Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11202
Total
755
Critical
3234
High
3640
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-3454 | MEDIUM | 6.5 | The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing … | May 05, 2026 |
| CVE-2026-2729 | MEDIUM | 5.3 | The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not … | May 05, 2026 |
| CVE-2026-7823 | CRITICAL | 9.8 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable … | May 05, 2026 |
| CVE-2026-7822 | MEDIUM | 6.3 | A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /print_pdets.php. The manipulation of the argument ids … | May 05, 2026 |
| CVE-2026-7812 | HIGH | 7.3 | A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP … | May 05, 2026 |
| CVE-2026-7811 | HIGH | 7.3 | A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component … | May 05, 2026 |
| CVE-2026-4362 | MEDIUM | 6.5 | The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `Live_Action::reset()` function in … | May 05, 2026 |
| CVE-2026-7810 | HIGH | 7.3 | A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create_notebook/read_notebook/edit_cell/add_cell of the file server.py. This manipulation causes path traversal. … | May 05, 2026 |
| CVE-2026-5957 | MEDIUM | 6.5 | The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed … | May 05, 2026 |
| CVE-2026-5294 | CRITICAL | 9.8 | The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX … | May 05, 2026 |
| CVE-2026-5159 | MEDIUM | 6.4 | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up … | May 05, 2026 |
| CVE-2026-4803 | HIGH | 7.2 | The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_meta AJAX action in all versions … | May 05, 2026 |
| CVE-2026-4665 | MEDIUM | 6.4 | The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox `data-caption` attributes in all versions up to, and including, … | May 05, 2026 |
| CVE-2026-3456 | HIGH | 7.5 | The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in … | May 05, 2026 |
| CVE-2026-35228 | HIGH | 8.7 | Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. … | May 05, 2026 |
| CVE-2026-2948 | MEDIUM | 6.4 | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, … | May 05, 2026 |
| CVE-2026-6704 | MEDIUM | 6.1 | The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This … | May 05, 2026 |
| CVE-2026-6702 | MEDIUM | 6.1 | The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to … | May 05, 2026 |
| CVE-2026-6701 | MEDIUM | 4.3 | The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or … | May 05, 2026 |
| CVE-2026-6700 | MEDIUM | 4.3 | The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing … | May 05, 2026 |
| CVE-2026-6696 | MEDIUM | 6.1 | The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'first_name', 'last_name', and 'phone' parameters on the plugin's sign-up admin … | May 05, 2026 |
| CVE-2026-6255 | MEDIUM | 6.4 | The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'num' attribute of the 'owls_wrapper' shortcode in all versions up … | May 05, 2026 |
| CVE-2026-5505 | MEDIUM | 6.4 | The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `clippy` shortcode in all versions up to, and including, 1.0.0. This … | May 05, 2026 |
| CVE-2026-5247 | MEDIUM | 5.5 | The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the [futureaction] shortcode in … | May 05, 2026 |
| CVE-2026-5100 | HIGH | 7.5 | The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due … | May 05, 2026 |