Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13465
Total
886
Critical
3905
High
4244
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2016-20059 | HIGH | 7.8 | IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can … | Apr 04, 2026 |
| CVE-2016-20058 | HIGH | 7.8 | Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers … | Apr 04, 2026 |
| CVE-2016-20057 | HIGH | 7.8 | NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the … | Apr 04, 2026 |
| CVE-2016-20056 | HIGH | 7.8 | Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting … | Apr 04, 2026 |
| CVE-2016-20055 | HIGH | 7.8 | IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a … | Apr 04, 2026 |
| CVE-2016-20053 | MEDIUM | 5.3 | Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious … | Apr 04, 2026 |
| CVE-2016-20052 | CRITICAL | 9.8 | Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers … | Apr 04, 2026 |
| CVE-2016-20051 | MEDIUM | 5.3 | Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can … | Apr 04, 2026 |
| CVE-2016-20050 | MEDIUM | 6.2 | NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input … | Apr 04, 2026 |
| CVE-2026-3666 | HIGH | 8.8 | The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a … | Apr 04, 2026 |
| CVE-2026-3309 | MEDIUM | 6.5 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode … | Apr 04, 2026 |
| CVE-2026-2936 | HIGH | 7.2 | The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_title' parameter in all versions up to, and … | Apr 04, 2026 |
| CVE-2026-1233 | HIGH | 7.5 | The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and … | Apr 04, 2026 |
| CVE-2026-0626 | MEDIUM | 6.4 | The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting … | Apr 04, 2026 |
| CVE-2025-14938 | MEDIUM | 5.3 | The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and including, 2.0.27 via the "listeo_core_handle_dropped_media" function. … | Apr 04, 2026 |
| CVE-2026-5425 | HIGH | 7.2 | The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feed_data' parameter keys in all versions up to, … | Apr 04, 2026 |
| CVE-2026-3445 | HIGH | 7.1 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership … | Apr 04, 2026 |
| CVE-2026-2826 | MEDIUM | 4.3 | The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, … | Apr 04, 2026 |
| CVE-2026-2437 | MEDIUM | 6.4 | The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wte_trip_tax' … | Apr 04, 2026 |
| CVE-2026-4896 | HIGH | 8.1 | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all … | Apr 04, 2026 |
| CVE-2026-2600 | MEDIUM | 6.4 | The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ekit_tab_title' parameter in the Simple Tab widget in … | Apr 04, 2026 |
| CVE-2026-0738 | MEDIUM | 6.4 | The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the su_carousel shortcode in all versions up to, … | Apr 04, 2026 |
| CVE-2026-0737 | MEDIUM | 6.4 | The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This … | Apr 04, 2026 |
| CVE-2026-0664 | MEDIUM | 6.4 | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_text' parameter in all versions up to, and including, … | Apr 04, 2026 |
| CVE-2026-0552 | MEDIUM | 6.4 | The Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsc_display_product' shortcode in all versions up to, and including, … | Apr 04, 2026 |