Latest CVE Feed
-
0.0
NACVE-2026-23135
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. Those should be reused when freeing t... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-23134
In the Linux kernel, the following vulnerability has been resolved: slab: fix kmalloc_nolock() context check for PREEMPT_RT On PREEMPT_RT kernels, local_lock becomes a sleeping lock. The current check in kmalloc_nolock() only verifies we're not in NMI o... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2026-23133
In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. Those should be reused when freeing t... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-23132
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: synopsys: dw-dp: fix error paths of dw_dp_bind Fix several issues in dw_dp_bind() error handling: 1. Missing return after drm_bridge_attach() failure - the function cont... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2026-2312
The Media Library Folders plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 8.3.6 via the delete_maxgalleria_media() and maxgalleria_rename_image() functions due to missing validation on a user co... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Authorization
-
6.4
MEDIUMCVE-2026-1512
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Info Box widget in all versions up to, and including, 6.5.9 due to insufficient input sanitizatio... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2026-1843
The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated ... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Cross-Site Scripting
-
4.9
MEDIUMCVE-2026-1258
The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping ... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2026-1254
The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly verifying that a user is authorized to modify specific po... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Authorization
-
5.0
MEDIUMCVE-2026-1249
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'load_lyrics_ajax_callback' function. This makes it possible for authenticated attacker... Read more
Affected Products : mp3_audio_player_for_music\,_radio_\&_podcast- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Server-Side Request Forgery
-
6.4
MEDIUMCVE-2026-0550
The myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mycred_load_coupon' shortcode in all versions up to, and including, 2.9.7.3 due to insufficient input sanitization and output escaping on user supplied attribut... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-8572
The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the user_role parameter during user registration. This makes it possible for unauthenticate... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2026-2024
The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2026-2022
The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednao_smart_forms_get_campaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticate... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2026-1988
The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.5 via the `flexipsg_carousel` shortcode. This is due to the `theme` parameter being directly concatenate... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Path Traversal
-
5.4
MEDIUMCVE-2026-1987
The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the `scheduler_widget_ajax_save_event()` function lacking proper authorization checks and ownership ver... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Authorization
-
6.4
MEDIUMCVE-2026-1985
The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 3D Model Gutenberg block in all versions up to, and including, 1.0.2. This is due to the plugin failing to sanitize and validate the URL scheme when storing link URLs fo... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2026-1944
The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbk_save() function in all versions up to, and including, 1.2. This makes it possible for unauthenticated at... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Authorization
-
6.4
MEDIUMCVE-2026-1939
The Percent to Infograph plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `percent_to_graph` shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attribute... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1915
The Simple Plyr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'poster' parameter in the 'plyr' shortcode in all versions up to, and including, 0.0.1 due to insufficient input sanitization and output escaping on user supplied at... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Cross-Site Scripting