Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22332
Total
1596
Critical
6832
High
7160
Medium
CVE ID Severity Score Description Published
CVE-2026-57380 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for … Jul 13, 2026
CVE-2026-57379 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a through <= … Jul 13, 2026
CVE-2026-57378 HIGH 7.5 Missing Authorization vulnerability in Phil Kurth Advanced Forms advanced-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Forms: from n/a through <= … Jul 13, 2026
CVE-2026-57377 MEDIUM 6.5 Missing Authorization vulnerability in WPXPO WowAddons product-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowAddons: from n/a through <= 1.6.8. Jul 13, 2026
CVE-2026-57376 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader … Jul 13, 2026
CVE-2026-57375 MEDIUM 6.5 Missing Authorization vulnerability in FluxBuilder MStore API mstore-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MStore API: from n/a through <= 4.18.4. Jul 13, 2026
CVE-2026-57372 HIGH 7.2 Server-Side Request Forgery (SSRF) vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through <= 7.0. Jul 13, 2026
CVE-2026-57371 HIGH 8.8 Deserialization of Untrusted Data vulnerability in denishua WPJAM Basic wpjam-basic allows Object Injection.This issue affects WPJAM Basic: from n/a through <= 7.0. Jul 13, 2026
CVE-2026-57369 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Builder themify-builder allows Reflected XSS.This issue affects Themify Builder: from n/a … Jul 13, 2026
CVE-2026-57368 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= … Jul 13, 2026
CVE-2026-57365 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hitesh Chandwani reCAPTCHA (v2 &amp; v3) for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This … Jul 13, 2026
CVE-2026-57364 MEDIUM 6.5 Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment – Instant Payments, Donations, Fundraising with Subscriptions &amp; More better-payment allows Accessing Functionality … Jul 13, 2026
CVE-2026-57363 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud ChatBot chatbot allows Stored XSS.This issue affects ChatBot: from n/a through <= … Jul 13, 2026
CVE-2026-49876 MEDIUM 6.5 Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache … Jul 13, 2026
CVE-2026-41041 CRITICAL 9.1 URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade … Jul 13, 2026
CVE-2026-22103 UNKNOWN The NPC start endpoint on the web server at port 8090 is vulnerable to command injection. Jul 13, 2026
CVE-2026-22102 UNKNOWN A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in … Jul 13, 2026
CVE-2026-22100 UNKNOWN The OCPP DataTransfer message `ReserveLogin` is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root. Jul 13, 2026
CVE-2026-22099 UNKNOWN The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakage, triggering reboots, or pushing a … Jul 13, 2026
CVE-2026-22098 UNKNOWN Various sensitive information such as passwords and charging card UIDs are written to log files. Jul 13, 2026
CVE-2026-22097 UNKNOWN The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which … Jul 13, 2026
CVE-2026-22096 UNKNOWN The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different … Jul 13, 2026
CVE-2026-22095 UNKNOWN The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection. Jul 13, 2026
CVE-2026-22093 UNKNOWN The EVbee Service Android app uses TLS encrypted communication (HTTPS), but does not validate the certificate provided by the server. This allows an attacker on … Jul 13, 2026
CVE-2026-15557 HIGH 7.3 A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the … Jul 13, 2026