CVEs from 2026
Total
13,362
critical
critical 1,116
high
high 3,953
medium
medium 4,013
low
low 420
% Critical
8.4%
% with KEV
0.4%
% with exploit
0.4%
Top products
- chrome 299
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-28863 | medium | 6.5 | 6.5 | 2mo ago | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user. | |
| CVE-2026-20657 | medium | 6.5 | 6.5 | 2mo ago | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Ta… | |
| CVE-2026-33658 | medium | 6.5 | 6.5 | 2mo ago | Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests | |
| CVE-2026-4778 | medium | 6.5 | 6.5 | 2mo ago | A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file update_category.php of the component HTTP GET Parameter Handler. T… | |
| CVE-2026-4777 | medium | 6.5 | 6.5 | 2mo ago | A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulat… | |
| CVE-2026-4749 | medium | 6.5 | 6.5 | 2mo ago | NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0. | |
| CVE-2026-31849 | medium | 6.5 | 6.5 | 2mo ago | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a … | |
| CVE-2026-31846 | medium | 6.5 | 6.5 | 2mo ago | Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device informa… | |
| CVE-2026-4572 | medium | 6.5 | 6.5 | 2mo ago | A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /view_product.php of the component HTTP POST Request … | |
| CVE-2026-4571 | medium | 6.5 | 6.5 | 2mo ago | A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_payments.php of the component HTTP P… | |
| CVE-2026-4569 | medium | 6.5 | 6.5 | 2mo ago | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manip… | |
| CVE-2026-4568 | medium | 6.5 | 6.5 | 2mo ago | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulati… | |
| CVE-2026-32896 | medium | 6.5 | 6.5 | 2mo ago | OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback) | |
| CVE-2026-32663 | medium | 6.5 | 6.5 | 2mo ago | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predi… | |
| CVE-2026-27649 | medium | 6.5 | 6.5 | 2mo ago | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predi… | |
| CVE-2026-32941 | medium | 6.5 | 6.5 | 2mo ago | Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports in github.com/bishopfox/sliver | |
| CVE-2026-32889 | medium | 6.5 | 6.5 | 2mo ago | Denial of service via non-terminating SYLT frame parsing loop in tinytag | |
| CVE-2026-32022 | medium | 6.5 | 6.5 | 2mo ago | OpenClaw safeBins grep -e File Read Bypass (stdin-only policy bypass) | |
| CVE-2026-4426 | medium | 6.5 | 6.5 | 2mo ago | A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge exte… | |
| CVE-2026-27397 | medium | 6.5 | 6.5 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This is… | |
| CVE-2026-0708 | medium | 6.5 | 6.5 | 2mo ago | A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can… | |
| CVE-2026-28522 | medium | 6.5 | 6.5 | 2mo ago | arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP p… | |
| CVE-2026-32451 | medium | 6.5 | 6.5 | 3mo ago | Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a th… | |
| CVE-2026-32398 | medium | 6.5 | 6.5 | 3mo ago | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This… | |
| CVE-2026-2673 | medium | 6.5 | 6.5 | 3mo ago | Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword.… | |
| CVE-2026-32237 | medium | 6.5 | 6.5 | 3mo ago | @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint | |
| CVE-2026-21670 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability allowing a low-privileged user to extract saved SSH credentials. | |
| CVE-2026-21668 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository. | |
| CVE-2026-3954 | medium | 6.5 | 6.5 | 3mo ago | A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by this vulnerability is the function workspace of the file XAgentServer/application/routers/workspace.py. This manipulation of the ar… | |
| CVE-2026-1471 | medium | 6.5 | 6.5 | 3mo ago | Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after resta… | |
| CVE-2026-30973 | medium | 6.5 | 6.5 | 3mo ago | @appium/support has a Zip Slip arbitrary file write in its ZIP extraction | |
| CVE-2026-3816 | medium | 6.5 | 6.5 | 3mo ago | A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderPa… | |
| CVE-2026-3695 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traver… | |
| CVE-2026-29781 | medium | 6.5 | 6.5 | 3mo ago | Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers in github.com/bishopfox/sliver | |
| CVE-2026-29771 | medium | 6.5 | 6.5 | 3mo ago | Netmaker Vulnerable to Denial of Service via Server Shutdown Endpoint in github.com/gravitl/netmaker | |
| CVE-2026-22723 | medium | 6.5 | 6.5 | 3mo ago | Cloudfoundry UAA has logic error in the token revocation endpoint implementation | |
| CVE-2026-27362 | medium | 6.5 | 6.5 | 3mo ago | Missing Authorization vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP … | |
| CVE-2026-23799 | medium | 6.5 | 6.5 | 3mo ago | Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.5. | |
