Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20346
Total
1466
Critical
6163
High
6464
Medium
CVE ID Severity Score Description Published
CVE-2026-14449 UNKNOWN u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components Jul 02, 2026
CVE-2026-11946 HIGH 7.5 An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. … Jul 02, 2026
CVE-2025-69156 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions. Jul 02, 2026
CVE-2025-69155 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions. Jul 02, 2026
CVE-2025-69154 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions. Jul 02, 2026
CVE-2025-69153 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions. Jul 02, 2026
CVE-2025-69152 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding Photography WordPress <= 2.2.2 versions. Jul 02, 2026
CVE-2025-69134 HIGH 7.5 Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper <= 1.1.4 versions. Jul 02, 2026
CVE-2025-69133 HIGH 7.5 Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions. Jul 02, 2026
CVE-2025-69132 MEDIUM 6.5 Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions. Jul 02, 2026
CVE-2025-69094 HIGH 8.5 Subscriber SQL Injection in Unicamp <= 2.2.2 versions. Jul 02, 2026
CVE-2025-66076 MEDIUM 5.3 Unauthenticated Broken Access Control in Woostify Sites Library <= 1.6.2 versions. Jul 02, 2026
CVE-2025-58902 HIGH 8.1 Unauthenticated Local File Inclusion in Lighthouse <= 1.2.12 versions. Jul 02, 2026
CVE-2026-54431 UNKNOWN In liboauth2 the Demonstrating Proof-of-Possession (DPoP) verifier accepts a proof whose JSON Web Key (jwk) header contains private key material. RFC 9449 section 4.3 step … Jul 02, 2026
CVE-2026-54430 UNKNOWN liboauth2 is vulnerable to Server-Side Request Forgery in oauth2_jose_jwks_aws_alb_resolve() function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If … Jul 02, 2026
CVE-2026-9834 HIGH 7.2 The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all … Jul 02, 2026
CVE-2026-9188 MEDIUM 5.3 The Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to … Jul 02, 2026
CVE-2026-9145 MEDIUM 6.5 The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the create_entry_el() function in versions up … Jul 02, 2026
CVE-2026-8482 MEDIUM 4.3 A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included) There is a possible … Jul 02, 2026
CVE-2026-8441 HIGH 7.5 The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprp_load_more_revs AJAX action in versions up … Jul 02, 2026
CVE-2026-14336 HIGH 8.2 PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer.startswith(' https://ci.eclipse.org ') in is_issuer_known, pia/models.py:139) instead of validating the issuer as a … Jul 02, 2026
CVE-2026-14029 MEDIUM 6.5 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up … Jul 02, 2026
CVE-2026-13459 MEDIUM 5.3 The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is … Jul 02, 2026
CVE-2026-13369 HIGH 7.5 The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Arbitrary File Read via the attach_files() function in versions up to, and including, … Jul 02, 2026
CVE-2026-13252 MEDIUM 6.4 The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting … Jul 02, 2026