Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22874
Total
1630
Critical
7150
High
7293
Medium
CVE ID Severity Score Description Published
CVE-2026-15292 MEDIUM 6.4 The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, … Jul 10, 2026
CVE-2026-15291 HIGH 7.5 The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and … Jul 10, 2026
CVE-2026-15290 HIGH 7.5 The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via … Jul 10, 2026
CVE-2026-15289 MEDIUM 5.9 The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevart_id’ parameter in all versions up to, and … Jul 10, 2026
CVE-2026-15288 HIGH 7.5 The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and … Jul 10, 2026
CVE-2026-15287 MEDIUM 6.5 The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to time-based SQL Injection via the order_by parameter in all versions up to, … Jul 10, 2026
CVE-2026-15286 MEDIUM 4.3 The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up … Jul 10, 2026
CVE-2026-15285 MEDIUM 6.4 The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated (Contributor+) Stored Cross-Site Scripting via the Button widget's `custom_attributes` setting in versions up … Jul 10, 2026
CVE-2026-15284 MEDIUM 6.4 The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_page_id' parameter in versions up to, and including, 51.1.62 … Jul 10, 2026
CVE-2026-15283 MEDIUM 4.4 The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 … Jul 10, 2026
CVE-2026-15282 CRITICAL 9.8 The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insapp_upload_image_as_attachment' function in all versions … Jul 10, 2026
CVE-2026-5069 MEDIUM 5.4 The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscription_id' parameter in versions up to, and including, 6.2.1. This is due … Jul 10, 2026
CVE-2026-54423 HIGH 8.2 In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step … Jul 10, 2026
CVE-2026-44918 MEDIUM 5.5 OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization. Jul 10, 2026
CVE-2026-15329 MEDIUM 4.3 A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function BrowserTool._do_navigate of the file agent/tools/browser/browser_tool.py of the component Browser Tool. … Jul 10, 2026
CVE-2026-15326 LOW 3.8 A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such … Jul 10, 2026
CVE-2026-15321 LOW 2.4 A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function on_post of the file myems-api/core/svg.py of the component Admin Backend. … Jul 10, 2026
CVE-2026-15070 HIGH 8.8 The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This … Jul 10, 2026
CVE-2026-14894 CRITICAL 9.8 The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, … Jul 10, 2026
CVE-2026-13430 HIGH 7.2 The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the … Jul 10, 2026
CVE-2026-11818 MEDIUM 5.4 The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, … Jul 10, 2026
CVE-2026-11392 MEDIUM 6.1 The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'check_in_date' and 'check_out_date' parameters in all versions up to, and … Jul 10, 2026
CVE-2026-15320 MEDIUM 5.4 A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the … Jul 10, 2026
CVE-2026-15319 HIGH 7.3 A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/access_control.go of the component Launcher. … Jul 10, 2026
CVE-2026-15318 MEDIUM 6.3 A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the … Jul 10, 2026