Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22832
Total
1629
Critical
7118
High
7284
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-13010 | MEDIUM | 6.5 | The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Injection via 'event' Shortcode Attribute … | Jul 10, 2026 |
| CVE-2026-12918 | MEDIUM | 4.9 | The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter … | Jul 10, 2026 |
| CVE-2026-11990 | MEDIUM | 5.3 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. … | Jul 10, 2026 |
| CVE-2026-9838 | MEDIUM | 6.1 | The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due … | Jul 10, 2026 |
| CVE-2026-6802 | MEDIUM | 5.3 | The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due … | Jul 10, 2026 |
| CVE-2026-6440 | MEDIUM | 4.3 | The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to … | Jul 10, 2026 |
| CVE-2026-3907 | MEDIUM | 6.4 | The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is … | Jul 10, 2026 |
| CVE-2026-1946 | MEDIUM | 4.3 | The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gwaiwebu_gravitywrite_disconnect_handler() function … | Jul 10, 2026 |
| CVE-2026-15104 | MEDIUM | 6.5 | The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter … | Jul 10, 2026 |
| CVE-2026-15026 | MEDIUM | 4.3 | The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via … | Jul 10, 2026 |
| CVE-2026-14475 | MEDIUM | 4.9 | The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scan_id' parameter in … | Jul 10, 2026 |
| CVE-2026-12955 | MEDIUM | 4.3 | The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on … | Jul 10, 2026 |
| CVE-2026-12924 | MEDIUM | 6.4 | The Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etn_faq_content' parameter … | Jul 10, 2026 |
| CVE-2026-12400 | MEDIUM | 4.3 | The FlowForms – Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.1 via … | Jul 10, 2026 |
| CVE-2026-12108 | MEDIUM | 4.4 | The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due … | Jul 10, 2026 |
| CVE-2026-11992 | MEDIUM | 4.3 | The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin … | Jul 10, 2026 |
| CVE-2025-11977 | MEDIUM | 6.6 | The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File … | Jul 10, 2026 |
| CVE-2026-40454 | HIGH | 7.5 | Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server … | Jul 10, 2026 |
| CVE-2026-40452 | HIGH | 7.5 | Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: … | Jul 10, 2026 |
| CVE-2026-40009 | MEDIUM | 6.5 | Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor. This issue … | Jul 10, 2026 |
| CVE-2026-40008 | CRITICAL | 9.8 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name … | Jul 10, 2026 |
| CVE-2026-40007 | HIGH | 7.5 | Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the … | Jul 10, 2026 |
| CVE-2026-40006 | HIGH | 7.5 | Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=true, the … | Jul 10, 2026 |
| CVE-2026-40005 | CRITICAL | 9.1 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process … | Jul 10, 2026 |
| CVE-2026-28564 | CRITICAL | 9.8 | Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 … | Jul 10, 2026 |