CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-0519 In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. Any party with access to those logs could read th... | 3.4 | LOW | — | 0 |
| CVE-2025-12002 The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sby_check_wp_submit' AJAX action. This is due to insufficient s... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-14075 The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotel_booking_fetch_custo... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14450 The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'change_wallet_fund_request_status_callback' function... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-14632 The Filr – Secure document library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unrestricted file upload in all versions up to, and including, 1.2.11 due to insufficient file ... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-15403 The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_ex... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-12825 The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_cf7_form_data' function in all versions up to... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-58091 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascrip... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-13725 The Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 1.0.1. This is due to i... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-14463 The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoin... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0682 The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio_url' ... | 2.2 | LOW | — | 0 |
| CVE-2026-0820 The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference due to missing capability checks on the wc_upload_and_save_signa... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-12168 The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_delete_log' AJAX endpoint in all vers... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-14029 The Community Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_admin_event_approval() function in all versions up to, and in... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-12984 The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the u... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-0691 The CM E-Mail Blacklist – Simple email filtering for safer registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'black_email' parameter in all versions up to, and inc... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-0808 The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0833 The Team Section Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block in all versions up to, and including, 2.0.0 due to insufficient input sanitization and o... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-12129 The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14478 The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection (XXE) in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possib... | 7.5 | HIGH | — | 0 |
| CVE-2025-10484 The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.1. This is due to the plugin not... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-14078 The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygent_check_we... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-8615 The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewp_shortcode_taxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-0725 The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization a... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1059 A security vulnerability has been detected in FeMiner wms up to 9cad1f1b179a98b9547fd003c23b07c7594775fa. Affected by this vulnerability is an unknown functionality of the file /src/chkuser.php. The m... | 7.3 | HIGH | — | 0 |
| CVE-2026-1063 A vulnerability has been found in bastillion-io Bastillion up to 4.0.1. This vulnerability affects unknown code of the file src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java of the componen... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-1064 A vulnerability was found in bastillion-io Bastillion up to 4.0.1. This issue affects some unknown processing of the file src/main/java/io/bastillion/manage/control/SystemKtrl.java of the component Sy... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-1105 A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The att... | 7.3 | HIGH | — | 0 |
| CVE-2026-1108 A security vulnerability has been detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The affected element is the function rtsp_rely_dumps. The manipulation leads to buffer over... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1109 A vulnerability was detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The impacted element is the function rtsp_parse_request. The manipulation results in buffer overflow. Att... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1110 A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtsp_parse_method. This manipulation causes buffer overflow. It is possible to launch ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-58092 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascrip... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1111 A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Ta... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-1112 A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.jav... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-1118 A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/add_activity.php. Performing a manipulation of the argument Title results... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1119 A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activi... | 7.3 | HIGH | — | 0 |
| CVE-2026-1120 A vulnerability has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_work.jsp of the component HTTP GET Parameter Handler. The manipulation of the ... | 7.3 | HIGH | — | 0 |
| CVE-2026-1121 A vulnerability was found in Yonyou KSOA 9.0. This affects an unknown function of the file /worksheet/del_workplan.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID ... | 7.3 | HIGH | — | 0 |
| CVE-2025-14883 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-68016. Reason: This candidate is a reservation duplicate of CVE-2025-68016. Notes: All CVE users should reference C... | N/A | NONE | — | 0 |
| CVE-2026-1122 A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/work_info.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ... | 7.3 | HIGH | — | 0 |
| CVE-2026-1123 A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/work_mod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument ID... | 7.3 | HIGH | — | 0 |
| CVE-2026-0863 Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. T... | 8.5 | HIGH | — | 0 |
| CVE-2026-1124 A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_report.jsp of the component HTTP GET Parameter Handler. P... | 7.3 | HIGH | — | 0 |
| CVE-2025-15538 A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/c... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1132 A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/edit_folder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the... | 7.3 | HIGH | — | 0 |
| CVE-2026-23626 Kimai is a web-based multi-user time-tracking application. Prior to version 2.46.0, Kimai's export functionality uses a Twig sandbox with an overly permissive security policy (`DefaultPolicy`) that al... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-23644 esm.sh is a no-build content delivery network (CDN) for web development. Prior to Go pseeudoversion 0.0.0-20260116051925-c62ab83c589e, the software has a path traversal vulnerability due to an incompl... | 7.5 | HIGH | — | 0 |
| CVE-2026-23733 LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting (XSS) vulnerability in the Mermaid artifact renderer allows attackers to execute ar... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1129 A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argume... | 7.3 | HIGH | — | 0 |
| CVE-2026-1130 A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Parameter Handler. This manipulation of the argu... | 7.3 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.