Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22971
Total
1632
Critical
7220
High
7324
Medium
CVE ID Severity Score Description Published
CVE-2026-41972 MEDIUM 5.4 Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability. Jun 09, 2026
CVE-2025-62858 UNKNOWN A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then … Jun 09, 2026
CVE-2026-8981 LOW 3.5 The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_html capability across all paths that write to its block template code … Jun 09, 2026
CVE-2026-5067 CRITICAL 9.8 A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser … Jun 09, 2026
CVE-2026-4986 MEDIUM 5.3 The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook … Jun 09, 2026
CVE-2026-41539 UNKNOWN A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass … Jun 09, 2026
CVE-2026-11572 HIGH 8.8 Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for … Jun 09, 2026
CVE-2026-9662 HIGH 8.1 The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due … Jun 09, 2026
CVE-2026-9185 HIGH 7.5 The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the `userId` … Jun 09, 2026
CVE-2026-8977 MEDIUM 6.4 The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninja_gdpr_ajax_actions' AJAX action in versions up to, and including, … Jun 09, 2026
CVE-2026-8940 MEDIUM 4.3 The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due … Jun 09, 2026
CVE-2026-8910 MEDIUM 6.1 The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to … Jun 09, 2026
CVE-2026-8909 MEDIUM 4.3 The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or … Jun 09, 2026
CVE-2026-8907 MEDIUM 6.1 The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation … Jun 09, 2026
CVE-2026-8904 MEDIUM 4.3 The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all … Jun 09, 2026
CVE-2026-8902 MEDIUM 4.3 The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to … Jun 09, 2026
CVE-2026-8895 MEDIUM 6.4 The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, … Jun 09, 2026
CVE-2026-8883 MEDIUM 6.4 The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, … Jun 09, 2026
CVE-2026-8882 MEDIUM 6.4 The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 … Jun 09, 2026
CVE-2026-8880 MEDIUM 6.4 The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute (and other attributes) of the romancart_button shortcode in versions … Jun 09, 2026
CVE-2026-8841 MEDIUM 6.4 The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and … Jun 09, 2026
CVE-2026-8499 MEDIUM 5.3 The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is … Jun 09, 2026
CVE-2026-7662 MEDIUM 6.4 The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the `epaperflip_embed` shortcode in all versions up to, … Jun 09, 2026
CVE-2026-41980 MEDIUM 5.5 Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. Jun 09, 2026
CVE-2026-41979 MEDIUM 5.5 Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect integrity and confidentiality. Jun 09, 2026