Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21003
Total
1519
Critical
6392
High
6662
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-12417 | CRITICAL | 9.8 | The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, … | Jun 24, 2026 |
| CVE-2026-12416 | CRITICAL | 9.8 | The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due … | Jun 24, 2026 |
| CVE-2026-12100 | HIGH | 7.2 | The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This … | Jun 24, 2026 |
| CVE-2026-12095 | HIGH | 7.2 | The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'api_url' parameter. This … | Jun 24, 2026 |
| CVE-2026-12094 | MEDIUM | 5.3 | The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on … | Jun 24, 2026 |
| CVE-2026-11997 | MEDIUM | 4.3 | The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing … | Jun 24, 2026 |
| CVE-2026-11370 | MEDIUM | 6.4 | The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'new_link' parameter. … | Jun 24, 2026 |
| CVE-2026-10753 | LOW | 2.7 | The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have … | Jun 24, 2026 |
| CVE-2026-10749 | HIGH | 7.2 | The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's … | Jun 24, 2026 |
| CVE-2026-10735 | HIGH | 7.5 | Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress … | Jun 24, 2026 |
| CVE-2026-10552 | MEDIUM | 4.3 | The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or … | Jun 24, 2026 |
| CVE-2026-10531 | MEDIUM | 5.4 | The AI Share & Summarize WordPress plugin before 2.0.4 does not sanitise and escape some of its shortcode attributes before outputting them in a page, … | Jun 24, 2026 |
| CVE-2026-10092 | HIGH | 7.2 | The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cincopa Shortcode in Post Comments in all versions up … | Jun 24, 2026 |
| CVE-2026-10091 | HIGH | 7.2 | The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up to, and including, … | Jun 24, 2026 |
| CVE-2026-9539 | MEDIUM | 6.5 | An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments (e.g., … | Jun 24, 2026 |
| CVE-2026-12851 | CRITICAL | 9.1 | Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command … | Jun 24, 2026 |
| CVE-2026-12850 | CRITICAL | 9.1 | Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command … | Jun 24, 2026 |
| CVE-2026-12849 | CRITICAL | 9.1 | Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command … | Jun 24, 2026 |
| CVE-2026-12848 | CRITICAL | 10.0 | GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is … | Jun 24, 2026 |
| CVE-2026-12847 | CRITICAL | 10.0 | GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is … | Jun 24, 2026 |
| CVE-2026-12846 | CRITICAL | 10.0 | GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is … | Jun 24, 2026 |
| CVE-2026-12488 | MEDIUM | 6.2 | A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of … | Jun 24, 2026 |
| CVE-2026-12486 | CRITICAL | 9.1 | Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command … | Jun 24, 2026 |
| CVE-2026-12485 | CRITICAL | 10.0 | GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is … | Jun 24, 2026 |
| CVE-2026-3652 | HIGH | 7.2 | The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value` parameter of the `arf_save_incomplete_form_data` AJAX action in all versions up to, … | Jun 24, 2026 |