Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23287
Total
1655
Critical
7324
High
7394
Medium
CVE ID Severity Score Description Published
CVE-2026-12433 MEDIUM 4.3 The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, … Jul 09, 2026
CVE-2026-8996 MEDIUM 6.5 The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 … Jul 09, 2026
CVE-2026-8848 HIGH 7.2 The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder plugin for WordPress is vulnerable to authorization bypass in all … Jul 09, 2026
CVE-2026-7558 MEDIUM 5.3 The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to unauthorized access in all versions up to and including … Jul 09, 2026
CVE-2026-6910 MEDIUM 6.4 The Bookero.pl – system rezerwacji online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `bookero_products` shortcode's `hide_products` (and `filter_products`) attributes in versions … Jul 09, 2026
CVE-2026-59269 LOW 3.8 A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were … Jul 09, 2026
CVE-2026-57111 HIGH 7.5 Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.rest.server.filters.CORSFilter) in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a … Jul 09, 2026
CVE-2026-4653 MEDIUM 6.4 The Block, Suspend, Report for BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter in versions up to and including … Jul 09, 2026
CVE-2026-33390 HIGH 8.1 An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can … Jul 09, 2026
CVE-2026-31985 HIGH 8.1 When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was … Jul 09, 2026
CVE-2026-31984 HIGH 7.5 A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into … Jul 09, 2026
CVE-2026-31983 MEDIUM 5.3 A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint … Jul 09, 2026
CVE-2026-31982 HIGH 7.1 An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can … Jul 09, 2026
CVE-2026-31981 MEDIUM 5.9 A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An … Jul 09, 2026
CVE-2026-15000 HIGH 7.2 The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Mailchimp Merge Field Values in all versions up … Jul 09, 2026
CVE-2026-14343 MEDIUM 6.4 The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'note_before' and 'note_after' Shortcode Attributes in all versions up to, and including, … Jul 09, 2026
CVE-2026-14342 MEDIUM 4.9 The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contact_ids' parameter … Jul 09, 2026
CVE-2026-14245 CRITICAL 9.8 The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up … Jul 09, 2026
CVE-2026-13771 MEDIUM 6.4 The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'color' Shortcode Attribute in all versions up to, and including, … Jul 09, 2026
CVE-2026-13450 MEDIUM 5.3 The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in … Jul 09, 2026
CVE-2026-13334 MEDIUM 6.1 The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'stag' parameter in all versions up to, and including, 2.3.4 … Jul 09, 2026
CVE-2026-13253 MEDIUM 6.4 The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'moreResultsText' block attribute of the ultimate-post/advanced-search block in versions up to … Jul 09, 2026
CVE-2026-13080 MEDIUM 6.6 The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Local File Inclusion in all versions … Jul 09, 2026
CVE-2026-13011 MEDIUM 6.5 The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the … Jul 09, 2026
CVE-2026-12418 MEDIUM 5.3 The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in … Jul 09, 2026