Latest CVE Vulnerabilities

2.5 LOW

CVE-2026-20757 — Gallagher Morpho Command Centre Server Denial-of-Service Vulnerability

Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command …

| Race Condition

Mar 03, 2026 Mar 03, 2026

Mar 03, 2026

5.7 MEDIUM

CVE-2025-47147 — Command Centre Mobile Client Cleartext Storage of Sensitive Information

Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the …

| Cryptography

Mar 03, 2026 Mar 03, 2026

Mar 03, 2026

9.8 CRITICAL

CVE-2026-2628 — All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login <= 2.2.5 - Authentication Bypass

The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauth…

Remote | Authentication

Mar 03, 2026 Mar 03, 2026

Mar 03, 2026

8.8 HIGH

CVE-2026-2448 — Page Builder by SiteOrigin <= 2.33.5 - Authenticated (Contributor+) Local File Inclusion

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate_template() function. This makes it possible for a…

page_builder | Remote | Path Traversal

Mar 03, 2026 Mar 03, 2026

Mar 03, 2026

7.2 HIGH

CVE-2026-2269 — Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 7…

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.…

uncanny_automator | Remote | Server-Side Request Forgery

Mar 03, 2026 Mar 03, 2026

Mar 03, 2026

6.5 MEDIUM

CVE-2026-1487 — LatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insuffic…

Remote | Injection

Mar 03, 2026 Mar 03, 2026

Mar 03, 2026

8.2 HIGH

CVE-2026-0754 — SIP Service Providers – Possible Impersonation of Poly Voice Device

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if…

| Cryptography

Mar 03, 2026 Mar 03, 2026

Mar 03, 2026

8.8 HIGH

CVE-2026-1566 — LatePoint <= 5.2.7 - Authenticated (Agent+) Privilege Escalation

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is …

Remote | Authentication

Mar 03, 2026 Mar 03, 2026

Mar 03, 2026

5.3 MEDIUM

CVE-2026-1336 — AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.5 - Missing Authorization to …

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the store_data() and ge…

chatgpt_assistant | Remote | Authentication

Mar 03, 2026 Mar 03, 2026

Mar 03, 2026

6.4 MEDIUM

CVE-2026-2583 — Blocksy <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy…

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `blocksy_meta` metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization…

blocksy | Remote | Cross-Site Scripting

Mar 02, 2026 Mar 03, 2026

Mar 02, 2026

Mar 03, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences