Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21148
Total
1520
Critical
6441
High
6722
Medium
CVE ID Severity Score Description Published
CVE-2026-11997 MEDIUM 4.3 The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing … Jun 24, 2026
CVE-2026-11370 MEDIUM 6.4 The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'new_link' parameter. … Jun 24, 2026
CVE-2026-10753 LOW 2.7 The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have … Jun 24, 2026
CVE-2026-10749 HIGH 7.2 The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's … Jun 24, 2026
CVE-2026-10735 HIGH 7.5 Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress … Jun 24, 2026
CVE-2026-10552 MEDIUM 4.3 The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or … Jun 24, 2026
CVE-2026-10531 MEDIUM 5.4 The AI Share & Summarize WordPress plugin before 2.0.4 does not sanitise and escape some of its shortcode attributes before outputting them in a page, … Jun 24, 2026
CVE-2026-10092 HIGH 7.2 The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cincopa Shortcode in Post Comments in all versions up … Jun 24, 2026
CVE-2026-10091 HIGH 7.2 The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up to, and including, … Jun 24, 2026
CVE-2026-9539 MEDIUM 6.5 An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments (e.g., … Jun 24, 2026
CVE-2026-12851 CRITICAL 9.1 Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command … Jun 24, 2026
CVE-2026-12850 CRITICAL 9.1 Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command … Jun 24, 2026
CVE-2026-12849 CRITICAL 9.1 Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command … Jun 24, 2026
CVE-2026-12848 CRITICAL 10.0 GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is … Jun 24, 2026
CVE-2026-12847 CRITICAL 10.0 GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is … Jun 24, 2026
CVE-2026-12846 CRITICAL 10.0 GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is … Jun 24, 2026
CVE-2026-12488 MEDIUM 6.2 A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of … Jun 24, 2026
CVE-2026-12486 CRITICAL 9.1 Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command … Jun 24, 2026
CVE-2026-12485 CRITICAL 10.0 GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is … Jun 24, 2026
CVE-2026-3652 HIGH 7.2 The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value` parameter of the `arf_save_incomplete_form_data` AJAX action in all versions up to, … Jun 24, 2026
CVE-2026-11614 MEDIUM 6.4 The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attributes' parameter in all versions up … Jun 24, 2026
CVE-2026-12681 UNKNOWN Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList() does not advance the buffer past vendor bytes before reading … Jun 24, 2026
CVE-2026-54639 HIGH 8.8 Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users … Jun 24, 2026
CVE-2026-7574 HIGH 8.7 Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0) validates only file presence and a version marker … Jun 24, 2026
CVE-2026-6458 UNKNOWN Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty … Jun 24, 2026