Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22971
Total
1632
Critical
7220
High
7324
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41972 | MEDIUM | 5.4 | Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability. | Jun 09, 2026 |
| CVE-2025-62858 | UNKNOWN | — | A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then … | Jun 09, 2026 |
| CVE-2026-8981 | LOW | 3.5 | The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_html capability across all paths that write to its block template code … | Jun 09, 2026 |
| CVE-2026-5067 | CRITICAL | 9.8 | A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser … | Jun 09, 2026 |
| CVE-2026-4986 | MEDIUM | 5.3 | The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook … | Jun 09, 2026 |
| CVE-2026-41539 | UNKNOWN | — | A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass … | Jun 09, 2026 |
| CVE-2026-11572 | HIGH | 8.8 | Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for … | Jun 09, 2026 |
| CVE-2026-9662 | HIGH | 8.1 | The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due … | Jun 09, 2026 |
| CVE-2026-9185 | HIGH | 7.5 | The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the `userId` … | Jun 09, 2026 |
| CVE-2026-8977 | MEDIUM | 6.4 | The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninja_gdpr_ajax_actions' AJAX action in versions up to, and including, … | Jun 09, 2026 |
| CVE-2026-8940 | MEDIUM | 4.3 | The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due … | Jun 09, 2026 |
| CVE-2026-8910 | MEDIUM | 6.1 | The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to … | Jun 09, 2026 |
| CVE-2026-8909 | MEDIUM | 4.3 | The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or … | Jun 09, 2026 |
| CVE-2026-8907 | MEDIUM | 6.1 | The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation … | Jun 09, 2026 |
| CVE-2026-8904 | MEDIUM | 4.3 | The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all … | Jun 09, 2026 |
| CVE-2026-8902 | MEDIUM | 4.3 | The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to … | Jun 09, 2026 |
| CVE-2026-8895 | MEDIUM | 6.4 | The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, … | Jun 09, 2026 |
| CVE-2026-8883 | MEDIUM | 6.4 | The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, … | Jun 09, 2026 |
| CVE-2026-8882 | MEDIUM | 6.4 | The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 … | Jun 09, 2026 |
| CVE-2026-8880 | MEDIUM | 6.4 | The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute (and other attributes) of the romancart_button shortcode in versions … | Jun 09, 2026 |
| CVE-2026-8841 | MEDIUM | 6.4 | The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and … | Jun 09, 2026 |
| CVE-2026-8499 | MEDIUM | 5.3 | The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is … | Jun 09, 2026 |
| CVE-2026-7662 | MEDIUM | 6.4 | The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the `epaperflip_embed` shortcode in all versions up to, … | Jun 09, 2026 |
| CVE-2026-41980 | MEDIUM | 5.5 | Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Jun 09, 2026 |
| CVE-2026-41979 | MEDIUM | 5.5 | Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect integrity and confidentiality. | Jun 09, 2026 |