Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23329
Total
1657
Critical
7330
High
7410
Medium
CVE ID Severity Score Description Published
CVE-2026-14489 HIGH 8.8 The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect() function in all versions … Jul 08, 2026
CVE-2026-12153 CRITICAL 9.8 The WP Learn Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.8. This is due to the … Jul 08, 2026
CVE-2026-12097 MEDIUM 5.3 The User Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2. This is due to the plugin … Jul 08, 2026
CVE-2026-12041 MEDIUM 4.4 The Chatra Live Chat + ChatBot + Cart Saver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up … Jul 08, 2026
CVE-2026-11798 MEDIUM 6.1 The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateor_mastodon_share' parameter … Jul 08, 2026
CVE-2026-10570 MEDIUM 6.4 The Sympl Repeater for ACF and Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ACF repeater field values in all versions up … Jul 08, 2026
CVE-2026-9842 HIGH 7.5 The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.2. This is due … Jul 08, 2026
CVE-2026-9701 CRITICAL 9.8 The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a … Jul 08, 2026
CVE-2026-14487 CRITICAL 9.1 The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all … Jul 08, 2026
CVE-2026-14482 HIGH 8.8 The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing … Jul 08, 2026
CVE-2026-14244 HIGH 7.5 The Jssor Slider by jssor.com plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.1.24 via the 'url' parameter … Jul 08, 2026
CVE-2026-14158 HIGH 8.8 The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widget_logic_visual_check_visibility function. … Jul 08, 2026
CVE-2026-60002 HIGH 7.7 ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on … Jul 08, 2026
CVE-2026-60001 MEDIUM 6.5 sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay. Jul 08, 2026
CVE-2026-60000 LOW 3.7 sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for … Jul 08, 2026
CVE-2026-59999 MEDIUM 5.9 In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not. Jul 08, 2026
CVE-2026-59998 MEDIUM 4.8 sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory. Jul 08, 2026
CVE-2026-59997 MEDIUM 4.2 internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have … Jul 08, 2026
CVE-2026-59996 MEDIUM 4.2 scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations. Jul 08, 2026
CVE-2026-59995 MEDIUM 4.2 sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server. Jul 08, 2026
CVE-2026-56843 CRITICAL 9.9 Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because … Jul 08, 2026
CVE-2026-55438 MEDIUM 5.8 Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, Coder's subdomain-based workspace app proxy allowed the … Jul 08, 2026
CVE-2026-55437 MEDIUM 5.4 Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the `AgentLogLine` dashboard component instantiated `ansi-to-html` without … Jul 08, 2026
CVE-2026-55436 HIGH 7.4 Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge … Jul 08, 2026
CVE-2026-55433 MEDIUM 5.4 Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route … Jul 08, 2026