Search
153,552 CVEs · Medium severity
CVEs (153,552, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 226–250 of 153,552 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-8875 | MEDIUM | 6.4 | 2026-05-27 | The Easy Prism Syntax Highlighter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'code' (and 'c') shortcode in versions up to, and inclu… | |
| CVE-2026-8873 | MEDIUM | 6.4 | 2026-05-27 | The Content Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 2.4.1 due to insuffic… | |
| CVE-2026-8872 | MEDIUM | 6.4 | 2026-05-27 | The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animation-set' shortcode in versions up to, and including, 1.0.… | |
| CVE-2026-8871 | MEDIUM | 6.4 | 2026-05-27 | The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kinetic_link' shortcode in versions up to, and including, 1.1.01. This is … | |
| CVE-2026-8870 | MEDIUM | 6.4 | 2026-05-27 | The Team Master – A Modern WordPress Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and inc… | |
| CVE-2026-8869 | MEDIUM | 6.4 | 2026-05-27 | The Mutual Funds Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute in versions up to, and including, 1.2.1. This is… | |
| CVE-2026-8868 | MEDIUM | 6.4 | 2026-05-27 | The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'single-mailchimp' shortcode in all versions up to, and including, 1.4. This … | |
| CVE-2026-8867 | MEDIUM | 6.4 | 2026-05-27 | The Post Category Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'postcategorygallery' shortcode in versions up to, and includin… | |
| CVE-2026-8866 | MEDIUM | 6.4 | 2026-05-27 | The jQuery googleslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'googleslides' shortcode in all versions up to, and including, 1.3. This i… | |
| CVE-2026-8852 | MEDIUM | Patched | 6.2 | 2026-05-26 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module. |
| CVE-2026-8847 | MEDIUM | 6.4 | 2026-05-27 | The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dideo' shortcode in version 1.0. This is due to insufficient input sanitizatio… | |
| CVE-2026-8846 | MEDIUM | 6.4 | 2026-05-27 | The Tuxquote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'TUXQUOTE' shortcode in versions up to, and including, 1.3. This is due to insufficie… | |
| CVE-2026-8845 | MEDIUM | 6.4 | 2026-05-27 | The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is du… | |
| CVE-2026-8844 | MEDIUM | 6.4 | 2026-05-27 | The Responsive Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rspcheck' shortcode in versions up to, and including, 0.0.3. This is due to … | |
| CVE-2026-8843 | MEDIUM | 6.5 | 2026-05-18 | Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index wi… | |
| CVE-2026-8842 | MEDIUM | 6.4 | 2026-05-27 | The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gplusnamelink' shortcode in versions up to, and including, 1.0. This is due… | |
| CVE-2026-8839 | MEDIUM | 5.3 | 2026-06-06 | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is… | |
| CVE-2026-8837 | MEDIUM | 6.4 | 2026-05-27 | The WP Iframe Geo Style for Amazon affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'adid' Shortcode Attribute in all versions up to, and in… | |
| CVE-2026-8830 | MEDIUM | 4.3 | 2026-05-19 | A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occu… | |
| CVE-2026-8814 | MEDIUM | Patched | 5.3 | 2026-05-19 | Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata w… |
| CVE-2026-8802 | MEDIUM | 4.3 | 2026-05-18 | A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The … | |
| CVE-2026-8786 | MEDIUM | Patched | 6.3 | 2026-05-18 | A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initial… |
| CVE-2026-8784 | MEDIUM | 4.2 | 2026-05-18 | A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in syml… | |
| CVE-2026-8783 | MEDIUM | 4.3 | 2026-05-18 | A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Suc… | |
| CVE-2026-8782 | MEDIUM | 4.3 | 2026-05-18 | A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This… |