CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-25841 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25842 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25843 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25844 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25845 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-12159 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_raw_content shortcode in all versions up to, and including, 5.4.8 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1570 The Simple Bible Verse via Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `verse` shortcode in all versions up to, and including, 1.1 due to insufficient ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-12803 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bt_bb_tabs' shortcode in all versions up to, and including, 5.5.1 due to insufficient input sani... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-13463 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3 due to insufficient input sanitization a... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-15267 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_accordion_item shortcode in all versions up to, and including, 5.5.7 due to insufficient ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-15491 The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as wi... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-24789 An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-15476 The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlister_do_admin_ajax() function in all versions up to, and i... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15477 The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode `category` and `id` attributes in all versions up to, and including, 0.1.5 due to insufficient escaping ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1082 The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page form handler... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1573 The OMIGO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `omigo_donate_button` shortcode in all versions up to, and including, 3.3 due to insufficient input sanitiz... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1608 The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `youtube` shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitizat... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1611 The Wikiloops Track Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wikiloops` shortcode in all versions up to, and including, 1.0.1 due to insufficient inpu... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1613 The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `list_class` shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitiza... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1634 The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.0 due to insufficient inpu... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1643 The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes i... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-2080 A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injectio... | 7.2 | HIGH | — | 0 |
| CVE-2026-25859 Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations. | 8.8 | HIGH | — | 0 |
| CVE-2026-2084 A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to os comma... | 7.2 | HIGH | — | 0 |
| CVE-2026-2085 A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulati... | 7.2 | HIGH | — | 0 |
| CVE-2026-25560 WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-25561 WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers (such as boardId, cardId, swimlaneId, and listId)... | 7.5 | HIGH | — | 0 |
| CVE-2026-25810 PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/student.submission.routes.ts verify authentication but fails to enforce object-... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-25562 WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards ac... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25563 WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs ... | 7.5 | HIGH | — | 0 |
| CVE-2026-25564 WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs ... | 7.5 | HIGH | — | 0 |
| CVE-2026-25565 WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users wit... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25566 WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination a... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-25567 WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25568 WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPriva... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2118 A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation ... | 7.2 | HIGH | — | 0 |
| CVE-2026-2120 A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of... | 7.2 | HIGH | — | 0 |
| CVE-2026-25084 Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-15027 The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user met... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-15100 The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user met... | 8.8 | HIGH | — | 0 |
| CVE-2026-2129 A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipst... | 7.2 | HIGH | — | 0 |
| CVE-2026-2205 A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to inform... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2206 A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Perform... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2207 A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2208 A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missi... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2209 A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translatio... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2137 A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. This impacts an unknown function of the file /goform/SetIpMacBind. The manipulation of the argument list leads to buffer overflow. ... | 8.8 | HIGH | — | 0 |
| CVE-2026-2138 A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overf... | 8.8 | HIGH | — | 0 |
| CVE-2026-2139 A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argum... | 8.8 | HIGH | — | 0 |
| CVE-2026-2140 A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.