Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10238
Total
701
Critical
2952
High
3222
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-15025 | HIGH | 8.8 | Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of … | May 14, 2026 |
| CVE-2026-6008 | MEDIUM | 6.8 | Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse. This issue … | May 14, 2026 |
| CVE-2026-5798 | UNKNOWN | — | Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker … | May 14, 2026 |
| CVE-2026-5790 | UNKNOWN | — | Stored Cross-Site Scripting (XSS) in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper … | May 14, 2026 |
| CVE-2026-4031 | HIGH | 7.5 | The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to … | May 14, 2026 |
| CVE-2026-4030 | HIGH | 8.1 | The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. … | May 14, 2026 |
| CVE-2026-4029 | HIGH | 7.5 | The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due … | May 14, 2026 |
| CVE-2026-43644 | MEDIUM | 5.4 | podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the … | May 14, 2026 |
| CVE-2025-12008 | HIGH | 8.8 | Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs. This … | May 14, 2026 |
| CVE-2026-45205 | MEDIUM | 5.3 | Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue … | May 14, 2026 |
| CVE-2026-8468 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in plug_project plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':read_part_headers/2 in … | May 14, 2026 |
| CVE-2026-8295 | UNKNOWN | — | An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string_builder::escape_and_append()" when processing very large input strings on platforms with … | May 14, 2026 |
| CVE-2025-68421 | UNKNOWN | — | Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote … | May 14, 2026 |
| CVE-2025-68420 | UNKNOWN | — | Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It … | May 14, 2026 |
| CVE-2026-2347 | CRITICAL | 9.8 | Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website: before 4.5.001. | May 14, 2026 |
| CVE-2025-11024 | CRITICAL | 9.8 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL … | May 14, 2026 |
| CVE-2026-6514 | HIGH | 7.5 | The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popup_submit. This makes … | May 14, 2026 |
| CVE-2026-6512 | CRITICAL | 9.1 | The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin … | May 14, 2026 |
| CVE-2026-6504 | MEDIUM | 6.4 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tag' parameter in all versions up to, and … | May 14, 2026 |
| CVE-2026-6206 | MEDIUM | 5.3 | The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the _get_post_property_from_querystring() function due … | May 14, 2026 |
| CVE-2026-6174 | MEDIUM | 6.4 | The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'more' parameter in all versions up to, and including, 2.1.1 … | May 14, 2026 |
| CVE-2026-6145 | MEDIUM | 5.3 | The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to … | May 14, 2026 |
| CVE-2026-6670 | MEDIUM | 6.5 | The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_dir' and 'media_items' parameters. … | May 14, 2026 |
| CVE-2026-6510 | CRITICAL | 9.8 | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due … | May 14, 2026 |
| CVE-2026-6506 | HIGH | 8.8 | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo_gdpr_upddata() … | May 14, 2026 |