Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23830
Total
1706
Critical
7474
High
7609
Medium
CVE ID Severity Score Description Published
CVE-2026-12224 HIGH 8.8 The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via update_capabilities REST Endpoint in all versions up to, and including, 5.0.4. This is … Jul 01, 2026
CVE-2026-12158 HIGH 8.8 The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This … Jul 01, 2026
CVE-2026-11387 CRITICAL 9.8 The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account … Jul 01, 2026
CVE-2026-10540 MEDIUM 5.6 The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an … Jul 01, 2026
CVE-2026-10539 CRITICAL 9.0 A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized … Jul 01, 2026
CVE-2026-10538 HIGH 8.0 Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions … Jul 01, 2026
CVE-2026-10096 MEDIUM 4.3 The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'page_id' parameter … Jul 01, 2026
CVE-2026-1239 HIGH 7.5 The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a … Jul 01, 2026
CVE-2026-14193 HIGH 7.5 DVP80ES300T with Improper Validation of Array Index Vulnerability Jul 01, 2026
CVE-2026-12579 HIGH 7.4 AS228T with Authentication Bypass Vulnerability Jul 01, 2026
CVE-2026-11887 MEDIUM 4.3 The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such … Jul 01, 2026
CVE-2026-11883 HIGH 7.2 The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a … Jul 01, 2026
CVE-2026-11880 LOW 3.1 The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with a low-privilege account … Jul 01, 2026
CVE-2026-11823 HIGH 7.5 The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'store_service_date' parameter of the bpa_assign_staffmember_to_slots() function in versions up to … Jul 01, 2026
CVE-2026-11794 HIGH 8.1 The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a … Jul 01, 2026
CVE-2026-11570 MEDIUM 4.2 The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a … Jul 01, 2026
CVE-2026-11568 HIGH 7.5 The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public … Jul 01, 2026
CVE-2026-11562 MEDIUM 4.3 The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level … Jul 01, 2026
CVE-2026-10750 HIGH 8.1 The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users … Jul 01, 2026
CVE-2025-15666 MEDIUM 5.3 A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::SceneCombiner::Copy of the … Jul 01, 2026
CVE-2026-9107 MEDIUM 6.4 The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'meta[kaliforms_field_components]' parameter in all versions … Jul 01, 2026
CVE-2026-7840 CRITICAL 9.8 UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c write the caller-supplied … Jul 01, 2026
CVE-2026-7839 CRITICAL 9.1 UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater … Jul 01, 2026
CVE-2026-7838 HIGH 8.8 UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte … Jul 01, 2026
CVE-2026-7831 HIGH 7.6 UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.cpp, when the server-supplied nameLength equals exactly 2024 … Jul 01, 2026