Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22874
Total
1630
Critical
7150
High
7293
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-15292 | MEDIUM | 6.4 | The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, … | Jul 10, 2026 |
| CVE-2026-15291 | HIGH | 7.5 | The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and … | Jul 10, 2026 |
| CVE-2026-15290 | HIGH | 7.5 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via … | Jul 10, 2026 |
| CVE-2026-15289 | MEDIUM | 5.9 | The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevart_id’ parameter in all versions up to, and … | Jul 10, 2026 |
| CVE-2026-15288 | HIGH | 7.5 | The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and … | Jul 10, 2026 |
| CVE-2026-15287 | MEDIUM | 6.5 | The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to time-based SQL Injection via the order_by parameter in all versions up to, … | Jul 10, 2026 |
| CVE-2026-15286 | MEDIUM | 4.3 | The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up … | Jul 10, 2026 |
| CVE-2026-15285 | MEDIUM | 6.4 | The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated (Contributor+) Stored Cross-Site Scripting via the Button widget's `custom_attributes` setting in versions up … | Jul 10, 2026 |
| CVE-2026-15284 | MEDIUM | 6.4 | The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_page_id' parameter in versions up to, and including, 51.1.62 … | Jul 10, 2026 |
| CVE-2026-15283 | MEDIUM | 4.4 | The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 … | Jul 10, 2026 |
| CVE-2026-15282 | CRITICAL | 9.8 | The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insapp_upload_image_as_attachment' function in all versions … | Jul 10, 2026 |
| CVE-2026-5069 | MEDIUM | 5.4 | The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscription_id' parameter in versions up to, and including, 6.2.1. This is due … | Jul 10, 2026 |
| CVE-2026-54423 | HIGH | 8.2 | In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step … | Jul 10, 2026 |
| CVE-2026-44918 | MEDIUM | 5.5 | OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization. | Jul 10, 2026 |
| CVE-2026-15329 | MEDIUM | 4.3 | A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function BrowserTool._do_navigate of the file agent/tools/browser/browser_tool.py of the component Browser Tool. … | Jul 10, 2026 |
| CVE-2026-15326 | LOW | 3.8 | A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such … | Jul 10, 2026 |
| CVE-2026-15321 | LOW | 2.4 | A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function on_post of the file myems-api/core/svg.py of the component Admin Backend. … | Jul 10, 2026 |
| CVE-2026-15070 | HIGH | 8.8 | The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This … | Jul 10, 2026 |
| CVE-2026-14894 | CRITICAL | 9.8 | The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, … | Jul 10, 2026 |
| CVE-2026-13430 | HIGH | 7.2 | The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the … | Jul 10, 2026 |
| CVE-2026-11818 | MEDIUM | 5.4 | The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, … | Jul 10, 2026 |
| CVE-2026-11392 | MEDIUM | 6.1 | The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'check_in_date' and 'check_out_date' parameters in all versions up to, and … | Jul 10, 2026 |
| CVE-2026-15320 | MEDIUM | 5.4 | A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the … | Jul 10, 2026 |
| CVE-2026-15319 | HIGH | 7.3 | A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/access_control.go of the component Launcher. … | Jul 10, 2026 |
| CVE-2026-15318 | MEDIUM | 6.3 | A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the … | Jul 10, 2026 |