Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12651
Total
850
Critical
3653
High
3967
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-1620 | HIGH | 8.8 | The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.0. This is due … | Apr 16, 2026 |
| CVE-2026-1572 | MEDIUM | 6.4 | The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions … | Apr 16, 2026 |
| CVE-2025-13364 | MEDIUM | 6.4 | The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'put_wpgm' shortcode in all versions … | Apr 16, 2026 |
| CVE-2026-5050 | HIGH | 7.5 | The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, … | Apr 16, 2026 |
| CVE-2026-3773 | MEDIUM | 6.5 | The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scan_id' parameter in all versions up to, and including, … | Apr 16, 2026 |
| CVE-2026-3614 | HIGH | 8.8 | The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability … | Apr 16, 2026 |
| CVE-2026-3599 | HIGH | 7.5 | The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'product_data' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint … | Apr 16, 2026 |
| CVE-2026-3596 | CRITICAL | 9.8 | The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated … | Apr 16, 2026 |
| CVE-2026-3595 | MEDIUM | 5.3 | The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.2. This is due to the … | Apr 16, 2026 |
| CVE-2026-3581 | MEDIUM | 5.3 | The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the … | Apr 16, 2026 |
| CVE-2026-3551 | MEDIUM | 4.4 | The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and … | Apr 16, 2026 |
| CVE-2026-22619 | HIGH | 7.8 | Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with … | Apr 16, 2026 |
| CVE-2026-22618 | MEDIUM | 5.9 | A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users … | Apr 16, 2026 |
| CVE-2026-22617 | MEDIUM | 5.7 | Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a … | Apr 16, 2026 |
| CVE-2026-40118 | MEDIUM | 6.3 | UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the … | Apr 16, 2026 |
| CVE-2026-22616 | MEDIUM | 6.5 | Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has … | Apr 16, 2026 |
| CVE-2026-22615 | MEDIUM | 6.0 | Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and … | Apr 16, 2026 |
| CVE-2023-5872 | MEDIUM | 4.3 | In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific … | Apr 16, 2026 |
| CVE-2023-3634 | HIGH | 8.8 | In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to … | Apr 16, 2026 |
| CVE-2026-5070 | MEDIUM | 6.4 | The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to … | Apr 16, 2026 |
| CVE-2026-4032 | MEDIUM | 6.1 | The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, … | Apr 16, 2026 |
| CVE-2026-3878 | MEDIUM | 6.4 | The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_options[icon_size]' parameter in all versions up to, and including, 2.2.9 due … | Apr 16, 2026 |
| CVE-2026-6351 | HIGH | 7.5 | MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files. | Apr 16, 2026 |
| CVE-2026-6350 | CRITICAL | 9.8 | MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code. | Apr 16, 2026 |
| CVE-2026-6349 | UNKNOWN | — | The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the … | Apr 16, 2026 |