Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23272
Total
1655
Critical
7315
High
7384
Medium
CVE ID Severity Score Description Published
CVE-2026-15290 HIGH 7.5 The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via … Jul 10, 2026
CVE-2026-15289 MEDIUM 5.9 The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevart_id’ parameter in all versions up to, and … Jul 10, 2026
CVE-2026-15288 HIGH 7.5 The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and … Jul 10, 2026
CVE-2026-15287 MEDIUM 6.5 The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to time-based SQL Injection via the order_by parameter in all versions up to, … Jul 10, 2026
CVE-2026-15286 MEDIUM 4.3 The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up … Jul 10, 2026
CVE-2026-15285 MEDIUM 6.4 The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated (Contributor+) Stored Cross-Site Scripting via the Button widget's `custom_attributes` setting in versions up … Jul 10, 2026
CVE-2026-15284 MEDIUM 6.4 The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_page_id' parameter in versions up to, and including, 51.1.62 … Jul 10, 2026
CVE-2026-15283 MEDIUM 4.4 The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 … Jul 10, 2026
CVE-2026-15282 CRITICAL 9.8 The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insapp_upload_image_as_attachment' function in all versions … Jul 10, 2026
CVE-2026-5069 MEDIUM 5.4 The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscription_id' parameter in versions up to, and including, 6.2.1. This is due … Jul 10, 2026
CVE-2026-54423 HIGH 8.2 In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step … Jul 10, 2026
CVE-2026-44918 MEDIUM 5.5 OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization. Jul 10, 2026
CVE-2026-15329 MEDIUM 4.3 A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function BrowserTool._do_navigate of the file agent/tools/browser/browser_tool.py of the component Browser Tool. … Jul 10, 2026
CVE-2026-15326 LOW 3.8 A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such … Jul 10, 2026
CVE-2026-15321 LOW 2.4 A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function on_post of the file myems-api/core/svg.py of the component Admin Backend. … Jul 10, 2026
CVE-2026-15070 HIGH 8.8 The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This … Jul 10, 2026
CVE-2026-14894 CRITICAL 9.8 The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, … Jul 10, 2026
CVE-2026-13430 HIGH 7.2 The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the … Jul 10, 2026
CVE-2026-11818 MEDIUM 5.4 The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, … Jul 10, 2026
CVE-2026-11392 MEDIUM 6.1 The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'check_in_date' and 'check_out_date' parameters in all versions up to, and … Jul 10, 2026
CVE-2026-15320 MEDIUM 5.4 A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the … Jul 10, 2026
CVE-2026-15319 HIGH 7.3 A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/access_control.go of the component Launcher. … Jul 10, 2026
CVE-2026-15318 MEDIUM 6.3 A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the … Jul 10, 2026
CVE-2026-55616 UNKNOWN Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-49757. Reason: This candidate is a duplicate of CVE-2026-49757. Notes: All CVE users … Jul 10, 2026
CVE-2026-55615 UNKNOWN Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, … Jul 10, 2026