Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23329
Total
1657
Critical
7330
High
7410
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-14489 | HIGH | 8.8 | The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect() function in all versions … | Jul 08, 2026 |
| CVE-2026-12153 | CRITICAL | 9.8 | The WP Learn Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.8. This is due to the … | Jul 08, 2026 |
| CVE-2026-12097 | MEDIUM | 5.3 | The User Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2. This is due to the plugin … | Jul 08, 2026 |
| CVE-2026-12041 | MEDIUM | 4.4 | The Chatra Live Chat + ChatBot + Cart Saver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up … | Jul 08, 2026 |
| CVE-2026-11798 | MEDIUM | 6.1 | The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateor_mastodon_share' parameter … | Jul 08, 2026 |
| CVE-2026-10570 | MEDIUM | 6.4 | The Sympl Repeater for ACF and Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ACF repeater field values in all versions up … | Jul 08, 2026 |
| CVE-2026-9842 | HIGH | 7.5 | The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.2. This is due … | Jul 08, 2026 |
| CVE-2026-9701 | CRITICAL | 9.8 | The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a … | Jul 08, 2026 |
| CVE-2026-14487 | CRITICAL | 9.1 | The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all … | Jul 08, 2026 |
| CVE-2026-14482 | HIGH | 8.8 | The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing … | Jul 08, 2026 |
| CVE-2026-14244 | HIGH | 7.5 | The Jssor Slider by jssor.com plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.1.24 via the 'url' parameter … | Jul 08, 2026 |
| CVE-2026-14158 | HIGH | 8.8 | The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widget_logic_visual_check_visibility function. … | Jul 08, 2026 |
| CVE-2026-60002 | HIGH | 7.7 | ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on … | Jul 08, 2026 |
| CVE-2026-60001 | MEDIUM | 6.5 | sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay. | Jul 08, 2026 |
| CVE-2026-60000 | LOW | 3.7 | sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for … | Jul 08, 2026 |
| CVE-2026-59999 | MEDIUM | 5.9 | In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not. | Jul 08, 2026 |
| CVE-2026-59998 | MEDIUM | 4.8 | sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory. | Jul 08, 2026 |
| CVE-2026-59997 | MEDIUM | 4.2 | internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have … | Jul 08, 2026 |
| CVE-2026-59996 | MEDIUM | 4.2 | scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations. | Jul 08, 2026 |
| CVE-2026-59995 | MEDIUM | 4.2 | sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server. | Jul 08, 2026 |
| CVE-2026-56843 | CRITICAL | 9.9 | Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because … | Jul 08, 2026 |
| CVE-2026-55438 | MEDIUM | 5.8 | Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, Coder's subdomain-based workspace app proxy allowed the … | Jul 08, 2026 |
| CVE-2026-55437 | MEDIUM | 5.4 | Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the `AgentLogLine` dashboard component instantiated `ansi-to-html` without … | Jul 08, 2026 |
| CVE-2026-55436 | HIGH | 7.4 | Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge … | Jul 08, 2026 |
| CVE-2026-55433 | MEDIUM | 5.4 | Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route … | Jul 08, 2026 |