CVE Database

110968+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-5820
6.4 MEDIUM

The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, …

Apr 22, 2026
CVE-2026-5767
6.4 MEDIUM

The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `slideShowProSC` shortcode in all versions up to, and including, 1.0.2 …

Apr 22, 2026
CVE-2026-5748
6.4 MEDIUM

The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ts` shortcode in all versions up to, and including, 0.0.1 …

Apr 22, 2026
CVE-2026-4353
6.4 MEDIUM

The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `cihub_metadata` shortcode in all versions up …

Apr 22, 2026
CVE-2026-4280
6.5 MEDIUM

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to …

Apr 22, 2026
CVE-2026-4279
6.4 MEDIUM

The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button' shortcode in all versions up to, and including, 8.2.0.25. …

Apr 22, 2026
CVE-2026-4142
4.4 MEDIUM

The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Permanent keywords' field in all versions …

Apr 22, 2026
CVE-2026-4140
4.3 MEDIUM

The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due …

Apr 22, 2026
CVE-2026-4139
4.3 MEDIUM

The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.5.2. This is due to the complete …

Apr 22, 2026
CVE-2026-4138
4.3 MEDIUM

The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to …

Apr 22, 2026
CVE-2026-4133
4.3 MEDIUM

The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7. This is due to …

Apr 22, 2026
CVE-2026-4132
7.2 HIGH

The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up …

Apr 22, 2026
CVE-2026-4131
6.1 MEDIUM

The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is …

Apr 22, 2026
CVE-2026-4128
4.3 MEDIUM

The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The delete_term() function, …

Apr 22, 2026
CVE-2026-4126
4.3 MEDIUM

The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'table_manager' shortcode. The …

Apr 22, 2026
CVE-2026-4125
6.4 MEDIUM

The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to and including 1.0.1. …

Apr 22, 2026
CVE-2026-4121
4.3 MEDIUM

The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce …

Apr 22, 2026
CVE-2026-4119
9.1 CRITICAL

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers admin_post action …

Apr 22, 2026
CVE-2026-4118
4.3 MEDIUM

The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due …

Apr 22, 2026
CVE-2026-4117
5.3 MEDIUM

The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability …

Apr 22, 2026
CVE-2026-4090
6.1 MEDIUM

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing …

Apr 22, 2026
CVE-2026-4089
6.4 MEDIUM

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including …

Apr 22, 2026
CVE-2026-4088
6.4 MEDIUM

The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppw_cta_box' shortcode in all versions up to, and including, 1.1. …

Apr 22, 2026
CVE-2026-4085
6.4 MEDIUM

The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper_class' shortcode attribute of the 'my-instagram-feed' shortcode in all …

Apr 22, 2026
CVE-2026-4082
6.4 MEDIUM

The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swiffy] shortcode in all versions up to and including 1.0.0. …

Apr 22, 2026
CVE-2026-4076
6.4 MEDIUM

The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'category' and 'template' shortcode attributes in all versions up to …

Apr 22, 2026
CVE-2026-4074
6.4 MEDIUM

The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, …

Apr 22, 2026
CVE-2026-3362
4.4 MEDIUM

The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and …

Apr 22, 2026
CVE-2026-31433
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get_file_all_info() for compound requests When a compound request consists of …

Apr 22, 2026
CVE-2026-31432
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERY_INFO for compound requests When a compound request such as …

Apr 22, 2026
CVE-2026-31431
7.8 HIGH KEV

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the …

Apr 22, 2026
CVE-2026-2719
4.4 MEDIUM

The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. …

Apr 22, 2026
CVE-2026-2717
5.5 MEDIUM

The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization …

Apr 22, 2026
CVE-2026-2714
4.4 MEDIUM

The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, …

Apr 22, 2026
CVE-2026-1845
5.5 MEDIUM

The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due …

Apr 22, 2026
CVE-2026-1379
4.4 MEDIUM

The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to …

Apr 22, 2026
CVE-2026-6842
2.5 LOW

A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for …

Apr 22, 2026
CVE-2026-6023
8.1 HIGH

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state …

Apr 22, 2026
CVE-2026-6022
7.5 HIGH

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum …

Apr 22, 2026
CVE-2026-40542
7.3 HIGH

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. …

Apr 22, 2026
CVE-2026-6840
5.5 MEDIUM

Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0.

Apr 22, 2026
CVE-2026-6839
6.6 MEDIUM

Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source …

Apr 22, 2026
CVE-2026-41667
6.6 MEDIUM

Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is …

Apr 22, 2026
CVE-2026-41666
6.6 MEDIUM

Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation. Affected version …

Apr 22, 2026
CVE-2026-41665
6.1 MEDIUM

Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors. Affected version is prior …

Apr 22, 2026
CVE-2026-41664
6.6 MEDIUM

Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes. Affected version is …

Apr 22, 2026
CVE-2026-40450
6.6 MEDIUM

Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors. Affected …

Apr 22, 2026
CVE-2026-40449
6.6 MEDIUM

Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsung Open Source ONE. Affected version …

Apr 22, 2026
CVE-2026-40448
5.3 MEDIUM

Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE. Affected version is …

Apr 22, 2026
CVE-2026-22754
7.5 HIGH

Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then the servlet …

Apr 22, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.