Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-2554 | HIGH | 8.1 | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all … | May 02, 2026 |
| CVE-2026-0703 | MEDIUM | 6.4 | The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwcty_current_date' shortcode in all … | May 02, 2026 |
| CVE-2026-7628 | MEDIUM | 6.3 | A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command … | May 02, 2026 |
| CVE-2026-6817 | MEDIUM | 5.8 | The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate_reason' parameter in all versions up to, and including, … | May 02, 2026 |
| CVE-2026-6525 | MEDIUM | 5.5 | IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 | May 02, 2026 |
| CVE-2026-6320 | HIGH | 7.5 | The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is … | May 02, 2026 |
| CVE-2026-4790 | MEDIUM | 5.4 | The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_svg' parameter in … | May 02, 2026 |
| CVE-2026-4100 | HIGH | 7.1 | The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, … | May 02, 2026 |
| CVE-2026-4062 | HIGH | 7.5 | The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_ids' parameters in all versions up to, and including, … | May 02, 2026 |
| CVE-2026-4061 | HIGH | 7.5 | The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This … | May 02, 2026 |
| CVE-2026-4060 | HIGH | 7.5 | The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This … | May 02, 2026 |
| CVE-2026-7627 | MEDIUM | 6.3 | A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync_ea_from_file. Such … | May 02, 2026 |
| CVE-2026-7612 | MEDIUM | 4.7 | A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edit_user.php. Executing a manipulation of the argument … | May 02, 2026 |
| CVE-2026-7611 | LOW | 3.7 | A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. … | May 02, 2026 |
| CVE-2026-7610 | LOW | 3.7 | A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation … | May 02, 2026 |
| CVE-2026-7609 | MEDIUM | 6.3 | A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component … | May 02, 2026 |
| CVE-2026-7491 | HIGH | 8.1 | School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify … | May 02, 2026 |
| CVE-2026-7490 | HIGH | 7.2 | CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling … | May 02, 2026 |
| CVE-2026-7489 | HIGH | 8.8 | CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | May 02, 2026 |
| CVE-2026-5077 | MEDIUM | 5.4 | The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output … | May 02, 2026 |
| CVE-2026-7608 | MEDIUM | 5.5 | A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The … | May 02, 2026 |
| CVE-2026-5324 | HIGH | 7.2 | The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is … | May 02, 2026 |
| CVE-2026-4024 | MEDIUM | 5.3 | The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wpr_update_form_action_meta` AJAX … | May 02, 2026 |
| CVE-2026-7649 | HIGH | 7.5 | The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via … | May 02, 2026 |
| CVE-2026-7607 | HIGH | 8.8 | A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument … | May 02, 2026 |