Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20528
Total
1468
Critical
6215
High
6518
Medium
CVE ID Severity Score Description Published
CVE-2026-9711 CRITICAL 9.8 The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress (full) is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up … Jun 30, 2026
CVE-2026-8141 HIGH 7.2 The Ajax Load More - Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'taxonomy_include_children' parameter in all versions up to, and … Jun 30, 2026
CVE-2026-6954 UNKNOWN Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into … Jun 30, 2026
CVE-2026-6953 UNKNOWN HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim … Jun 30, 2026
CVE-2026-13149 UNKNOWN brace-expansion through 5.0.6 is vulnerable to denial of service. The expand() function exhibits exponential-time complexity in the number of consecutive non-expanding '{}' brace groups. An … Jun 30, 2026
CVE-2026-12610 MEDIUM 6.4 A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory … Jun 30, 2026
CVE-2026-12076 UNKNOWN Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline. The vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL statements … Jun 30, 2026
CVE-2026-10763 UNKNOWN PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server. Jun 30, 2026
CVE-2025-7406 HIGH 7.8 Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root … Jun 30, 2026
CVE-2025-24816 MEDIUM 6.5 Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to … Jun 30, 2026
CVE-2025-24815 HIGH 7.8 Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to … Jun 30, 2026
CVE-2026-45822 UNKNOWN decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and calls decodeComponents(), exhibiting super-linear parsing … Jun 30, 2026
CVE-2026-12578 UNKNOWN The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code. Jun 30, 2026
CVE-2026-9576 MEDIUM 4.9 The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint, allowing users … Jun 30, 2026
CVE-2026-56809 MEDIUM 6.1 Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed … Jun 30, 2026
CVE-2026-56808 HIGH 7.2 DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a … Jun 30, 2026
CVE-2026-56137 HIGH 7.8 RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, … Jun 30, 2026
CVE-2026-14164 HIGH 7.5 A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale … Jun 30, 2026
CVE-2026-12819 UNKNOWN Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions. Jun 30, 2026
CVE-2026-12818 UNKNOWN Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling (CWE-770) within their Modbus TCP service. Jun 30, 2026
CVE-2026-12240 HIGH 8.0 The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all … Jun 30, 2026
CVE-2026-11590 HIGH 8.6 The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing … Jun 30, 2026
CVE-2026-11589 HIGH 8.8 The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious … Jun 30, 2026
CVE-2026-11581 MEDIUM 5.9 The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a … Jun 30, 2026
CVE-2026-8944 MEDIUM 4.3 The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This … Jun 30, 2026