CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-1084 The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input s... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-1088 The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotion_loginform_proc... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1095 The Canto Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fx' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitizati... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1099 The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'login' and 'logout' shortcode attributes in all versions up to, and including, 0.3.4 due to ins... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1103 The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-1257 The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'get_template' shortcode. This is d... | 7.5 | HIGH | β | 0 |
| CVE-2025-13194 The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-14630 The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSetting... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-14907 The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the msp_admin_page(... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-15516 The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_callback_store_user_meta() function in versions 4.1.0... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-0800 The User Submitted Posts β Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including,... | 7.2 | HIGH | β | 0 |
| CVE-2026-1098 The CM CSS Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' shortcode attribute in all versions up to, and including, 1.2.1 due to insufficient input sanitizatio... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1127 The Timeline Event History plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `id` parameter in all versions up to, and including, 3.2 due to insufficient input sanitization ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-1189 The LeadBI Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_id' parameter of the 'leadbi_form' shortcode in all versions up to, and including, 1.7 d... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1208 The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1266 The Postalicious plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output esca... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-1300 The Responsive Header plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple plugin settings parameters in all versions up to, and including, 1.0 due to insufficient input sani... | 4.4 | MEDIUM | β | 0 |
| CVE-2025-13920 The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk_public_action AJAX handler. This makes it possible for... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-0911 The Hustle β Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function ... | 7.5 | HIGH | β | 0 |
| CVE-2026-0862 The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βoptionsβ parameter in all versions up to, and including, 4.5.5 due to insufficient inpu... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-0593 The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all vers... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-6461 The CubeWP β All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1406 A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of ... | 3.5 | LOW | β | 0 |
| CVE-2020-36931 Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat nam... | 6.4 | MEDIUM | β | 0 |
| CVE-2020-36932 SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' b... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-36933 HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with e... | 7.8 | HIGH | β | 0 |
| CVE-2020-36934 Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers c... | 7.8 | HIGH | β | 0 |
| CVE-2020-36935 KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquo... | 7.8 | HIGH | β | 0 |
| CVE-2020-36936 Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elev... | 7.8 | HIGH | β | 0 |
| CVE-2020-36937 Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the un... | 7.8 | HIGH | β | 0 |
| CVE-2026-24805 NULL Pointer Dereference vulnerability in visualfc liteide (liteidex/src/3rdparty/libvterm/src modules). This vulnerability is associated with program files screen.C, state.C, vterm.C. This issue aff... | N/A | NONE | β | 0 |
| CVE-2026-24806 Improper Control of Generation of Code ('Code Injection') vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules). Thi... | N/A | NONE | β | 0 |
| CVE-2026-1407 A security flaw has been discovered in Beetel 777VR1 up to 01.00.09/01.00.09_55. This affects an unknown part of the component UART Interface. Performing a manipulation results in information disclosu... | 2.0 | LOW | β | 0 |
| CVE-2026-1408 A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability affects unknown code of the component UART Interface. Executing a manipulation can lead to weak password ... | 2.0 | LOW | β | 0 |
| CVE-2026-1409 A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper r... | 2.0 | LOW | β | 0 |
| CVE-2026-1410 A vulnerability was detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. Impacted is an unknown function of the component UART Interface. The manipulation results in missing authentication. An attack... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1411 A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknown function of the component UART Interface. This manipulation causes improper access controls. It is... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-24807 Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulner... | N/A | NONE | β | 0 |
| CVE-2026-1412 A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/get_clip_img of the com... | 7.3 | HIGH | β | 0 |
| CVE-2026-1413 A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ip_and_port/port_validate of the compon... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-1414 A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/get_Information of the comp... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-1419 A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument Light... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-1420 A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote explo... | 8.8 | HIGH | β | 0 |
| CVE-2026-1421 A vulnerability has been found in code-projects Online Examination System 1.0. Affected is an unknown function of the component Add Pages. Such manipulation leads to cross site scripting. The attack c... | 3.5 | LOW | β | 0 |
| CVE-2026-1422 A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a ma... | 7.3 | HIGH | β | 0 |
| CVE-2026-1423 A vulnerability was determined in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /admin_pic.php. Executing a manipulation can lead to unr... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-1424 A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initia... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-27821 Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the i... | 7.3 | HIGH | β | 0 |
| CVE-2025-41082 Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length ... | N/A | NONE | β | 0 |
| CVE-2025-41083 Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.