| CVE-2026-22459 | medium | 6.5 | 6.5 | 3mo ago | Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a… | |
| CVE-2026-20064 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) co… | |
| CVE-2026-20023 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjace… | |
| CVE-2026-20022 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpe… | |
| CVE-2026-3408 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads t… | |
| CVE-2026-3269 | medium | 6.5 | 6.5 | 3mo ago | PSI Probe: Broken access control can lead to DoS | |
| CVE-2026-3118 | medium | 6.5 | 6.5 | 3mo ago | A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user … | |
| CVE-2026-2984 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability was identified in SourceCodester Student Result Management System 1.0. This affects an unknown function of the file /admin/core/drop_user.php. Such manipulation of the argument ID lea… | |
| CVE-2026-2976 | medium | 6.5 | 6.5 | 3mo ago | A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function download_controller of the file /backend/app/api/v1/module_common/file/controller.py of the componen… | |
| CVE-2026-2945 | medium | 6.5 | 6.5 | 3mo ago | A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl… | |
| CVE-2026-2898 | medium | 6.5 | 6.5 | 3mo ago | funadmin: Deserialization Vulnerability in Backend Endpoint via AuthCloudService getMember Function | |
| CVE-2026-2850 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\s… | |
| CVE-2026-22350 | medium | 6.5 | 6.5 | 3mo ago | Missing Authorization vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Exploiting Incorrectly Configured Access Control Security Le… | |
| CVE-2026-2693 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unknown code of the file /api/system/dashboard/getCount of the component System Info Endpoint. Executi… | |
| CVE-2026-2692 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability was found in CoCoTeaNet CyreneAdmin up to 1.3.0. This affects an unknown part of the file /api/system/user/getAvatar of the component Image Handler. Performing a manipulation of the a… | |
| CVE-2026-2669 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This impacts an unknown function of the file /dm/dispatch/user/delete of the component Us… | |
| CVE-2026-25729 | medium | 6.5 | 6.5 | 4mo ago | DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated use… | |
| CVE-2026-2009 | medium | 6.5 | 6.5 | 4mo ago | A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/php_action/createUser.php. Executing a manipulation can lead … | |
| CVE-2026-24988 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.… | |
| CVE-2026-24601 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Pay Writer penci-pay-writer allows Stored XSS.This issue affects Penci Pay Writ… | |
| CVE-2026-24600 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a… | |
| CVE-2026-24591 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion allows Stored XSS.Th… | |
| CVE-2026-24576 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through <= 5.4.0. | |
| CVE-2026-24558 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/… | |
| CVE-2026-24555 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget… | |
| CVE-2026-24550 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through <= 1.2.19. | |
| CVE-2026-24526 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options … | |
| CVE-2026-24379 | medium | 6.5 | 6.5 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP… | |
| CVE-2026-24361 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress – Course Review learnpress-course-review allows Stored XSS.This issue affect… | |
| CVE-2026-24355 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue a… | |
| CVE-2026-22349 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linux4me2 Menu In Post menu-in-post allows DOM-Based XSS.This issue affects Menu In Post: from n/… | |
| CVE-2026-1142 | medium | 6.5 | 6.5 | 4mo ago | A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be init… | |
| CVE-2026-0571 | medium | 6.5 | 6.5 | 5mo ago | A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function createResponseEntity of the file warehouse\src\main\java… | |
| CVE-2026-44462 | medium | 6.4 | 6.4 | 4h ago | Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining (${var@P}), allowing arbitrary command execution under an allowliste… | |
| CVE-2026-4334 | medium | 6.4 | 6.4 | 12h ago | The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the [shariff] shortcode in all versions up to, and including, 4.6.20 due to insuf… | |
| CVE-2026-6427 | medium | 6.4 | 6.4 | 13h ago | The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the _filter_videos() method that breaks HT… | |
| CVE-2026-9644 | medium | 6.4 | 6.4 | 15h ago | The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmart_widget' shortcode in all versions up to, and including, 1.2 due … | |
