Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10557
Total
721
Critical
3059
High
3365
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-40949 | CRITICAL | 9.1 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions … | May 12, 2026 |
| CVE-2025-40948 | MEDIUM | 6.8 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions … | May 12, 2026 |
| CVE-2025-40947 | HIGH | 7.5 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions … | May 12, 2026 |
| CVE-2025-40946 | HIGH | 8.3 | A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), … | May 12, 2026 |
| CVE-2025-40833 | HIGH | 7.5 | The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service … | May 12, 2026 |
| CVE-2024-54017 | MEDIUM | 5.3 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All … | May 12, 2026 |
| CVE-2026-7661 | MEDIUM | 6.4 | The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `box` shortcode in all versions up to, and including, 1.0. This … | May 12, 2026 |
| CVE-2026-7659 | MEDIUM | 6.4 | The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `social` shortcode in all versions up to, and including, … | May 12, 2026 |
| CVE-2026-7626 | MEDIUM | 5.3 | The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb_handle_slek_payment_redirect() function placing the … | May 12, 2026 |
| CVE-2026-7616 | MEDIUM | 4.3 | The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing … | May 12, 2026 |
| CVE-2026-7562 | MEDIUM | 4.3 | The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence … | May 12, 2026 |
| CVE-2026-7561 | MEDIUM | 6.1 | The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due … | May 12, 2026 |
| CVE-2026-7464 | MEDIUM | 6.1 | The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `page` parameter in all versions up to, and including, … | May 12, 2026 |
| CVE-2026-7437 | MEDIUM | 6.1 | The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `editpos_hidden` parameter in all versions up to, and including, 1.3. This is … | May 12, 2026 |
| CVE-2026-7050 | MEDIUM | 4.3 | The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin … | May 12, 2026 |
| CVE-2026-6932 | MEDIUM | 4.3 | The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due … | May 12, 2026 |
| CVE-2026-6913 | MEDIUM | 6.4 | The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widget_area' parameter in all versions up to, and including, 1.0.1 due to … | May 12, 2026 |
| CVE-2026-6808 | MEDIUM | 6.1 | The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, … | May 12, 2026 |
| CVE-2026-6710 | MEDIUM | 4.3 | The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due … | May 12, 2026 |
| CVE-2026-6709 | MEDIUM | 4.3 | The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due … | May 12, 2026 |
| CVE-2026-6708 | MEDIUM | 5.3 | The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is … | May 12, 2026 |
| CVE-2026-6690 | HIGH | 7.2 | The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp_update_mds AJAX action in all versions up to, … | May 12, 2026 |
| CVE-2026-6663 | MEDIUM | 4.8 | The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is … | May 12, 2026 |
| CVE-2026-6402 | MEDIUM | 5.3 | webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. … | May 12, 2026 |
| CVE-2026-6256 | MEDIUM | 6.4 | The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, … | May 12, 2026 |