CVE Database

108042+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-12576
7.5 HIGH

DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability.

Jul 1, 2026
CVE-2026-12575
7.5 HIGH

DVP80ES3 with Improper Resource Shutdown or Release vulnerability.

Jul 1, 2026
CVE-2026-12435
4.3 MEDIUM

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.111. …

Jul 1, 2026
CVE-2026-12408
4.3 MEDIUM

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions …

Jul 1, 2026
CVE-2026-12224
8.8 HIGH

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via update_capabilities REST Endpoint in all versions up to, and including, 5.0.4. This is …

Jul 1, 2026
CVE-2026-12158
8.8 HIGH

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This …

Jul 1, 2026
CVE-2026-11387
9.8 CRITICAL

The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account …

Jul 1, 2026
CVE-2026-10540
5.6 MEDIUM

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an …

Jul 1, 2026
CVE-2026-10539
9.0 CRITICAL

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized …

Jul 1, 2026
CVE-2026-10538
8.0 HIGH

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions …

Jul 1, 2026
CVE-2026-10096
4.3 MEDIUM

The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'page_id' parameter …

Jul 1, 2026
CVE-2026-1239
7.5 HIGH

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a …

Jul 1, 2026
CVE-2026-14193
7.5 HIGH

DVP80ES300T with Improper Validation of Array Index Vulnerability

Jul 1, 2026
CVE-2026-12579
7.4 HIGH

AS228T with Authentication Bypass Vulnerability

Jul 1, 2026
CVE-2026-11887
4.3 MEDIUM

The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such …

Jul 1, 2026
CVE-2026-11883
7.2 HIGH

The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a …

Jul 1, 2026
CVE-2026-11880
3.1 LOW

The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with a low-privilege account …

Jul 1, 2026
CVE-2026-11823
7.5 HIGH

The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'store_service_date' parameter of the bpa_assign_staffmember_to_slots() function in versions up to …

Jul 1, 2026
CVE-2026-11794
8.1 HIGH

The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a …

Jul 1, 2026
CVE-2026-11570
4.2 MEDIUM

The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a …

Jul 1, 2026
CVE-2026-11568
7.5 HIGH

The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public …

Jul 1, 2026
CVE-2026-11562
4.3 MEDIUM

The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level …

Jul 1, 2026
CVE-2026-10750
8.1 HIGH

The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users …

Jul 1, 2026
CVE-2025-15666
5.3 MEDIUM

A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::SceneCombiner::Copy of the …

Jul 1, 2026
CVE-2026-9107
6.4 MEDIUM

The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'meta[kaliforms_field_components]' parameter in all versions …

Jul 1, 2026
CVE-2026-7840
9.8 CRITICAL

UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c write the caller-supplied …

Jul 1, 2026
CVE-2026-7839
9.1 CRITICAL

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater …

Jul 1, 2026
CVE-2026-7838
8.8 HIGH

UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte …

Jul 1, 2026
CVE-2026-7831
7.6 HIGH

UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.cpp, when the server-supplied nameLength equals exactly 2024 …

Jul 1, 2026
CVE-2026-7830
7.4 HIGH

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth). In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit …

Jul 1, 2026
CVE-2026-7829
7.2 HIGH

UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpy_s copies a rule token into temp1[rule1] (25-byte …

Jul 1, 2026
CVE-2026-7828
5.3 MEDIUM

UltraVNC repeater through 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, the win_log() function allocates list nodes via malloc(sizeof(struct LIST) …

Jul 1, 2026
CVE-2026-7517
7.2 HIGH

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alg_wc_cpg_input_fields' parameter in all versions up to, and …

Jul 1, 2026
CVE-2026-6070
9.1 CRITICAL

The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path …

Jul 1, 2026
CVE-2026-58519
5.4 MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects …

Jul 1, 2026
CVE-2026-58518

Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: …

Jul 1, 2026
CVE-2026-44042
3.7 LOW

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wi_uudecode() function checks whether …

Jul 1, 2026
CVE-2026-44041
4.3 MEDIUM

UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the vncWc2Mb() function passes a caller-supplied WCHAR pointer to …

Jul 1, 2026
CVE-2026-44040
4.8 MEDIUM

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes() function seeds libc rand() with …

Jul 1, 2026
CVE-2026-2387
6.4 MEDIUM

The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.12.9. This is due to the …

Jul 1, 2026
CVE-2026-13731
7.2 HIGH

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter …

Jul 1, 2026
CVE-2026-13468
7.5 HIGH

The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and …

Jul 1, 2026
CVE-2026-13443
6.4 MEDIUM

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Lesson Attachment Title in all versions …

Jul 1, 2026
CVE-2026-13246
6.4 MEDIUM

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block_id' (and other) shortcode attributes of …

Jul 1, 2026
CVE-2026-13015
6.1 MEDIUM

The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, …

Jul 1, 2026
CVE-2026-12923
7.5 HIGH

The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation …

Jul 1, 2026
CVE-2026-12904
4.3 MEDIUM

The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and …

Jul 1, 2026
CVE-2026-12902
4.3 MEDIUM

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, …

Jul 1, 2026
CVE-2026-12135
6.4 MEDIUM

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'video_player' shortcode 'align' attribute in all versions up to, …

Jul 1, 2026
CVE-2026-12133
4.3 MEDIUM

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in …

Jul 1, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.