CVE-2026-4581 - A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown fu

CVE-2026-4628 - A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Ac

CVE-2026-4580 - A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unkn

CVE-2026-4579 - A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown f

CVE-2026-4578 - A vulnerability was determined in code-projects Exam Form Submission 1.0. The impacted element is an

CVE-2026-3587 - An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the res

CVE-2026-4577 - A vulnerability was found in code-projects Exam Form Submission 1.0. The affected element is an unkn

CVE-2026-23555 - Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/"

CVE-2026-23554 - The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p

CVE-2025-6229 - The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Fo

CVE-2025-13997 - The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets fo

CVE-2026-4603 - Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASet

CVE-2026-4602 - Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numer

CVE-2026-4601 - Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the

CVE-2026-4600 - Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptogra

CVE-2026-4599 - Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparis

CVE-2026-4598 - Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse

CVE-2026-4576 - A vulnerability has been found in code-projects Exam Form Submission 1.0. Impacted is an unknown fun

CVE-2026-4575 - A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown pro

CVE-2026-4574 - A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affe

CVE-2026-4573 - A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affe

CVE-2026-1969 - The trx_addons WordPress plugin before 2.38.5 does not correctly validate file types in one of its A

CVE-2025-10734 - The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Sche

CVE-2025-10731 - The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Sche

CVE-2025-10679 - The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Sche

CVE-2026-4572 - A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this is

CVE-2026-4571 - A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by th

CVE-2026-4570 - A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unkn

CVE-2025-10736 - The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Sche

CVE-2026-4569 - A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unk

CVE-2026-4568 - A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown

CVE-2026-4567 - A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function Upload

CVE-2026-4566 - A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of

CVE-2026-4606 - GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level priv

CVE-2026-4565 - A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of t

CVE-2026-4564 - A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects so

CVE-2026-4563 - A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the functi

CVE-2026-4562 - A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the fi

CVE-2026-2580 - The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for

CVE-2026-4558 - A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure

CVE-2026-4557 - A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown func

CVE-2026-4555 - A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasy

CVE-2026-4554 - A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function Form

CVE-2026-33319 - WWBN AVideo is an open source video platform. Prior to version 26.0, the `uploadVideoToLinkedIn()` m

CVE-2026-33296 - WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains an open re

CVE-2026-33295 - WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored c

CVE-2026-33294 - WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save end

CVE-2026-33293 - WWBN AVideo is an open source video platform. Prior to version 26.0, the `deleteDump` parameter in `

CVE-2026-33292 - WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint (`vi

CVE-2026-4553 - A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the f

CVE-2026-4552 - A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer

CVE-2026-4551 - A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeCli

CVE-2026-4550 - A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects

CVE-2026-4549 - A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the func

CVE-2026-4548 - A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerabil

CVE-2026-4547 - A security vulnerability has been detected in mickasmt next-saas-stripe-starter 1.0.0. Affected is t

CVE-2026-4546 - A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in

CVE-2019-25619 - FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field th

CVE-2019-25618 - AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash t

CVE-2019-25617 - Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function th

CVE-2019-25616 - AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to cra

CVE-2019-25615 - Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability t

CVE-2019-25614 - Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows

CVE-2019-25613 - Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to cras

CVE-2019-25612 - Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability

CVE-2019-25611 - MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows

CVE-2019-25610 - NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows

CVE-2019-25609 - JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Director

CVE-2019-25608 - Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users t

CVE-2019-25607 - Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allo

CVE-2019-25606 - Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers t

CVE-2019-25605 - EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensiti

CVE-2019-25604 - DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling

CVE-2019-25603 - TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allo

CVE-2019-25602 - GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the

CVE-2019-25601 - UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe propert

CVE-2019-25600 - UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash th

CVE-2019-25599 - Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to

CVE-2019-25598 - HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers

CVE-2019-25597 - NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that

CVE-2019-25596 - SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows

CVE-2019-25595 - jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to

CVE-2019-25594 - ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash t

CVE-2019-25593 - jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash t

CVE-2019-25592 - PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the a

CVE-2019-25591 - DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration

CVE-2019-25590 - Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local

CVE-2026-4115 - A vulnerability was detected in PuTTY 0.83. Affected is the function eddsa_verify of the file crypto

