cve.li

Recent

CVE-2026-44612CWE-427

Published 2026-05-13 by jpcert

CVE-2025-11159CWE-1395

Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component

Published 2026-05-13 by HITVAN

CVE-2026-2725CWE-863

Improper Authorization in Gerrit allowing Code Review Bypass via "Submitted Together"

Published 2026-05-13 by Google

CVE-2026-6965CWE-639

Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter

Published 2026-05-13 by Wordfence

CVE-2025-14033CWE-639

ilGhera Support System for WooCommerce <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure

Published 2026-05-13 by Wordfence

CVE-2026-6929CWE-89

JoomSport <= 5.7.7 - Unauthenticated SQL Injection via 'sortf' Parameter

Published 2026-05-13 by Wordfence

CVE-2026-32661CWE-121

Published 2026-05-13 by jpcert

CVE-2026-21024

Published 2026-05-13 by SamsungMobile

CVE-2026-21022

Published 2026-05-13 by SamsungMobile

CVE-2026-21021

Published 2026-05-13 by SamsungMobile

CVE-2026-21020

Published 2026-05-13 by SamsungMobile

CVE-2026-21019

Published 2026-05-13 by SamsungMobile

CVE-2026-21018

Published 2026-05-13 by SamsungMobile

CVE-2026-21016

Published 2026-05-13 by SamsungMobile

CVE-2026-21015

Published 2026-05-13 by SamsungMobile

CVE-2025-9989CWE-79

Broadstreet <= 1.53.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Published 2026-05-13 by Wordfence

CVE-2026-7051CWE-862

Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records via 'postId' Parameter

Published 2026-05-13 by Wordfence

CVE-2026-6828CWE-79

Fluent Forms <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'permission_message' Shortcode Attribute

Published 2026-05-13 by Wordfence

CVE-2025-9987CWE-200

Broadstreet <= 1.53.1 - Authenticated (Subscriber+) Information Disclosure

Published 2026-05-13 by Wordfence

CVE-2026-6962CWE-79

Cost of Goods: Product Cost & Profit Calculator for WooCommerce <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published 2026-05-13 by Wordfence

CVE-2026-7619CWE-89

Charitable <= 1.8.10.4 - Authenticated (Custom+) SQL Injection via 's' Search Parameter

Published 2026-05-13 by Wordfence

CVE-2026-7635CWE-502

coreActivity: Activity Logging for WordPress <= 3.0 - Unauthenticated PHP Object Injection via 'user_agent' Log Meta Field

Published 2026-05-13 by Wordfence

CVE-2025-9988CWE-285

Broadstreet <= 1.53.1 - Missing Authorization to Authenticated (Subscriber+) Advertiser Creation

Published 2026-05-13 by Wordfence

CVE-2025-14755CWE-862

Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference

Published 2026-05-13 by Wordfence

CVE-2026-6888

SQL Injection Vulnerability

Published 2026-05-13 by CSA

CVE-2024-36315CWE-693

Published 2026-05-13 by AMD

CVE-2025-61972CWE-1233

Published 2026-05-13 by AMD

CVE-2025-61971CWE-1233

Published 2026-05-13 by AMD

CVE-2025-62627CWE-822

Published 2026-05-13 by AMD

CVE-2025-62624CWE-122

Published 2026-05-13 by AMD

CVE-2025-62623CWE-119

Published 2026-05-13 by AMD

CVE-2026-8202CWE-770

Post-authentication CPU utilization DoS via $trim/$ltrim/$rtrim operators

Published 2026-05-13 by mongodb

CVE-2026-8336CWE-416

Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands

Published 2026-05-13 by mongodb

CVE-2026-8201CWE-416

Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

Published 2026-05-13 by mongodb

CVE-2026-8200CWE-532

Schema validation log messages may not redact user data

Published 2026-05-13 by mongodb

CVE-2026-8199CWE-1325

Post-auth memory exhaustion via bitwise match expressions

Published 2026-05-13 by mongodb

CVE-2026-8053CWE-787

FlatBSON Duplicate Field Index Drift

Published 2026-05-12 by mongodb

CVE-2026-42158CWE-284

Flowsint: Broken Access Control allows modification of investigation metadata from any user

Published 2026-05-12 by GitHub_M

CVE-2026-42156CWE-943

Flowsint: Cypher query injection in node type on node creation

Published 2026-05-12 by GitHub_M

CVE-2026-42157CWE-79

Flowsint: Stored XSS on map node marker in map page

Published 2026-05-12 by GitHub_M

CVE-2026-44352CWE-284

Flowsint: Broken Access Control allows reading of sketch logs from any user

Published 2026-05-12 by GitHub_M

CVE-2026-44245CWE-79

Kyverno: [policy-reporter-ui] XSS via Stored Property Values in PropertyCard Component

Published 2026-05-12 by GitHub_M

CVE-2026-44347CWE-352

Warpgate: SSO CSRF -- State Token Not Validated on Return

Published 2026-05-12 by GitHub_M

CVE-2026-44341CWE-284CWE-639

GoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval Endpoint

Published 2026-05-12 by GitHub_M

CVE-2026-41901CWE-917CWE-1336

Thymeleaf: Improper recognition of unauthorized syntax patterns in sandboxed Thymeleaf expressions

Published 2026-05-12 by GitHub_M

CVE-2026-44548CWE-352CWE-650

ChurchCRM: CSRF via legacy GET-delete pages (FundRaiserDelete.php, PropertyTypeDelete.php, NoteDelete.php)

Published 2026-05-12 by GitHub_M

CVE-2026-44547CWE-287CWE-304

ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2

Published 2026-05-12 by GitHub_M

CVE-2026-8108CWE-749

Fuji Electric Tellus Exposed Dangerous Method or Function

Published 2026-05-12 by icscert

CVE-2026-42288CWE-94

ChurchCRM: Incomplete fix for CVE-2026-39337: Unauthenticated RCE in Setup Wizard via unsanitized DB_PASSWORD

Published 2026-05-12 by GitHub_M

CVE-2026-43680

Published 2026-05-12 by apple

Load more ↓