Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11989
Total
791
Critical
3366
High
3787
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-39483 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.This issue … | Apr 08, 2026 |
| CVE-2026-39482 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Post Expirator post-expirator allows DOM-Based XSS.This issue affects Post Expirator: from n/a … | Apr 08, 2026 |
| CVE-2026-39479 | UNKNOWN | — | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: … | Apr 08, 2026 |
| CVE-2026-39477 | UNKNOWN | — | Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through <= 2.2.3. | Apr 08, 2026 |
| CVE-2026-39476 | UNKNOWN | — | Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through <= … | Apr 08, 2026 |
| CVE-2026-39475 | UNKNOWN | — | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects … | Apr 08, 2026 |
| CVE-2026-39473 | UNKNOWN | — | Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History simple-history allows Retrieve Embedded Sensitive Data.This issue affects Simple History: from n/a … | Apr 08, 2026 |
| CVE-2026-39469 | UNKNOWN | — | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from n/a … | Apr 08, 2026 |
| CVE-2026-39466 | UNKNOWN | — | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker … | Apr 08, 2026 |
| CVE-2026-39464 | UNKNOWN | — | Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects … | Apr 08, 2026 |
| CVE-2026-33088 | HIGH | 7.3 | Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement. | Apr 08, 2026 |
| CVE-2026-25776 | CRITICAL | 9.8 | Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script. | Apr 08, 2026 |
| CVE-2026-1396 | MEDIUM | 6.4 | The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magic-conversation' shortcode in all versions up to, and … | Apr 08, 2026 |
| CVE-2026-4655 | MEDIUM | 6.4 | The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and … | Apr 08, 2026 |
| CVE-2026-4654 | MEDIUM | 5.3 | The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, … | Apr 08, 2026 |
| CVE-2026-4483 | UNKNOWN | — | An exposed IOCTL with an insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa’s industrial x86 computers. The affected utility, MxGeneralIo, … | Apr 08, 2026 |
| CVE-2026-4330 | MEDIUM | 4.3 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and … | Apr 08, 2026 |
| CVE-2026-5508 | MEDIUM | 6.4 | The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wowpress` shortcode in all versions up to, and including, 1.0.0. This … | Apr 08, 2026 |
| CVE-2026-5506 | MEDIUM | 6.4 | The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wave` shortcode in all versions up to, and including, 0.2.6. This … | Apr 08, 2026 |
| CVE-2026-5169 | MEDIUM | 4.4 | The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to … | Apr 08, 2026 |
| CVE-2026-5167 | MEDIUM | 5.3 | The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions … | Apr 08, 2026 |
| CVE-2026-4871 | MEDIUM | 6.4 | The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' attributes of the `scm_member_data` shortcode in all … | Apr 08, 2026 |
| CVE-2026-4808 | HIGH | 7.2 | The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moveUploadedFile() function … | Apr 08, 2026 |
| CVE-2026-4338 | HIGH | 7.5 | The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts | Apr 08, 2026 |
| CVE-2026-4141 | MEDIUM | 4.3 | The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing … | Apr 08, 2026 |