Latest Vulnerabilities
Latest Found
The latest vulnerability announcements
- CVE-2026-1582 - WP All Export <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling
- CVE-2026-1317 - WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name
- CVE-2025-8781 - Bookster – WordPress Appointment Booking Plugin <= 2.1.1 - Authenticated (Administrator+) SQL Injection via 'raw'
- CVE-2026-2386 - The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type'
- CVE-2025-14799 - Brevo - Email, SMS, Web Push, Chat, and more. <= 3.3.0 - Unauthenticated Authorization Bypass via Type Juggling
- CVE-2025-7630 - OTP Password Brute Forcing in DorukNet's Wispotter
- CVE-2026-1942 - Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification
- CVE-2026-2426 - WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'file' Parameter
- CVE-2026-2653 - admesh normals.c stl_check_normal_vector heap-based overflow
- CVE-2025-14444 - RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment
CISA Advisories
The latest advisories from CISA
- CISA Adds Four Known Exploited Vulnerabilities to Catalog
- Siemens Simcenter Femap and Nastran
- GE Vernova Enervista UR Setup
- Delta Electronics ASDA-Soft
- Honeywell CCTV Products
- CISA Adds One Known Exploited Vulnerability to Catalog
- Siemens Solid Edge
- CISA Adds Four Known Exploited Vulnerabilities to Catalog
- Siemens Siveillance Video Management Servers
- Hitachi Energy SuprOS
