CVE-2023-46945 - QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request

CVE-2026-33753 - rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161.

CVE-2026-33229 - XWiki Platform is a generic wiki platform offering runtime services for applications built on top of

CVE-2026-31040 - A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-s

CVE-2026-39865 - Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and pri

CVE-2026-39410 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-39409 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-39408 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-39407 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-39406 - @hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling

CVE-2026-39394 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-39393 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-39392 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-39391 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-39390 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-39389 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-5795 - In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two Th

CVE-2026-35023 - Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulner

CVE-2026-31411 - In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unva

CVE-2026-2509 - The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th

CVE-2025-58713 - A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images

CVE-2025-57854 - A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. T

CVE-2025-57853 - A container privilege escalation flaw was found in certain Web Terminal images. This issue stems fro

CVE-2025-57851 - A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images

CVE-2025-57847 - A container privilege escalation flaw was found in certain Ansible Automation Platform images. This

CVE-2025-14816 - Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 ver

CVE-2025-14815 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 1

CVE-2026-5600 - A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a sp

CVE-2026-5302 - CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers

CVE-2026-5301 - Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers t

CVE-2026-5300 - Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows unauthenticated attacke

CVE-2026-4402 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-28261 - Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0

CVE-2026-27102 - Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, con

CVE-2026-24511 - Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, con

CVE-2026-5208 - Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to

CVE-2026-3396 - WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'po

CVE-2026-3243 - The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to in

CVE-2026-2481 - The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable t

CVE-2026-28264 - Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assign

CVE-2026-1865 - The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, Us

CVE-2026-1673 - The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for

CVE-2026-1672 - The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for

CVE-2026-4303 - The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Sit

CVE-2026-4300 - The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading

CVE-2026-4073 - The pdfl.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pdflio' short

CVE-2026-4025 - The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'a

CVE-2026-39716 - Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Conf

CVE-2026-39715 - Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-l

CVE-2026-39714 - Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrect

CVE-2026-39713 - Missing Authorization vulnerability in mailercloud Mailercloud &#8211; Integrate webforms and synchr

CVE-2026-39712 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDi

CVE-2026-39711 - Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions r

CVE-2026-39710 - Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions a

CVE-2026-39709 - Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-

CVE-2026-39708 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39707 - Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contac

CVE-2026-39706 - Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incor

CVE-2026-39705 - Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync all

CVE-2026-39704 - Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing &#

CVE-2026-39703 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39702 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39701 - Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configu

CVE-2026-39700 - Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured

CVE-2026-39699 - Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-workflow-automation-li

CVE-2026-39698 - Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-a

CVE-2026-39697 - Missing Authorization vulnerability in HBSS Technologies MAIO &#8211; The new AI GEO / SEO tool maio

CVE-2026-39696 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39695 - Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allows Server Side Reque

CVE-2026-39694 - Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appoint

CVE-2026-39693 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39692 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39691 - Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto

CVE-2026-39690 - Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows E

CVE-2026-39689 - Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploitin

CVE-2026-39688 - Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exp

CVE-2026-39687 - Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-dat

CVE-2026-39686 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersk

CVE-2026-39685 - Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Inco

CVE-2026-39684 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39683 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39682 - Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploi

CVE-2026-39681 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39680 - Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculat

CVE-2026-39679 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39678 - Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Expl

CVE-2026-39677 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39676 - Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting

CVE-2026-39675 - Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiti

CVE-2026-39674 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39673 - Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorre

CVE-2026-39672 - Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discoun

CVE-2026-39671 - Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-co

CVE-2026-39670 - Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview a

CVE-2026-39669 - Missing Authorization vulnerability in NitroPack NitroPack nitropack allows Exploiting Incorrectly C

CVE-2026-39668 - Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woo

CVE-2026-39667 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39666 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39665 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39664 - Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly C

CVE-2026-39663 - Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allo

CVE-2026-39662 - Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product

CVE-2026-39660 - Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting In

CVE-2026-39659 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-39658 - Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-fi

CVE-2026-39657 - Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploitin

CVE-2026-39656 - Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploit

CVE-2026-39654 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39653 - Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-confere

CVE-2026-39652 - Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploitin

CVE-2026-39651 - Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting I

CVE-2026-39650 - Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allo

CVE-2026-39649 - Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrect

CVE-2026-39648 - Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly

CVE-2026-39647 - Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podca

CVE-2026-39646 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39645 - Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPayments WooCommerce globa

