Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7606 | LOW | 3.7 | A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of … | May 02, 2026 |
| CVE-2026-6457 | MEDIUM | 6.5 | The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo_mashup_null_fields' parameter in all versions up to, and including, 1.13.19 … | May 02, 2026 |
| CVE-2026-6449 | MEDIUM | 5.3 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. … | May 02, 2026 |
| CVE-2026-6229 | HIGH | 7.2 | The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient … | May 02, 2026 |
| CVE-2026-4650 | MEDIUM | 5.3 | The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing … | May 02, 2026 |
| CVE-2026-2052 | HIGH | 8.8 | The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions … | May 02, 2026 |
| CVE-2026-7605 | MEDIUM | 6.3 | A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component uploadImgByHttpEndpoint. … | May 02, 2026 |
| CVE-2026-43058 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix pass-by-value structs causing MSAN warnings vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into() take their argument structs … | May 02, 2026 |
| CVE-2026-7647 | HIGH | 8.1 | The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to … | May 02, 2026 |
| CVE-2026-7049 | HIGH | 7.2 | The PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, … | May 02, 2026 |
| CVE-2026-6916 | MEDIUM | 6.4 | The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … | May 02, 2026 |
| CVE-2026-6812 | MEDIUM | 4.4 | The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the ona_activate_child_theme. This makes it … | May 02, 2026 |
| CVE-2026-6447 | MEDIUM | 4.4 | The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, … | May 02, 2026 |
| CVE-2026-5113 | HIGH | 7.2 | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This … | May 02, 2026 |
| CVE-2026-5112 | HIGH | 7.2 | The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient … | May 02, 2026 |
| CVE-2026-5111 | HIGH | 7.2 | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input … | May 02, 2026 |
| CVE-2026-5110 | HIGH | 7.2 | The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient … | May 02, 2026 |
| CVE-2026-5109 | HIGH | 7.2 | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation … | May 02, 2026 |
| CVE-2026-7641 | HIGH | 8.8 | The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the … | May 02, 2026 |
| CVE-2026-7604 | MEDIUM | 6.3 | A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Such manipulation … | May 02, 2026 |
| CVE-2026-7603 | MEDIUM | 6.3 | A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile … | May 02, 2026 |
| CVE-2026-7458 | CRITICAL | 9.8 | The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to … | May 02, 2026 |
| CVE-2026-6963 | HIGH | 8.8 | The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmg_save_provider_config AJAX action in all … | May 02, 2026 |
| CVE-2026-6446 | MEDIUM | 5.4 | The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.0.4 … | May 02, 2026 |
| CVE-2026-4882 | CRITICAL | 9.8 | The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in … | May 02, 2026 |