Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21880
Total
1559
Critical
6647
High
6994
Medium
CVE ID Severity Score Description Published
CVE-2022-50972 CRITICAL 9.8 WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Attackers … Jun 20, 2026
CVE-2020-37255 HIGH 7.5 WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with … Jun 20, 2026
CVE-2019-25763 CRITICAL 9.8 WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login … Jun 20, 2026
CVE-2026-48939 UNKNOWN A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload … Jun 20, 2026
CVE-2026-48909 UNKNOWN SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server. Jun 20, 2026
CVE-2026-48908 UNKNOWN A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary files for unauthenticated users, ultimately resulting in PHP code upload and … Jun 20, 2026
CVE-2026-12119 MEDIUM 6.5 The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' shortcode attribute in … Jun 20, 2026
CVE-2026-11912 HIGH 7.5 The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, … Jun 20, 2026
CVE-2026-11911 HIGH 7.5 The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the eeSFL_DeleteFile function in all … Jun 20, 2026
CVE-2026-9843 HIGH 8.1 The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in … Jun 20, 2026
CVE-2026-9265 UNKNOWN Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_attribute() copies a UTF8STRING ASN.1 attribute value into a heap … Jun 20, 2026
CVE-2026-56216 HIGH 8.8 Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-limited API keys to mint unrestricted keys by setting empty … Jun 20, 2026
CVE-2026-56215 HIGH 8.3 Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers … Jun 20, 2026
CVE-2026-56214 HIGH 7.5 Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints is_trial_org and is_paying_org that allows unauthenticated attackers to enumerate organizations and disclose … Jun 20, 2026
CVE-2026-56213 MEDIUM 5.3 Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsert_version_meta SECURITY DEFINER function exposed via PostgREST RPC, allowing unauthenticated attackers to insert arbitrary rows … Jun 20, 2026
CVE-2026-56212 LOW 3.8 Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable mandatory two-factor authentication for … Jun 20, 2026
CVE-2026-11551 CRITICAL 9.8 The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is due to … Jun 20, 2026
CVE-2026-56082 HIGH 7.5 Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.record_build_time, which is granted to the anon role … Jun 19, 2026
CVE-2026-56081 CRITICAL 9.1 Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email address before that … Jun 19, 2026
CVE-2026-56080 MEDIUM 4.9 Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to … Jun 19, 2026
CVE-2026-56079 MEDIUM 6.5 Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to access other tenants' webhook secrets and … Jun 19, 2026
CVE-2026-56073 CRITICAL 9.4 Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept … Jun 19, 2026
CVE-2026-50559 HIGH 7.5 Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies … Jun 19, 2026
CVE-2026-50519 MEDIUM 6.5 Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network. Jun 19, 2026
CVE-2026-49346 HIGH 7.1 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit … Jun 19, 2026