Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23813
Total
1705
Critical
7468
High
7599
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-69133 | HIGH | 7.5 | Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions. | Jul 02, 2026 |
| CVE-2025-69132 | MEDIUM | 6.5 | Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions. | Jul 02, 2026 |
| CVE-2025-69094 | HIGH | 8.5 | Subscriber SQL Injection in Unicamp <= 2.2.2 versions. | Jul 02, 2026 |
| CVE-2025-66076 | MEDIUM | 5.3 | Unauthenticated Broken Access Control in Woostify Sites Library <= 1.6.2 versions. | Jul 02, 2026 |
| CVE-2025-58902 | HIGH | 8.1 | Unauthenticated Local File Inclusion in Lighthouse <= 1.2.12 versions. | Jul 02, 2026 |
| CVE-2026-54431 | UNKNOWN | — | In liboauth2 the Demonstrating Proof-of-Possession (DPoP) verifier accepts a proof whose JSON Web Key (jwk) header contains private key material. RFC 9449 section 4.3 step … | Jul 02, 2026 |
| CVE-2026-54430 | UNKNOWN | — | liboauth2 is vulnerable to Server-Side Request Forgery in oauth2_jose_jwks_aws_alb_resolve() function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If … | Jul 02, 2026 |
| CVE-2026-9834 | HIGH | 7.2 | The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all … | Jul 02, 2026 |
| CVE-2026-9188 | MEDIUM | 5.3 | The Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to … | Jul 02, 2026 |
| CVE-2026-9145 | MEDIUM | 6.5 | The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the create_entry_el() function in versions up … | Jul 02, 2026 |
| CVE-2026-8482 | MEDIUM | 4.3 | A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included) There is a possible … | Jul 02, 2026 |
| CVE-2026-8441 | HIGH | 7.5 | The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprp_load_more_revs AJAX action in versions up … | Jul 02, 2026 |
| CVE-2026-14336 | HIGH | 8.2 | PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer.startswith(' https://ci.eclipse.org ') in is_issuer_known, pia/models.py:139) instead of validating the issuer as a … | Jul 02, 2026 |
| CVE-2026-14029 | MEDIUM | 6.5 | The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up … | Jul 02, 2026 |
| CVE-2026-13459 | MEDIUM | 5.3 | The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is … | Jul 02, 2026 |
| CVE-2026-13369 | HIGH | 7.5 | The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Arbitrary File Read via the attach_files() function in versions up to, and including, … | Jul 02, 2026 |
| CVE-2026-13252 | MEDIUM | 6.4 | The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting … | Jul 02, 2026 |
| CVE-2026-13251 | HIGH | 7.5 | The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it … | Jul 02, 2026 |
| CVE-2026-12657 | MEDIUM | 5.3 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, … | Jul 02, 2026 |
| CVE-2026-12472 | MEDIUM | 5.3 | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, … | Jul 02, 2026 |
| CVE-2026-12134 | MEDIUM | 4.3 | The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to, … | Jul 02, 2026 |
| CVE-2026-12122 | MEDIUM | 5.3 | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and … | Jul 02, 2026 |
| CVE-2026-11896 | MEDIUM | 5.3 | The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.14 … | Jul 02, 2026 |
| CVE-2026-10104 | MEDIUM | 4.4 | The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom_thumbnail Parameter in all versions up to, and including, … | Jul 02, 2026 |
| CVE-2026-9563 | HIGH | 7.5 | In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed … | Jul 02, 2026 |