Latest CVE Vulnerabilities

7.7 HIGH

CVE-2025-40947 — RUGGEDCOM ROX Remote Command Injection Vulnerability

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1…

ruggedcom_rox_mx5000_firmware ruggedcom_rox_rx1400_firmware ruggedcom_rox_rx1500_firmware ruggedcom_rox_rx1501_firmware ruggedcom_rox_rx1510_firmware ruggedcom_rox_rx1511_firmware +5 more | Remote | Injection

May 12, 2026 May 12, 2026

May 12, 2026

8.3 HIGH

CVE-2025-40946 — Siemens Blueplanet Serial Number Credential Derivation Vulnerability

A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All version…

| Authentication

May 12, 2026 May 12, 2026

May 12, 2026

8.7 HIGH

CVE-2025-40833 — Aruba Networks IPv4 Request Denial of Service

The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service condition. A manual res…

simatic_s7-1500_cpu_1511-1_pn_firmware simatic_s7-1500_cpu_1511f-1_pn_firmware simatic_s7-1500_cpu_1513-1_pn_firmware simatic_s7-1500_cpu_1515-2_pn_firmware simatic_s7-1500_cpu_1515f-2_pn_firmware simatic_s7-1500_cpu_1516-3_pn\/dp_firmware +104 more | Remote | Denial of Service

May 12, 2026 May 12, 2026

May 12, 2026

6.9 MEDIUM

CVE-2024-54017 — Siemens SIPROTEC 5 Web Server Session Identifier Predictability Vulnerability

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6…

Remote | Authentication

May 12, 2026 May 12, 2026

May 12, 2026

6.4 MEDIUM

CVE-2026-7661 — Bootstrap Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via…

The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `box` shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitiza…

Remote | Cross-Site Scripting

May 12, 2026 May 12, 2026

May 12, 2026

6.4 MEDIUM

CVE-2026-7659 — Advanced Social Media Icons <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scrip…

The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `social` shortcode in all versions up to, and including, 1.2. This is due to insufficient inp…

Remote | Cross-Site Scripting

May 12, 2026 May 12, 2026

May 12, 2026

5.3 MEDIUM

CVE-2026-7626 — Slek Gateway for WooCommerce <= 1.0 - Unauthenticated Insufficiently Protected Credential…

The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb_handle_slek_payment_redirect() function placing the merchant's slek_…

Remote | Information Disclosure

May 12, 2026 May 12, 2026

May 12, 2026

4.3 MEDIUM

CVE-2026-7616 — Zawgyi Embed <= 2.1.1 - Cross-Site Request Forgery via 'zawgyi_forceCSS' Parameter

The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyi_admin…

Remote | Cross-Site Request Forgery

May 12, 2026 May 12, 2026

May 12, 2026

4.3 MEDIUM

CVE-2026-7562 — WP-Redirection <= 1.0.3 - Cross-Site Request Forgery to Settings Update

The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form a…

Remote | Cross-Site Request Forgery

May 12, 2026 May 12, 2026

May 12, 2026

6.1 MEDIUM

CVE-2026-7561 — Tm – WordPress Redirection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scrip…

The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a fu…

Remote | Cross-Site Request Forgery

May 12, 2026 May 12, 2026

May 12, 2026

6.1 MEDIUM

CVE-2026-7464 — WP Google Maps Integration <= 1.2 - Reflected Cross-Site Scripting via 'page' Parameter

The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `page` parameter in all versions up to, and including, 1.2. This is due to insufficient inp…

Remote | Cross-Site Scripting

May 12, 2026 May 12, 2026

May 12, 2026

6.1 MEDIUM

CVE-2026-7437 — AzonPost <= 1.3 - Reflected Cross-Site Scripting

The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `editpos_hidden` parameter in all versions up to, and including, 1.3. This is due to insufficient input sanit…

Remote | Cross-Site Scripting

May 12, 2026 May 12, 2026

May 12, 2026

4.3 MEDIUM

CVE-2026-7050 — Forms Rb <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modif…

The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perf…

Remote | Authorization

May 12, 2026 May 12, 2026

May 12, 2026

4.3 MEDIUM

CVE-2026-6932 — Woo Commerce Minimum Weight <= 3.0.1 - Cross-Site Request Forgery via Settings Update Form

The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings u…

Remote | Cross-Site Request Forgery

May 12, 2026 May 12, 2026

May 12, 2026

6.4 MEDIUM

CVE-2026-6913 — Shortcodely <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'widg…

The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widget_area' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization an…

Remote | Cross-Site Scripting

May 12, 2026 May 12, 2026

May 12, 2026

6.1 MEDIUM

CVE-2026-6808 — Pricing Tables for WP <= 1.1.0 - Reflected Cross-Site Scripting via 'page' Parameter

The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.0. This is due to insufficient input …

Remote | Cross-Site Scripting

May 12, 2026 May 12, 2026

May 12, 2026

4.3 MEDIUM

CVE-2026-6710 — Skysa Text Ticker App <= 1.4 - Cross-Site Request Forgery to Settings Modification via 'S…

The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the Skysa…

Remote | Cross-Site Request Forgery

May 12, 2026 May 12, 2026

May 12, 2026

4.3 MEDIUM

CVE-2026-6709 — Coinbase Commerce for Contact Form 7 <= 1.1.2 - Missing Authorization to Authenticated (S…

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce…

Remote | Authorization

May 12, 2026 May 12, 2026

May 12, 2026

5.3 MEDIUM

CVE-2026-6708 — HEL Online Classroom: AI-powered Online Classrooms <= 1.0.3 - Missing Authorization to Un…

The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is due to a missing capability che…

Remote | Authorization

May 12, 2026 May 12, 2026

May 12, 2026

7.2 HIGH

CVE-2026-6690 — LifePress <= 2.2.2 - Unauthenticated Stored Cross-Site Scripting via 'n' Parameter via lp…

The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp_update_mds AJAX action in all versions up to, and including, 2.2.2. This is due to the …

Remote | Cross-Site Scripting

May 12, 2026 May 12, 2026

May 12, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences