source: NVD

SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parameters_all rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed (by the attacker or another use...

Vendor: SOPlanning
Product: SOPlanning
Published: Jul 09, 2026
Source: NVD
CVE-2026-4298 MEDIUM - 4.3

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvo_reset_policy_service_func() function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plug...

Published: Jul 09, 2026
Source: NVD