Total CVEs

144,218

Critical Severity

4,148

High Severity

14,965

Last 7 Days

1,632
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,921 - 2,940 of 40,623 CVEs

The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with a low-privilege account to cancel subscriptions belonging to other users.

Vendor: Unknown
Product: Fluent Forms
Published: Jul 01, 2026
Source: NVD
CVE-2026-11823 HIGH - 7.5

The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'store_service_date' parameter of the bpa_assign_staffmember_to_slots() function in versions up to and including 5.7.1. This is due to the explicit use of stripslashes_deep() on user-suppli...

Vendor: Repute Infosystems
Product: BookingPress Appointment Booking Pro
Published: Jul 01, 2026
Source: NVD
CVE-2026-11794 HIGH - 8.1

The Advanced Form Integration โ€” Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the user r...

Vendor: Unknown
Product: Advanced Form Integration โ€” Connect Forms to 200+ Apps
Published: Jul 01, 2026
Source: NVD
CVE-2026-11570 MEDIUM - 4.2

The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated users when a non-default display option is enabled.

Vendor: Unknown
Product: User Submitted Posts
Published: Jul 01, 2026
Source: NVD
CVE-2026-11568 HIGH - 7.5

The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public AJAX action, allowing unauthenticated users to retrieve the data (title, price, weight, stock status, and configur...

Vendor: Unknown
Product: Product Configurator for WooCommerce
Published: Jul 01, 2026
Source: NVD
CVE-2026-11562 MEDIUM - 4.3

The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings.

Vendor: Unknown
Product: WS Form LITE
Published: Jul 01, 2026
Source: NVD
CVE-2026-10750 HIGH - 8.1

The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users with a low-privileged role such as Subscriber to read private content, enumerate all users and their roles, and create, modify, o...

Vendor: Unknown
Product: Royal MCP
Published: Jul 01, 2026
Source: NVD
CVE-2025-15666 MEDIUM - 5.3

A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::SceneCombiner::Copy of the file code/Common/SceneCombiner.cpp of the component Model File Handler. Such manipulation of the argument width/height leads t...

Vendor: Open Asset Import Library
Product: Assimp
Published: Jul 01, 2026
Source: NVD
CVE-2026-9107 MEDIUM - 6.4

The Kali Forms โ€” Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'meta[kaliforms_field_components]' parameter in all versions up to, and including, 2.4.13 due to insufficient input sanitization and output escaping. This mak...

Published: Jul 01, 2026
Source: NVD
CVE-2026-7840 CRITICAL - 9.8

UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer (hdrbuf) via unchecked sprintf ca...

Published: Jul 01, 2026
Source: NVD
CVE-2026-7839 CRITICAL - 9.1

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpy_s(saved_password...

Vendor: uvnc
Product: ultravnc
Published: Jul 01, 2026
Source: NVD
CVE-2026-7838 HIGH - 8.8

UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte network-supplied reasonLen field (type CARD32) is passed as reasonLen+1 to CheckBufferSize(). Because both o...

Vendor: uvnc
Product: ultravnc
Published: Jul 01, 2026
Source: NVD
CVE-2026-7831 HIGH - 7.6

UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.cpp, when the server-supplied nameLength equals exactly 2024 the code declares a 2024-byte stack buffer _dn[2024] and calls ReadString(_dn, 2024). ReadStr...

Vendor: uvnc
Product: ultravnc
Published: Jul 01, 2026
Source: NVD
CVE-2026-7830 HIGH - 7.4

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth). In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer (DH_MAX_BITS controls the prime size). A 64-bit DH key can be ...

Vendor: uvnc
Product: ultravnc
Published: Jul 01, 2026
Source: NVD
CVE-2026-7829 HIGH - 7.2

UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpy_s copies a rule token into temp1[rule1] (25-byte destination) or temp2/temp3 (16-byte destination), the code unconditionally writes...

Vendor: uvnc
Product: ultravnc
Published: Jul 01, 2026
Source: NVD
CVE-2026-7828 MEDIUM - 5.3

UltraVNC repeater through 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, the win_log() function allocates list nodes via malloc(sizeof(struct LIST) + strlen(line)), where line is derived from HTTP request URIs. If strlen(line) is sufficientl...

Vendor: uvnc
Product: ultravnc
Published: Jul 01, 2026
Source: NVD
CVE-2026-7517 HIGH - 7.2

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alg_wc_cpg_input_fields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unaut...

Published: Jul 01, 2026
Source: NVD
CVE-2026-6070 CRITICAL - 9.1

The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove() method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is accessi...

Published: Jul 01, 2026
Source: NVD
CVE-2026-58519 MEDIUM - 5.4

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from * before 3.9.1.

Vendor: The Wikimedia Foundation
Product: Mediawiki - Cargo Extension
Published: Jul 01, 2026
Source: NVD

Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from * before 1.3.3.

Vendor: The Wikimedia Foundation
Product: Mediawiki - RedirectManager Extension
Published: Jul 01, 2026
Source: NVD