CVE-2026-4545 - A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown functi

CVE-2026-4544 - A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the

CVE-2026-4543 - A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function

CVE-2026-4542 - A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the fi

CVE-2026-4541 - A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the fi

CVE-2026-4540 - A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects so

CVE-2026-4539 - A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function A

CVE-2026-4538 - A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the

CVE-2026-4537 - A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function a

CVE-2026-4536 - A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects

CVE-2026-4535 - A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function Wrlcl

CVE-2026-4534 - A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file

CVE-2026-4314 - The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege E

CVE-2026-3427 - The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnera

CVE-2026-4533 - A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issu

CVE-2026-33550 - SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length

CVE-2026-33549 - SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator pr

CVE-2025-71276 - SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.

CVE-2026-4532 - A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. A

CVE-2026-4531 - A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete

CVE-2019-25589 - ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings

CVE-2019-25588 - BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address fie

CVE-2019-25587 - BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path co

CVE-2019-25586 - Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the ap

CVE-2019-25585 - Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the ap

CVE-2019-25584 - RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settin

CVE-2019-25583 - RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local

CVE-2026-4530 - A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function o

CVE-2026-4529 - A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_coun

CVE-2026-3629 - The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation

CVE-2026-4528 - A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function valid

CVE-2026-2756 - A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unk

CVE-2019-25582 - i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attacke

CVE-2019-25581 - i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to ex

CVE-2019-25580 - ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute

CVE-2019-25579 - phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attac

CVE-2019-25578 - phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execut

CVE-2019-25577 - SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated a

CVE-2019-25576 - Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated atta

CVE-2019-25575 - SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers

CVE-2019-25574 - Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to downloa

CVE-2019-25573 - Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute

CVE-2026-4516 - A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unkno

CVE-2019-25572 - NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the a

CVE-2019-25571 - MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash t

CVE-2019-25570 - RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attac

CVE-2019-25569 - RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo P

CVE-2019-25568 - Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users

CVE-2019-25567 - Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the conne

CVE-2019-25566 - TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local at

CVE-2019-25565 - Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registrati

CVE-2019-25564 - PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash

CVE-2019-25563 - PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash

CVE-2019-25562 - jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows

CVE-2019-25561 - Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash th

CVE-2019-25560 - Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash th

CVE-2019-25559 - SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field th

CVE-2019-25558 - Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allo

CVE-2019-25557 - TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers

CVE-2019-25556 - TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image functio

CVE-2019-25555 - TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder comp

CVE-2019-25554 - Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers

CVE-2019-25553 - CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to

CVE-2019-25552 - CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the

CVE-2019-25551 - Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the a

CVE-2019-25550 - Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the ap

CVE-2019-25549 - VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to

CVE-2019-25548 - BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to cra

CVE-2019-25547 - NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows loca

CVE-2019-25546 - NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local att

CVE-2019-25545 - Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers

CVE-2019-25544 - Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the ap

CVE-2026-4515 - A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function c

CVE-2026-4514 - A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality

CVE-2026-4513 - A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the fu

CVE-2026-4511 - A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function e

CVE-2026-4510 - A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of

CVE-2026-4373 - The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in a

CVE-2026-4509 - A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of th

CVE-2026-4261 - The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, a

CVE-2026-4161 - The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-4143 - The Neos Connector for Fakturama plugin for WordPress is vulnerable to Cross-Site Request Forgery in

CVE-2026-4127 - The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions

CVE-2026-4087 - The Pre* Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hint_ids'

CVE-2026-4086 - The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat'

CVE-2026-4084 - The fyyd podcast shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th

