CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-2633 The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the `pr... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-2642 A security vulnerability has been detected in ggreer the_silver_searcher up to 2.2.0. The impacted element is the function search_stream of the file src/search.c. The manipulation leads to null pointe... | 3.3 | LOW | β | 0 |
| CVE-2026-1655 The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save_frontend_... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1831 The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymail_install_yaysmtp' AJAX ... | 2.7 | LOW | β | 0 |
| CVE-2026-1860 The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.8. This is due to the `get_items_permissions_check()` permission callbac... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1938 The YayMail β WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the `/yaymail-license/v1/license/delete` REST... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1941 The WP Event Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_events' shortcode in all versions up to, and including, 1.8.7 due to insufficient input s... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-2127 The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check o... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-2495 The WPNakama β Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' ... | 7.5 | HIGH | β | 0 |
| CVE-2025-11185 The Complianz β GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due ... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-59920 When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the βIDClientβ para... | N/A | NONE | β | 0 |
| CVE-2025-14799 The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-7630 Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-8781 The Bookster β WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the βrawβ parameter in all versions up to, and including, 2.1.1 due to insufficient escaping... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-1317 The WP Import β Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the `fil... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1582 The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling... | 3.7 | LOW | β | 0 |
| CVE-2026-2386 The The Plus Addons for Elementor β Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and inclu... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-14340 Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0,Β <6.34.0,Β <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Paylo... | N/A | NONE | β | 0 |
| CVE-2026-2464 Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted pa... | N/A | NONE | β | 0 |
| CVE-2025-61982 An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution.... | 7.8 | HIGH | β | 0 |
| CVE-2026-1404 The Ultimate Member β User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the filter p... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-1426 The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcode_check... | 8.8 | HIGH | β | 0 |
| CVE-2025-13602 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | β | 0 |
| CVE-2025-13933 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12500. Reason: This candidate is a reservation duplicate of CVE-2025-12500. Notes: All CVE users should reference C... | N/A | NONE | β | 0 |
| CVE-2025-13965 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12500. Reason: This candidate is a reservation duplicate of CVE-2025-12500. Notes: All CVE users should reference C... | N/A | NONE | β | 0 |
| CVE-2026-2230 The Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 10.14.14 via the handle_ajax_save function due to missing validation o... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-2507 When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate.Β Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 | HIGH | β | 0 |
| CVE-2026-23545 Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cac... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-23547 Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMS... | 7.1 | HIGH | β | 0 |
| CVE-2026-20985 Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-20986 Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23803 Server-Side Request Forgery (SSRF) vulnerability in Burhan Nasir Smart Auto Upload Images smart-auto-upload-images allows Server Side Request Forgery.This issue affects Smart Auto Upload Images: from ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-23804 Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Bus... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-25363 Missing Authorization vulnerability in FooPlugins FooGallery foogallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FooGallery: from n/a through <= 3.1.1... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-24375 Missing Authorization vulnerability in WP Swings Ultimate Gift Cards For WooCommerce woo-gift-cards-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ulti... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-24392 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Stored XSS.This issue affects HurryTimer: from n/a thro... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-25003 Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-61645 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files include... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-61649 Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from 7cedd58781d261f1... | N/A | NONE | β | 0 |
| CVE-2026-25388 Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0. | 5.4 | MEDIUM | β | 0 |
| CVE-2019-25349 ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-c... | 7.5 | HIGH | β | 0 |
| CVE-2026-22923 A vulnerability has been identified in NX (All versions < V2512), NX (Managed Mode) (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attack... | 7.8 | HIGH | β | 0 |
| CVE-2025-12774 A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file.Β An attacker with access to Brocade SANnav supp... | 7.5 | HIGH | β | 0 |
| CVE-2025-61652 Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from * before 1.43.4, 1.44.1. | N/A | NONE | β | 0 |
| CVE-2025-61653 Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from * before 1.39.14, 1.43.4, ... | N/A | NONE | β | 0 |
| CVE-2025-67480 Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-25432 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-21528 Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-27074 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vaakash Shortcoder shortcoder allows Stored XSS.This issue affects Shortcoder: from n/a through <=... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-25005 Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This i... | 5.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.