Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22874
Total
1630
Critical
7150
High
7293
Medium
CVE ID Severity Score Description Published
CVE-2026-15104 MEDIUM 6.5 The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter … Jul 10, 2026
CVE-2026-15026 MEDIUM 4.3 The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via … Jul 10, 2026
CVE-2026-14475 MEDIUM 4.9 The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scan_id' parameter in … Jul 10, 2026
CVE-2026-12955 MEDIUM 4.3 The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on … Jul 10, 2026
CVE-2026-12924 MEDIUM 6.4 The Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etn_faq_content' parameter … Jul 10, 2026
CVE-2026-12400 MEDIUM 4.3 The FlowForms – Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.1 via … Jul 10, 2026
CVE-2026-12108 MEDIUM 4.4 The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due … Jul 10, 2026
CVE-2026-11992 MEDIUM 4.3 The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin … Jul 10, 2026
CVE-2025-11977 MEDIUM 6.6 The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File … Jul 10, 2026
CVE-2026-40454 HIGH 7.5 Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server … Jul 10, 2026
CVE-2026-40452 HIGH 7.5 Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: … Jul 10, 2026
CVE-2026-40009 MEDIUM 6.5 Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor. This issue … Jul 10, 2026
CVE-2026-40008 CRITICAL 9.8 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name … Jul 10, 2026
CVE-2026-40007 HIGH 7.5 Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the … Jul 10, 2026
CVE-2026-40006 HIGH 7.5 Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=true, the … Jul 10, 2026
CVE-2026-40005 CRITICAL 9.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process … Jul 10, 2026
CVE-2026-28564 CRITICAL 9.8 Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 … Jul 10, 2026
CVE-2026-13347 HIGH 7.5 The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the he_wrapper_js and … Jul 10, 2026
CVE-2026-12685 HIGH 7.5 The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key … Jul 10, 2026
CVE-2026-12276 MEDIUM 5.3 The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account … Jul 10, 2026
CVE-2026-12123 MEDIUM 6.4 The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. … Jul 10, 2026
CVE-2026-21057 UNKNOWN Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory. Jul 10, 2026
CVE-2026-21056 UNKNOWN Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information. Jul 10, 2026
CVE-2026-21055 UNKNOWN Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege. Jul 10, 2026
CVE-2026-21054 UNKNOWN Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data. Jul 10, 2026