Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21003
Total
1519
Critical
6392
High
6662
Medium
CVE ID Severity Score Description Published
CVE-2026-12417 CRITICAL 9.8 The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, … Jun 24, 2026
CVE-2026-12416 CRITICAL 9.8 The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due … Jun 24, 2026
CVE-2026-12100 HIGH 7.2 The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This … Jun 24, 2026
CVE-2026-12095 HIGH 7.2 The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'api_url' parameter. This … Jun 24, 2026
CVE-2026-12094 MEDIUM 5.3 The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on … Jun 24, 2026
CVE-2026-11997 MEDIUM 4.3 The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing … Jun 24, 2026
CVE-2026-11370 MEDIUM 6.4 The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'new_link' parameter. … Jun 24, 2026
CVE-2026-10753 LOW 2.7 The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have … Jun 24, 2026
CVE-2026-10749 HIGH 7.2 The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's … Jun 24, 2026
CVE-2026-10735 HIGH 7.5 Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress … Jun 24, 2026
CVE-2026-10552 MEDIUM 4.3 The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or … Jun 24, 2026
CVE-2026-10531 MEDIUM 5.4 The AI Share & Summarize WordPress plugin before 2.0.4 does not sanitise and escape some of its shortcode attributes before outputting them in a page, … Jun 24, 2026
CVE-2026-10092 HIGH 7.2 The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cincopa Shortcode in Post Comments in all versions up … Jun 24, 2026
CVE-2026-10091 HIGH 7.2 The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up to, and including, … Jun 24, 2026
CVE-2026-9539 MEDIUM 6.5 An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments (e.g., … Jun 24, 2026
CVE-2026-12851 CRITICAL 9.1 Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command … Jun 24, 2026
CVE-2026-12850 CRITICAL 9.1 Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command … Jun 24, 2026
CVE-2026-12849 CRITICAL 9.1 Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command … Jun 24, 2026
CVE-2026-12848 CRITICAL 10.0 GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is … Jun 24, 2026
CVE-2026-12847 CRITICAL 10.0 GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is … Jun 24, 2026
CVE-2026-12846 CRITICAL 10.0 GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is … Jun 24, 2026
CVE-2026-12488 MEDIUM 6.2 A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of … Jun 24, 2026
CVE-2026-12486 CRITICAL 9.1 Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command … Jun 24, 2026
CVE-2026-12485 CRITICAL 10.0 GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is … Jun 24, 2026
CVE-2026-3652 HIGH 7.2 The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value` parameter of the `arf_save_incomplete_form_data` AJAX action in all versions up to, … Jun 24, 2026