Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11537
Total
770
Critical
3263
High
3665
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6320 | HIGH | 7.5 | The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is … | May 02, 2026 |
| CVE-2026-4790 | MEDIUM | 5.4 | The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_svg' parameter in … | May 02, 2026 |
| CVE-2026-4100 | HIGH | 7.1 | The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, … | May 02, 2026 |
| CVE-2026-4062 | HIGH | 7.5 | The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_ids' parameters in all versions up to, and including, … | May 02, 2026 |
| CVE-2026-4061 | HIGH | 7.5 | The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This … | May 02, 2026 |
| CVE-2026-4060 | HIGH | 7.5 | The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This … | May 02, 2026 |
| CVE-2026-7627 | MEDIUM | 6.3 | A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync_ea_from_file. Such … | May 02, 2026 |
| CVE-2026-7612 | MEDIUM | 4.7 | A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edit_user.php. Executing a manipulation of the argument … | May 02, 2026 |
| CVE-2026-7611 | LOW | 3.7 | A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. … | May 02, 2026 |
| CVE-2026-7610 | LOW | 3.7 | A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation … | May 02, 2026 |
| CVE-2026-7609 | MEDIUM | 6.3 | A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component … | May 02, 2026 |
| CVE-2026-7491 | HIGH | 8.1 | School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify … | May 02, 2026 |
| CVE-2026-7490 | HIGH | 7.2 | CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling … | May 02, 2026 |
| CVE-2026-7489 | HIGH | 8.8 | CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | May 02, 2026 |
| CVE-2026-5077 | MEDIUM | 5.4 | The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output … | May 02, 2026 |
| CVE-2026-7608 | MEDIUM | 5.5 | A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The … | May 02, 2026 |
| CVE-2026-5324 | HIGH | 7.2 | The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is … | May 02, 2026 |
| CVE-2026-4024 | MEDIUM | 5.3 | The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wpr_update_form_action_meta` AJAX … | May 02, 2026 |
| CVE-2026-7649 | HIGH | 7.5 | The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via … | May 02, 2026 |
| CVE-2026-7607 | HIGH | 8.8 | A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument … | May 02, 2026 |
| CVE-2026-7606 | LOW | 3.7 | A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of … | May 02, 2026 |
| CVE-2026-6457 | MEDIUM | 6.5 | The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo_mashup_null_fields' parameter in all versions up to, and including, 1.13.19 … | May 02, 2026 |
| CVE-2026-6449 | MEDIUM | 5.3 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. … | May 02, 2026 |
| CVE-2026-6229 | HIGH | 7.2 | The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient … | May 02, 2026 |
| CVE-2026-4650 | MEDIUM | 5.3 | The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing … | May 02, 2026 |