CVE Database

108224+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-52912
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: hold bridge skb->dev while queued br_pass_frame_up() rewrites skb->dev from the ingress port to …

Jun 24, 2026
CVE-2026-9724
4.3 MEDIUM

The MotorDesk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or …

Jun 24, 2026
CVE-2026-9721
4.3 MEDIUM

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is …

Jun 24, 2026
CVE-2026-9710
7.7 HIGH

The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce needed to call …

Jun 24, 2026
CVE-2026-9709
7.7 HIGH

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the …

Jun 24, 2026
CVE-2026-9643
7.2 HIGH

The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUEST_URI server variable in all versions up to, and …

Jun 24, 2026
CVE-2026-9620
6.4 MEDIUM

The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, …

Jun 24, 2026
CVE-2026-9619
4.3 MEDIUM

The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due …

Jun 24, 2026
CVE-2026-9616
4.3 MEDIUM

The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin …

Jun 24, 2026
CVE-2026-9612
5.3 MEDIUM

The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via …

Jun 24, 2026
CVE-2026-9184
4.3 MEDIUM

The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_lb24_token() …

Jun 24, 2026
CVE-2026-9183
4.3 MEDIUM

The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is …

Jun 24, 2026
CVE-2026-9179
7.5 HIGH

The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to …

Jun 24, 2026
CVE-2026-9178
7.5 HIGH

The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST …

Jun 24, 2026
CVE-2026-9175
5.3 MEDIUM

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. …

Jun 24, 2026
CVE-2026-9172
5.3 MEDIUM

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check …

Jun 24, 2026
CVE-2026-8905
6.1 MEDIUM

The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to …

Jun 24, 2026
CVE-2026-8896
6.4 MEDIUM

The MIR blocks and shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute (and other attributes such as 'ready_animation_text') of …

Jun 24, 2026
CVE-2026-8865
6.4 MEDIUM

The Avalon23 Products Filter for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'avalon23_qr' shortcode in all versions up to, and …

Jun 24, 2026
CVE-2026-8705
7.5 HIGH

The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the `pagseguro[metodo]` POST parameter of the `clearsale_total_push` AJAX action in all versions up …

Jun 24, 2026
CVE-2026-8690
5.3 MEDIUM

The RentMy Real-Time Rental Management Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.4.1. This is due …

Jun 24, 2026
CVE-2026-8688
4.3 MEDIUM

The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to …

Jun 24, 2026
CVE-2026-8628
6.1 MEDIUM

The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 1.1.2 due to insufficient …

Jun 24, 2026
CVE-2026-8622
6.1 MEDIUM

The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Server Variable in all versions up to, and including, …

Jun 24, 2026
CVE-2026-8617
5.3 MEDIUM

The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to …

Jun 24, 2026
CVE-2026-8614
4.3 MEDIUM

The Assistio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the assistio_plugin_delete_assistio_settings() …

Jun 24, 2026
CVE-2026-7617
5.3 MEDIUM

The Secufor_OAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin not …

Jun 24, 2026
CVE-2026-6292
4.3 MEDIUM

The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0. This is …

Jun 24, 2026
CVE-2026-4297
8.8 HIGH

The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to …

Jun 24, 2026
CVE-2026-13006

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.35 in Java applications, allows an attacker to execute arbitrary …

Jun 24, 2026
CVE-2026-12417
9.8 CRITICAL

The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, …

Jun 24, 2026
CVE-2026-12416
9.8 CRITICAL

The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due …

Jun 24, 2026
CVE-2026-12100
7.2 HIGH

The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This …

Jun 24, 2026
CVE-2026-12095
7.2 HIGH

The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'api_url' parameter. This …

Jun 24, 2026
CVE-2026-12094
5.3 MEDIUM

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on …

Jun 24, 2026
CVE-2026-11997
4.3 MEDIUM

The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing …

Jun 24, 2026
CVE-2026-11370
6.4 MEDIUM

The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'new_link' parameter. …

Jun 24, 2026
CVE-2026-10753
2.7 LOW

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have …

Jun 24, 2026
CVE-2026-10749
7.2 HIGH

The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's …

Jun 24, 2026
CVE-2026-10735
7.5 HIGH

Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress …

Jun 24, 2026
CVE-2026-10552
4.3 MEDIUM

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or …

Jun 24, 2026
CVE-2026-10531
5.4 MEDIUM

The AI Share & Summarize WordPress plugin before 2.0.4 does not sanitise and escape some of its shortcode attributes before outputting them in a page, …

Jun 24, 2026
CVE-2026-10092
7.2 HIGH

The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cincopa Shortcode in Post Comments in all versions up …

Jun 24, 2026
CVE-2026-10091
7.2 HIGH

The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up to, and including, …

Jun 24, 2026
CVE-2026-12569
KEV

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization …

Jun 18, 2026
CVE-2026-48768
9.3 CRITICAL

TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses unsanitized fileName input to construct public/ S3 object …

Jun 18, 2026
CVE-2026-48764
8.2 HIGH

TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved …

Jun 18, 2026
CVE-2026-54533

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access other algorithms input and output files. Version …

Jun 17, 2026
CVE-2026-54445

vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user with username `root` and password `root`. This is …

Jun 17, 2026
CVE-2026-53676
7.2 HIGH

ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to …

Jun 17, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.