Latest CVE Feed
-
7.2
HIGHCVE-2026-0779
ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to expl... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
7.2
HIGHCVE-2026-0795
ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to ex... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
7.2
HIGHCVE-2021-47892
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially ... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-15380
The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2026-0807
The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'template_proxy' function. This makes it possible for u... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Server-Side Request Forgery
-
7.2
HIGHCVE-2025-59473
SQL Injection vulnerability in the Structure for Admin authenticated user... Read more
Affected Products : expressionengine- Published: Jan. 26, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Injection
-
7.2
HIGHCVE-2026-21417
Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.... Read more
Affected Products : cloudboost_virtual_appliance- Published: Jan. 27, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cryptography
-
7.2
HIGHCVE-2026-24855
ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting (XSS) vulnerability occurs in Create Events in Church Calendar. Users with low privileges can create XSS payloads in the Description field. Th... Read more
Affected Products : churchcrm- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-68030
Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through <= 1.1.5.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Server-Side Request Forgery
-
7.2
HIGHCVE-2026-1841
The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pys_landing_page' parameter in all versions up to, and including, 11.2.0 due to insuff... Read more
Affected Products :- Published: Feb. 13, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2026-1316
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'media[].href' parameter in all versions up to, and including, 5.97.0 due to insufficient input sanitization and output escaping. This makes it ... Read more
Affected Products : customer_reviews_for_woocommerce- Published: Feb. 12, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2026-1843
The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated ... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2026-0653
On TP-Link Tapo C260 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may ... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Authorization
-
7.2
HIGHCVE-2026-1844
The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pys_landing_page' parameter in all versions up to, and including, 12.4.0.2 due to insufficient input sanitization and out... Read more
Affected Products :- Published: Feb. 13, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2026-1320
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output es... Read more
Affected Products : secure_copy_content_protection_and_content_locking- Published: Feb. 12, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2026-0745
The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the 'download_language()' function. This makes it possible for authenticated attackers... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Server-Side Request Forgery
-
7.2
HIGHCVE-2026-0753
The Super Simple Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sscf_name' parameter in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2026-25615
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668.... Read more
Affected Products : blesta- Published: Feb. 03, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Injection
-
7.2
HIGHCVE-2026-2134
A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be ... Read more
- Published: Feb. 08, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Injection
-
7.2
HIGHCVE-2026-23572
Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit c... Read more
Affected Products : remote- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization