Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-25608 | UNKNOWN | — | STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middle attack and obtain sensitive data such … | May 22, 2026 |
| CVE-2026-25607 | UNKNOWN | — | Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known … | May 22, 2026 |
| CVE-2026-25606 | UNKNOWN | — | A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters allows for SQL Injection attacks. … | May 22, 2026 |
| CVE-2026-9011 | HIGH | 7.5 | The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. … | May 22, 2026 |
| CVE-2026-8692 | MEDIUM | 4.3 | The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all … | May 22, 2026 |
| CVE-2026-8684 | MEDIUM | 5.3 | The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the … | May 22, 2026 |
| CVE-2026-8679 | HIGH | 7.5 | The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle_playlist_endpoint() … | May 22, 2026 |
| CVE-2026-8381 | MEDIUM | 5.4 | A broken access control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, … | May 22, 2026 |
| CVE-2026-7798 | MEDIUM | 5.4 | The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery … | May 22, 2026 |
| CVE-2026-7636 | MEDIUM | 4.3 | The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and … | May 22, 2026 |
| CVE-2026-7615 | MEDIUM | 4.3 | The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing … | May 22, 2026 |
| CVE-2026-5072 | UNKNOWN | — | A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted … | May 22, 2026 |
| CVE-2026-9104 | MEDIUM | 6.4 | The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due … | May 22, 2026 |
| CVE-2026-9018 | HIGH | 8.8 | The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, … | May 22, 2026 |
| CVE-2026-7509 | MEDIUM | 6.4 | The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `the-subtitle` shortcode `before` and `after` attributes in all versions up … | May 22, 2026 |
| CVE-2026-7249 | MEDIUM | 4.3 | The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the `splw_update_block_options()` and `lwp_clean_weather_transients()` functions in … | May 22, 2026 |
| CVE-2026-6864 | MEDIUM | 6.1 | The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, … | May 22, 2026 |
| CVE-2026-4070 | MEDIUM | 4.3 | The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due … | May 22, 2026 |
| CVE-2026-44409 | MEDIUM | 5.7 | There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, … | May 22, 2026 |
| CVE-2026-3481 | MEDIUM | 6.1 | The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to and including 0.9.14. This … | May 22, 2026 |
| CVE-2026-2518 | MEDIUM | 4.3 | The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing capability checks on the 'ultp_install_callback' and 'ultp_activate_callback' functions … | May 22, 2026 |
| CVE-2026-9054 | UNKNOWN | — | An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic. | May 22, 2026 |
| CVE-2026-9053 | UNKNOWN | — | Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default … | May 22, 2026 |
| CVE-2026-4834 | HIGH | 7.5 | The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in all versions up to, and including, 1.5.1. This … | May 22, 2026 |
| CVE-2026-46598 | UNKNOWN | — | For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used. | May 22, 2026 |