CVE Database

109287+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-40949
9.1 CRITICAL

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions …

May 12, 2026
CVE-2025-40948
6.8 MEDIUM

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions …

May 12, 2026
CVE-2025-40947
7.5 HIGH

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions …

May 12, 2026
CVE-2025-40946
8.3 HIGH

A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), …

May 12, 2026
CVE-2025-40833
7.5 HIGH

The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service …

May 12, 2026
CVE-2024-54017
5.3 MEDIUM

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All …

May 12, 2026
CVE-2026-7661
6.4 MEDIUM

The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `box` shortcode in all versions up to, and including, 1.0. This …

May 12, 2026
CVE-2026-7659
6.4 MEDIUM

The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `social` shortcode in all versions up to, and including, …

May 12, 2026
CVE-2026-7626
5.3 MEDIUM

The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb_handle_slek_payment_redirect() function placing the …

May 12, 2026
CVE-2026-7616
4.3 MEDIUM

The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing …

May 12, 2026
CVE-2026-7562
4.3 MEDIUM

The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence …

May 12, 2026
CVE-2026-7561
6.1 MEDIUM

The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due …

May 12, 2026
CVE-2026-7464
6.1 MEDIUM

The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `page` parameter in all versions up to, and including, …

May 12, 2026
CVE-2026-7437
6.1 MEDIUM

The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `editpos_hidden` parameter in all versions up to, and including, 1.3. This is …

May 12, 2026
CVE-2026-7050
4.3 MEDIUM

The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin …

May 12, 2026
CVE-2026-6932
4.3 MEDIUM

The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due …

May 12, 2026
CVE-2026-6913
6.4 MEDIUM

The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widget_area' parameter in all versions up to, and including, 1.0.1 due to …

May 12, 2026
CVE-2026-6808
6.1 MEDIUM

The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, …

May 12, 2026
CVE-2026-6710
4.3 MEDIUM

The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due …

May 12, 2026
CVE-2026-6709
4.3 MEDIUM

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due …

May 12, 2026
CVE-2026-6708
5.3 MEDIUM

The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is …

May 12, 2026
CVE-2026-6690
7.2 HIGH

The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp_update_mds AJAX action in all versions up to, …

May 12, 2026
CVE-2026-6663
4.8 MEDIUM

The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is …

May 12, 2026
CVE-2026-6402
5.3 MEDIUM

webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. …

May 12, 2026
CVE-2026-6256
6.4 MEDIUM

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, …

May 12, 2026
CVE-2026-6247
6.4 MEDIUM

The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up …

May 12, 2026
CVE-2026-6237
6.4 MEDIUM

The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, …

May 12, 2026
CVE-2026-5715
6.4 MEDIUM

The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, …

May 12, 2026
CVE-2026-5693
5.3 MEDIUM

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation …

May 12, 2026
CVE-2026-5340
6.4 MEDIUM

The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `fancy-img-show` shortcode in all versions up to, and including, …

May 12, 2026
CVE-2026-5028
6.5 MEDIUM

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the `pp-get-articles` AJAX action …

May 12, 2026
CVE-2026-4920
6.4 MEDIUM

The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 …

May 12, 2026
CVE-2026-4859
6.4 MEDIUM

The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the `wpsbd_post_carousel` shortcode in all versions up …

May 12, 2026
CVE-2026-4663
5.3 MEDIUM

The iPOSpays Gateways WC plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.3.7. This is due to the plugin …

May 12, 2026
CVE-2026-4301
4.3 MEDIUM

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and …

May 12, 2026
CVE-2026-3604
4.9 MEDIUM

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_kcseo_ative_tab` parameter in all versions up to, and …

May 12, 2026
CVE-2026-39432
8.2 HIGH

Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.53.

May 12, 2026
CVE-2026-2993
7.5 HIGH

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to …

May 12, 2026
CVE-2026-2300
6.4 MEDIUM

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `filter_images()` function in all versions up to, and including, 1.0.9. …

May 12, 2026
CVE-2026-35227

An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is …

May 12, 2026
CVE-2026-1681
6.1 MEDIUM

Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input …

May 12, 2026
CVE-2026-1185
5.4 MEDIUM

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability …

May 12, 2026
CVE-2026-0804
6.7 MEDIUM

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be …

May 12, 2026
CVE-2026-0802
6.0 MEDIUM

An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited …

May 12, 2026
CVE-2026-0541
6.7 MEDIUM

ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be …

May 12, 2026
CVE-2026-41872
7.4 HIGH

"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication …

May 12, 2026
CVE-2026-41530
3.3 LOW

The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with …

May 12, 2026
CVE-2026-7287
7.5 HIGH

** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the “webs” binary in Zyxel NWA1100-N …

May 12, 2026
CVE-2026-7257
4.4 MEDIUM

** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow …

May 12, 2026
CVE-2026-7256
8.8 HIGH

** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker …

May 12, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.