CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-2019 The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page'... | 7.2 | HIGH | — | 0 |
| CVE-2026-1937 The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the `yayma... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1857 The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1807 The InteractiveCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interactivecalculator' shortcode in all versions up to, and including, 1.0.3... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1666 The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'redirect_to' parameter in all versions up to, and including, 3.3.46. This is due to insufficient inpu... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1640 The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authoriz... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2641 A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Exec... | 3.3 | LOW | — | 0 |
| CVE-2026-2023 The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajax_save_custom_pl... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1906 The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the `wpo_ips_edi_save_order_cust... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1639 The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' and 'sort_by' parameters in all versions up to, an... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1368 The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK sig... | 7.5 | HIGH | — | 0 |
| CVE-2026-1304 The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficien... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1072 The Keybase.io Verification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.5. This is due to missing nonce validation when updating plugin s... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-12356 The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_change_ticket_status' AJAX endpoint... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-12122 The Popup Box – Easily Create WordPress Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 3.2.12 due... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-11737 The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vkExUnit_sns_title' parameter in all versions up to, and including, 9.112.3 due to insuffici... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-2576 The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1931 The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and out... | 7.2 | HIGH | — | 0 |
| CVE-2026-1925 The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'update_template_data' function in al... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1714 The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3.3.2. Th... | 8.6 | HIGH | — | 0 |
| CVE-2026-1296 The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requested_page' POST... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1277 The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional dismi... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-6460 The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-13959 The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitizati... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-12075 The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wos_troubleshooting' AJAX endpoint in all versions up to,... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-12074 The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'context_blog_modal_popup' due to insufficient restrictions on which post... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-12071 The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funp_ajax_modify_notes' AJAX endpoint due to missing... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-12037 The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.5 due to insufficient input sani... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-27171 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition. | 2.9 | LOW | — | 0 |
| CVE-2026-27038 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27037 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27036 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27035 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27034 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27033 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27032 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27031 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23599 A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attac... | 7.8 | HIGH | — | 0 |
| CVE-2026-22048 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are susceptible ... | 7.1 | HIGH | — | 0 |
| CVE-2026-1344 Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2570 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2026-26119 Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | 8.8 | HIGH | — | 0 |
| CVE-2026-1670 The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-62183 Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access right... | N/A | NONE | — | 0 |
| CVE-2025-13689 IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads. | 8.8 | HIGH | — | 0 |
| CVE-2025-13333 IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings. | 4.4 | MEDIUM | — | 0 |
| CVE-2026-2629 A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TT... | 7.3 | HIGH | — | 0 |
| CVE-2026-2627 A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\Program Files\Common Files\microsoft shared\ink\HID.dll of the component Backup/Re... | 7.8 | HIGH | — | 0 |
| CVE-2026-2623 A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java of the com... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-36348 IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through ... | 4.9 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.