| CVE-2026-8042 | medium | 6.4 | 6.4 | 2d ago | The Github Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'repo' shortcode attribute in the 'github' shortcode in all versions up to, and including, 0.1 due to in… | |
| CVE-2026-3895 | medium | 6.4 | 6.4 | 2d ago | The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `lvca_admin_ajax` AJAX action in all versions up to, and including, 3.9.4 due to… | |
| CVE-2026-2030 | medium | 6.4 | 6.4 | 2d ago | The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[lvca_carousel]` and `[lvca_posts_carousel]` shortcode attributes in all versio… | |
| CVE-2026-3896 | medium | 6.4 | 6.4 | 2d ago | The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `lsow_admin_ajax` AJAX action in all versions up to, and including, 3.9.2 due to missing auth… | |
| CVE-2026-3897 | medium | 6.4 | 6.4 | 2d ago | The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `labb_admin_ajax` AJAX action in all versions up to, and including, 3.9.2 due to missi… | |
| CVE-2026-8884 | medium | 6.4 | 6.4 | 2d ago | The Instant-Quote.co Quotation Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.3.4 due to insufficient input sa… | |
| CVE-2026-8867 | medium | 6.4 | 6.4 | 2d ago | The Post Category Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'postcategorygallery' shortcode in versions up to, and including, 1.0.0. This is due to in… | |
| CVE-2026-8899 | medium | 6.4 | 6.4 | 2d ago | The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input saniti… | |
| CVE-2026-8040 | medium | 6.4 | 6.4 | 2d ago | The faq shortocde plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in the 'faq' shortcode in all versions up to, and including, 1.0 due to insuffi… | |
| CVE-2026-8886 | medium | 6.4 | 6.4 | 2d ago | The hk_shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title-plane' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitizatio… | |
| CVE-2026-8847 | medium | 6.4 | 6.4 | 2d ago | The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dideo' shortcode in version 1.0. This is due to insufficient input sanitization and output escaping on th… | |
| CVE-2026-8844 | medium | 6.4 | 6.4 | 2d ago | The Responsive Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rspcheck' shortcode in versions up to, and including, 0.0.3. This is due to insufficient input sanitiza… | |
| CVE-2026-8875 | medium | 6.4 | 6.4 | 2d ago | The Easy Prism Syntax Highlighter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'code' (and 'c') shortcode in versions up to, and including, 1.0.2. This is due to… | |
| CVE-2026-8894 | medium | 6.4 | 6.4 | 2d ago | The iWR Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `iwrtooltip` shortcode in versions up to, and including, 1.0. This is due to insufficient input sani… | |
| CVE-2026-8845 | medium | 6.4 | 6.4 | 2d ago | The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is due to insufficient input san… | |
| CVE-2026-8873 | medium | 6.4 | 6.4 | 2d ago | The Content Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 2.4.1 due to insufficient input sanitization and… | |
| CVE-2026-8846 | medium | 6.4 | 6.4 | 2d ago | The Tuxquote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'TUXQUOTE' shortcode in versions up to, and including, 1.3. This is due to insufficient input sanitization and o… | |
| CVE-2026-8891 | medium | 6.4 | 6.4 | 2d ago | The BitForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bitform' shortcode in versions up to, and including, 1.1.0. This is due to insufficient input sanitizat… | |
| CVE-2026-8871 | medium | 6.4 | 6.4 | 2d ago | The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kinetic_link' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input s… | |
| CVE-2026-8048 | medium | 6.4 | 6.4 | 2d ago | The My Email Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subject' shortcode attribute in the 'my-email' shortcode in all versions up to, and including, 0.91 d… | |
| CVE-2026-8872 | medium | 6.4 | 6.4 | 2d ago | The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animation-set' shortcode in versions up to, and including, 1.0.0. This is due to insuffici… | |
| CVE-2026-8869 | medium | 6.4 | 6.4 | 2d ago | The Mutual Funds Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute in versions up to, and including, 1.2.1. This is due to insufficient input … | |
| CVE-2026-8898 | medium | 6.4 | 6.4 | 2d ago | The Events In City plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'org-events' shortcode in versions up to, and including, 3.0. This is due to insufficient input sanitizati… | |
| CVE-2026-8866 | medium | 6.4 | 6.4 | 2d ago | The jQuery googleslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'googleslides' shortcode in all versions up to, and including, 1.3. This is due to insufficient input… | |
| CVE-2026-8701 | medium | 6.4 | 6.4 | 2d ago | The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the `title-ticker-slide`, `title-ticker-fade`, and `title-ticker-typing` shortcodes. Th… |