CVE-2026-39644 - Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploitin

CVE-2026-39643 - Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntp

CVE-2026-39641 - Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site

CVE-2026-39640 - Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Cod

CVE-2026-39639 - Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allow

CVE-2026-39638 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39637 - Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured A

CVE-2026-39636 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39635 - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cr

CVE-2026-39634 - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows

CVE-2026-39633 - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows

CVE-2026-39632 - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site

CVE-2026-39631 - Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiti

CVE-2026-39630 - Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Se

CVE-2026-39629 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutet

CVE-2026-39628 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutet

CVE-2026-39627 - Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Ac

CVE-2026-39626 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutet

CVE-2026-39625 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutet

CVE-2026-39624 - Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Conf

CVE-2026-39623 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39622 - Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting In

CVE-2026-39621 - Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a

CVE-2026-39620 - Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Up

CVE-2026-39619 - Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a

CVE-2026-39618 - Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site Requ

CVE-2026-39617 - Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cros

CVE-2026-39616 - Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments down

CVE-2026-39615 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39614 - Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exp

CVE-2026-39613 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39612 - Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Co

CVE-2026-39611 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39610 - Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorr

CVE-2026-39609 - Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrect

CVE-2026-39608 - Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exp

CVE-2026-39607 - Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly

CVE-2026-39606 - Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectl

CVE-2026-39605 - Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiti

CVE-2026-39604 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39603 - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography grandphotography all

CVE-2026-39602 - Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting In

CVE-2026-39592 - Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows

CVE-2026-39588 - Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-an

CVE-2026-39586 - Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer

CVE-2026-39585 - Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploiting Incorrectly Con

CVE-2026-39575 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39572 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeop

CVE-2026-39571 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic

CVE-2026-39570 - Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting Li

CVE-2026-39569 - Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allo

CVE-2026-39566 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designin

CVE-2026-39565 - Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploit

CVE-2026-39564 - Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo

CVE-2026-39563 - Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Inc

CVE-2026-39562 - Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices

CVE-2026-39561 - Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Co

CVE-2026-39544 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39543 - Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Config

CVE-2026-39542 - Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommer

CVE-2026-39541 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39538 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39536 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill

CVE-2026-39535 - Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api

CVE-2026-39528 - Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting

CVE-2026-39526 - Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows

CVE-2026-39521 - Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allow

CVE-2026-39520 - Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured

CVE-2026-39517 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39516 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH

CVE-2026-39510 - Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final

CVE-2026-39509 - Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly C

CVE-2026-39508 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39506 - Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting In

CVE-2026-39505 - Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-pod

CVE-2026-39504 - Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Inc

CVE-2026-39501 - Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Exploitin

CVE-2026-39500 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39497 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39496 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39495 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39488 - Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Conf

CVE-2026-39487 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39486 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39485 - Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploi

CVE-2026-39484 - URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hi

CVE-2026-39483 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39482 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39479 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39477 - Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorr

CVE-2026-39476 - Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting

CVE-2026-39475 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39473 - Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History sim

CVE-2026-39469 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softacul

CVE-2026-39466 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39464 - Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction &

CVE-2026-33088 - Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an a

CVE-2026-25776 - Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an a

CVE-2026-1396 - The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-4655 - The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Script

CVE-2026-4654 - The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Inse

CVE-2026-4483 - An exposed IOCTL with an  insufficient access control vulnerability has been identified in the utili

CVE-2026-4330 - The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorizat

CVE-2026-5508 - The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wow

CVE-2026-5506 - The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wave` s

CVE-2026-5169 - The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-5167 - The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vul

CVE-2026-4871 - The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-4808 - The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads d

CVE-2026-4338 - The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowe

CVE-2026-4141 - The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi

CVE-2026-3781 - The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgr_off' para

CVE-2026-3618 - The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-3594 - The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in

CVE-2026-3535 - The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to m

CVE-2026-3480 - The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to an

CVE-2026-3477 - The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions

CVE-2026-3142 - The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vulnerable to Stored C

CVE-2026-2838 - The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scrip

CVE-2025-1794 - The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded S

CVE-2026-5083 - Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is gen

CVE-2026-5082 - Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure sessi

CVE-2026-3311 - The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCom

CVE-2026-33273 - Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If

CVE-2026-27787 - Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is

CVE-2026-24913 - SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exp

CVE-2026-4785 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2026-4341 - The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scri

CVE-2026-4333 - The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Script

CVE-2026-4299 - The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions

CVE-2026-4003 - The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User

CVE-2026-3646 - The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to Missing Authoriz

CVE-2026-3600 - The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-annou