Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20412
Total
1466
Critical
6188
High
6493
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-10750 | HIGH | 8.1 | The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users … | Jul 01, 2026 |
| CVE-2025-15666 | MEDIUM | 5.3 | A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::SceneCombiner::Copy of the … | Jul 01, 2026 |
| CVE-2026-9107 | MEDIUM | 6.4 | The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'meta[kaliforms_field_components]' parameter in all versions … | Jul 01, 2026 |
| CVE-2026-7840 | CRITICAL | 9.8 | UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c write the caller-supplied … | Jul 01, 2026 |
| CVE-2026-7839 | CRITICAL | 9.1 | UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater … | Jul 01, 2026 |
| CVE-2026-7838 | HIGH | 8.8 | UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte … | Jul 01, 2026 |
| CVE-2026-7831 | HIGH | 7.6 | UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.cpp, when the server-supplied nameLength equals exactly 2024 … | Jul 01, 2026 |
| CVE-2026-7830 | HIGH | 7.4 | UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth). In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit … | Jul 01, 2026 |
| CVE-2026-7829 | HIGH | 7.2 | UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpy_s copies a rule token into temp1[rule1] (25-byte … | Jul 01, 2026 |
| CVE-2026-7828 | MEDIUM | 5.3 | UltraVNC repeater through 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, the win_log() function allocates list nodes via malloc(sizeof(struct LIST) … | Jul 01, 2026 |
| CVE-2026-7517 | HIGH | 7.2 | The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alg_wc_cpg_input_fields' parameter in all versions up to, and … | Jul 01, 2026 |
| CVE-2026-6070 | CRITICAL | 9.1 | The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path … | Jul 01, 2026 |
| CVE-2026-58519 | UNKNOWN | — | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects … | Jul 01, 2026 |
| CVE-2026-58518 | UNKNOWN | — | Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: … | Jul 01, 2026 |
| CVE-2026-44042 | LOW | 3.7 | UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wi_uudecode() function checks whether … | Jul 01, 2026 |
| CVE-2026-44041 | MEDIUM | 4.3 | UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the vncWc2Mb() function passes a caller-supplied WCHAR pointer to … | Jul 01, 2026 |
| CVE-2026-44040 | MEDIUM | 4.8 | UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes() function seeds libc rand() with … | Jul 01, 2026 |
| CVE-2026-2387 | MEDIUM | 6.4 | The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.12.9. This is due to the … | Jul 01, 2026 |
| CVE-2026-13731 | HIGH | 7.2 | The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter … | Jul 01, 2026 |
| CVE-2026-13468 | HIGH | 7.5 | The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and … | Jul 01, 2026 |
| CVE-2026-13443 | MEDIUM | 6.4 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Lesson Attachment Title in all versions … | Jul 01, 2026 |
| CVE-2026-13246 | MEDIUM | 6.4 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block_id' (and other) shortcode attributes of … | Jul 01, 2026 |
| CVE-2026-13015 | MEDIUM | 6.1 | The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, … | Jul 01, 2026 |
| CVE-2026-12923 | HIGH | 7.5 | The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation … | Jul 01, 2026 |
| CVE-2026-12904 | MEDIUM | 4.3 | The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and … | Jul 01, 2026 |