Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22832
Total
1629
Critical
7118
High
7284
Medium
CVE ID Severity Score Description Published
CVE-2026-13010 MEDIUM 6.5 The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Injection via 'event' Shortcode Attribute … Jul 10, 2026
CVE-2026-12918 MEDIUM 4.9 The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter … Jul 10, 2026
CVE-2026-11990 MEDIUM 5.3 The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. … Jul 10, 2026
CVE-2026-9838 MEDIUM 6.1 The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due … Jul 10, 2026
CVE-2026-6802 MEDIUM 5.3 The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due … Jul 10, 2026
CVE-2026-6440 MEDIUM 4.3 The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to … Jul 10, 2026
CVE-2026-3907 MEDIUM 6.4 The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is … Jul 10, 2026
CVE-2026-1946 MEDIUM 4.3 The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gwaiwebu_gravitywrite_disconnect_handler() function … Jul 10, 2026
CVE-2026-15104 MEDIUM 6.5 The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter … Jul 10, 2026
CVE-2026-15026 MEDIUM 4.3 The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via … Jul 10, 2026
CVE-2026-14475 MEDIUM 4.9 The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scan_id' parameter in … Jul 10, 2026
CVE-2026-12955 MEDIUM 4.3 The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on … Jul 10, 2026
CVE-2026-12924 MEDIUM 6.4 The Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etn_faq_content' parameter … Jul 10, 2026
CVE-2026-12400 MEDIUM 4.3 The FlowForms – Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.1 via … Jul 10, 2026
CVE-2026-12108 MEDIUM 4.4 The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due … Jul 10, 2026
CVE-2026-11992 MEDIUM 4.3 The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin … Jul 10, 2026
CVE-2025-11977 MEDIUM 6.6 The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File … Jul 10, 2026
CVE-2026-40454 HIGH 7.5 Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server … Jul 10, 2026
CVE-2026-40452 HIGH 7.5 Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: … Jul 10, 2026
CVE-2026-40009 MEDIUM 6.5 Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor. This issue … Jul 10, 2026
CVE-2026-40008 CRITICAL 9.8 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name … Jul 10, 2026
CVE-2026-40007 HIGH 7.5 Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the … Jul 10, 2026
CVE-2026-40006 HIGH 7.5 Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=true, the … Jul 10, 2026
CVE-2026-40005 CRITICAL 9.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process … Jul 10, 2026
CVE-2026-28564 CRITICAL 9.8 Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 … Jul 10, 2026