Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-33255 | HIGH | 7.5 | NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability … | May 20, 2026 |
| CVE-2025-15369 | MEDIUM | 5.3 | The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on … | May 20, 2026 |
| CVE-2026-8685 | MEDIUM | 6.5 | The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. … | May 20, 2026 |
| CVE-2026-8627 | MEDIUM | 6.1 | The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] variable in versions up to and including 1.0. This is … | May 20, 2026 |
| CVE-2026-8626 | MEDIUM | 6.1 | The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 0.5.2 due to insufficient … | May 20, 2026 |
| CVE-2026-8624 | MEDIUM | 6.1 | The LJ comments import: reloaded plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 0.97.1 … | May 20, 2026 |
| CVE-2026-8610 | MEDIUM | 4.3 | The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.4. This is due to … | May 20, 2026 |
| CVE-2026-8424 | MEDIUM | 4.3 | The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to … | May 20, 2026 |
| CVE-2026-8423 | MEDIUM | 4.3 | The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due … | May 20, 2026 |
| CVE-2026-8420 | MEDIUM | 6.1 | The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to … | May 20, 2026 |
| CVE-2026-8419 | MEDIUM | 4.3 | The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing … | May 20, 2026 |
| CVE-2026-8418 | MEDIUM | 4.3 | The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or … | May 20, 2026 |
| CVE-2026-8038 | MEDIUM | 6.4 | The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions … | May 20, 2026 |
| CVE-2026-7472 | MEDIUM | 4.9 | The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and … | May 20, 2026 |
| CVE-2026-7467 | HIGH | 8.8 | The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to … | May 20, 2026 |
| CVE-2026-7462 | MEDIUM | 6.1 | The VatanSMS WP SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `page` parameter in all versions up to, and including, 1.01. … | May 20, 2026 |
| CVE-2026-7284 | CRITICAL | 9.8 | The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up … | May 20, 2026 |
| CVE-2026-6555 | CRITICAL | 9.8 | The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an … | May 20, 2026 |
| CVE-2026-6549 | MEDIUM | 6.4 | The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the `vc_enamad_namad`, `vc_enamad_shamed`, and `vc_enamad_custom` shortcodes … | May 20, 2026 |
| CVE-2026-6456 | HIGH | 8.8 | The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the `rememberLogin` … | May 20, 2026 |
| CVE-2026-6452 | MEDIUM | 4.3 | The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing … | May 20, 2026 |
| CVE-2026-6404 | MEDIUM | 4.4 | The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomify_api_key' parameter in versions up to … | May 20, 2026 |
| CVE-2026-6401 | MEDIUM | 4.3 | The Bottom Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.1.7. This is due to missing … | May 20, 2026 |
| CVE-2026-6400 | MEDIUM | 4.3 | The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is … | May 20, 2026 |
| CVE-2026-6399 | MEDIUM | 4.4 | The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use … | May 20, 2026 |