CVE-2026-4077 - The Ecover Builder For Dummies plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-4072 - The WordPress PayPal Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-4069 - The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n

CVE-2026-4067 - The Ad Short plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ad' shortcod

CVE-2026-4022 - The Show Posts list – Easy designs, filters and more plugin for WordPress is vulnerable to Stored Cr

CVE-2026-4004 - The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search

CVE-2026-3997 - The Text Toggle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' sh

CVE-2026-3996 - The WP Games Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [game]

CVE-2026-3651 - The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to

CVE-2026-3645 - The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all

CVE-2026-3641 - The Appmax plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, an

CVE-2026-3619 - The Sheets2Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titles'

CVE-2026-3617 - The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'amou

CVE-2026-3570 - The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up t

CVE-2026-3554 - The Sherk Custom Post Type Displays plugin for WordPress is vulnerable to Stored Cross-Site Scriptin

CVE-2026-3546 - The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all

CVE-2026-3506 - The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versi

CVE-2026-3478 - The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in

CVE-2026-3460 - The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference i

CVE-2026-3354 - The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Widt

CVE-2026-3353 - The Comment SPAM Wiper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'AP

CVE-2026-3347 - The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scriptin

CVE-2026-3335 - The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and inc

CVE-2026-3334 - The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'or_blogname', 'or_blo

CVE-2026-3333 - The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-3332 - The Xhanch - My Advanced Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery i

CVE-2026-3331 - The Lobot Slider Administrator plugin for WordPress is vulnerable to Cross-Site Request Forgery in v

CVE-2026-3003 - The Vagaro Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-2941 - The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of dat

CVE-2026-2837 - The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-2723 - The Post Snippits plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u

CVE-2026-2720 - The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee da

CVE-2026-2503 - The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'meta_query[c

CVE-2026-2501 - The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug

CVE-2026-2496 - The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug

CVE-2026-2468 - The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntn_wp_access' cookie in

CVE-2026-2440 - The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to

CVE-2026-2427 - The itsukaita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'day_from

CVE-2026-2424 - The Reward Video Ad for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-2375 - The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable

CVE-2026-2351 - The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, an

CVE-2026-2294 - The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vuln

CVE-2026-2290 - The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all vers

CVE-2026-2279 - The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sort_by' and 'sort_orde

CVE-2026-2277 - The rexCrawler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' an

CVE-2026-2121 - The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add

CVE-2026-1935 - The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all ve

CVE-2026-1914 - The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fuse

CVE-2026-1911 - The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweet_t

CVE-2026-1908 - The Integration with Hubspot Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-1899 - The Any Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin

CVE-2026-1891 - The Simple Football Scoreboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-1889 - The Outgrow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute

CVE-2026-1886 - The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnerable to Stored Cross-Site Scrip

CVE-2026-1854 - The Post Flagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's

CVE-2026-1851 - The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'w

CVE-2026-1822 - The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's

CVE-2026-1806 - The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-S

CVE-2026-1800 - The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via

CVE-2026-1648 - The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all ver

CVE-2026-1647 - The Comment Genius plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_S

CVE-2026-1575 - The Schema Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugi

CVE-2026-1503 - The login_register plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-

CVE-2026-1397 - The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site S

CVE-2026-1393 - The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Si

CVE-2026-1392 - The SR WP Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versio

CVE-2026-1390 - The Redirect countdown plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi

CVE-2026-1378 - The WP Posts Re-order plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versio

CVE-2026-1313 - The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all ve

CVE-2026-1278 - The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin sett

CVE-2026-1275 - The Multi Post Carousel by Category plugin for WordPress is vulnerable to Stored Cross-Site Scriptin

CVE-2026-1253 - The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modificat

CVE-2026-1247 - The Survey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in a

CVE-2026-1093 - The WPFAQBlock– FAQ & Accordion Plugin For Gutenberg plugin for WordPress is vulnerable to Stored Cr

CVE-2026-0609 - The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin plugin for WordPress is v

CVE-2025-14037 - The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path tr