Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21903
Total
1562
Critical
6654
High
7000
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5416 | HIGH | 8.8 | Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in … | Jun 16, 2026 |
| CVE-2026-54198 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions. | Jun 16, 2026 |
| CVE-2026-54197 | MEDIUM | 6.5 | Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions. | Jun 16, 2026 |
| CVE-2026-54191 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions. | Jun 16, 2026 |
| CVE-2026-54190 | MEDIUM | 6.5 | Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions. | Jun 16, 2026 |
| CVE-2026-52715 | CRITICAL | 9.3 | Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions. | Jun 16, 2026 |
| CVE-2026-52714 | MEDIUM | 5.9 | Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions. | Jun 16, 2026 |
| CVE-2026-52712 | HIGH | 7.6 | Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions. | Jun 16, 2026 |
| CVE-2026-52711 | HIGH | 7.5 | Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions. | Jun 16, 2026 |
| CVE-2026-49774 | CRITICAL | 9.9 | Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a … | Jun 16, 2026 |
| CVE-2026-49772 | CRITICAL | 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. … | Jun 16, 2026 |
| CVE-2026-40809 | MEDIUM | 6.5 | Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1. | Jun 16, 2026 |
| CVE-2026-39581 | HIGH | 8.5 | Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions. | Jun 16, 2026 |
| CVE-2026-39574 | CRITICAL | 9.3 | Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions. | Jun 16, 2026 |
| CVE-2026-39490 | HIGH | 7.5 | Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions. | Jun 16, 2026 |
| CVE-2026-39437 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions. | Jun 16, 2026 |
| CVE-2026-2381 | MEDIUM | 6.5 | The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_pay_for_order()` function … | Jun 16, 2026 |
| CVE-2026-10825 | UNKNOWN | — | A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially … | Jun 16, 2026 |
| CVE-2025-68045 | HIGH | 7.5 | Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions. | Jun 16, 2026 |
| CVE-2026-8444 | HIGH | 8.8 | The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up … | Jun 16, 2026 |
| CVE-2026-46331 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range … | Jun 16, 2026 |
| CVE-2026-10093 | MEDIUM | 6.4 | The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr_ttl' parameter in all … | Jun 16, 2026 |
| CVE-2025-9912 | MEDIUM | 6.3 | Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands … | Jun 16, 2026 |
| CVE-2026-9187 | MEDIUM | 5.3 | The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due … | Jun 16, 2026 |
| CVE-2026-8443 | HIGH | 8.8 | The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data AJAX action in … | Jun 16, 2026 |