PUBLIC VULNERABILITY INDEX · NVD · CISA KEV · EPSS

Every CVE,
explained.

Look up any vulnerability by ID, vendor, or product. Each entry carries its CVSS score, decoded attack vector, affected versions, exploit signals, and a plain-language summary.

11,003CVEs indexed
26Known exploited
1,000With public PoC
45dWindow
2026-07-02Updated
Severity mix

Recently published

latest 60 of 11,003
CVE IDSeverityProduct / summaryPublished
CVE-2026-10095 MEDIUM 6.4 Wp Photo Album Plus — The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtext' pa… 2026-07-01 CVE-2026-10096 MEDIUM 4.3 Qi Blocks — The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, an… 2026-07-01 CVE-2026-10538 HIGH 8.9 Control M/Enterprise Manager — Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction… 2026-07-01 CVE-2026-10539 CRITICAL 9.5 Control M/Server — A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under c… 2026-07-01 CVE-2026-10540 MEDIUM 5.6 Control M/Enterprise Manager — The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially all… 2026-07-01 CVE-2026-10750 HIGH 8.1 Royal Mcp — The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP to…● PoC 2026-07-01 CVE-2026-11380 MEDIUM 6.4 Jetwidgets For Elementor — The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up … 2026-07-01 CVE-2026-11387 CRITICAL 9.8 Sms Alert – Sms & Otp For Woocommerce, Order Notifications & Abandoned Cart Recovery — The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress … 2026-07-01 CVE-2026-11562 MEDIUM 4.3 Ws Form Lite — The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-updat…● PoC 2026-07-01 CVE-2026-11568 HIGH 7.5 Product Configurator For Woocommerce — The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or p…● PoC 2026-07-01 CVE-2026-11570 MEDIUM 4.2 User Submitted Posts — The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting…● PoC 2026-07-01 CVE-2026-11794 HIGH 8.1 Advanced Form Integration — Connect Forms To 200+ Apps — The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the…● PoC 2026-07-01 CVE-2026-11823 HIGH 7.5 Bookingpress Appointment Booking Pro — The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'store_se… 2026-07-01 CVE-2026-11880 LOW 3.1 Fluent Forms — The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscri…● PoC 2026-07-01 CVE-2026-11883 HIGH 7.2 Webauthn Provider For Two Factor — The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-fact…● PoC 2026-07-01 CVE-2026-11887 MEDIUM 4.3 Salon Booking System — The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of…● PoC 2026-07-01 CVE-2026-11981 MEDIUM 4.3 Givewp – Donation Plugin And Fundraising Platform — The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, … 2026-07-01 CVE-2026-11988 MEDIUM 6.5 Learnpress – Wordpress Lms Plugin For Create And Sell Online Courses — The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to… 2026-07-01 CVE-2026-12090 MEDIUM 6.5 Taskbuilder – Project Management & Task Management Tool With Kanban Board — The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerab… 2026-07-01 CVE-2026-12110 MEDIUM 6.5 Taskbuilder – Project Management & Task Management Tool With Kanban Board — The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerab… 2026-07-01 CVE-2026-12113 MEDIUM 4.3 Appointment Booking Calendar — The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all v… 2026-07-01 CVE-2026-12127 MEDIUM 5.3 Wpforms – Ai Form Builder For Wordpress – Contact Forms, Payment Forms, Survey Form, Quiz & More — The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordP… 2026-07-01 CVE-2026-12133 MEDIUM 4.3 Joomsport – For Sports: Team & League, Football, Hockey & More — The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missi… 2026-07-01 CVE-2026-12135 MEDIUM 6.4 Fv Flowplayer Video Player — The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vide… 2026-07-01 CVE-2026-12142 HIGH 7.2 Nex Forms – Ultimate Forms Plugin For Wordpress — The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Sc… 2026-07-01 CVE-2026-12158 HIGH 8.8 Registrationmagic – Custom Registration Forms, User Registration, Payment, And User Login — The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Reques… 2026-07-01 CVE-2026-12224 HIGH 8.8 Dokan Pro — The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via update_capabilities REST Endpoint… 2026-07-01 CVE-2026-12374 MEDIUM 6.4 Sdp Client — Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelpe… 2026-07-01 CVE-2026-12408 MEDIUM 4.3 Slim Seo – A Fast & Automated Seo Plugin For Wordpress — The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized … 2026-07-01 CVE-2026-12435 MEDIUM 4.3 Motors – Car Dealership & Classified Listings Plugin — The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization b… 2026-07-01 CVE-2026-12480 MEDIUM 5.5 Keras Team/Keras — Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete f… 2026-07-01 CVE-2026-12575 HIGH 7.5 Dvp80es3 — DVP80ES3 with  Improper Resource Shutdown or Release vulnerability. 2026-07-01 CVE-2026-12576 HIGH 7.5 Dvp80es3 — DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnera… 2026-07-01 CVE-2026-12577 HIGH 8.7 Dvp80es3 — DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability. 2026-07-01 CVE-2026-12579 HIGH 7.4 As228t — AS228T with Authentication Bypass Vulnerability 2026-07-01 CVE-2026-12732 MEDIUM 6.4 Learnpress – Wordpress Lms Plugin For Create And Sell Online Courses — The LearnPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_wrapper_form' … 2026-07-01 CVE-2026-12754 MEDIUM 6.1 Vikbooking Hotel Booking Engine & Pms — The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting… 2026-07-01 CVE-2026-12902 MEDIUM 4.3 Kadence Blocks — Page Builder Toolkit For Gutenberg Editor — The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authoriza… 2026-07-01 CVE-2026-12904 MEDIUM 4.3 Kadence Blocks — Page Builder Toolkit For Gutenberg Editor — The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress is vulnerable to Insecure… 2026-07-01 CVE-2026-12923 HIGH 7.5 Video Gallery – Youtube Gallery, Playlist & Video Grid — The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and inclu… 2026-07-01 CVE-2026-13015 MEDIUM 6.1 Wp Google Review Slider — The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via th… 2026-07-01 CVE-2026-13211 MEDIUM 4.3 Genucenter — The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and enc… 2026-07-01 CVE-2026-13228 HIGH 8.8 Latepoint – Calendar Booking Plugin For Appointments And Events — The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Priv… 2026-07-01 CVE-2026-13246 MEDIUM 6.4 Givewp – Donation Plugin And Fundraising Platform — The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site … 2026-07-01 CVE-2026-13323 MEDIUM 4.1 Eclipse Open Vsx — In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Ty… 2026-07-01 CVE-2026-13443 MEDIUM 6.4 Tutor Lms – Elearning And Online Course Solution — The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site S… 2026-07-01 CVE-2026-13454 MEDIUM 6.5 Motopress Appointment Booking — The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' para… 2026-07-01 CVE-2026-13468 HIGH 7.5 Visualizer – Tables & Charts Manager With Built In Ai Generator — The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to auth… 2026-07-01 CVE-2026-13602 HIGH 7.7 Pretix — We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any us… 2026-07-01 CVE-2026-13603 CRITICAL 9 Pretix Oppwa — The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potent… 2026-07-01 CVE-2026-13706 N/A 0 Urlshortener — Improper input validation vulnerability in Wikimedia Foundation UrlShortener. This vulnerability is associat… 2026-07-01 CVE-2026-13707 N/A 0 Oauth — Session fixation vulnerability in Wikimedia Foundation OAuth. This vulnerability is associated with program … 2026-07-01 CVE-2026-13731 HIGH 7.2 Wpbot – Ai Chatbot For Live Support, Lead Generation, Ai Services — The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to St… 2026-07-01 CVE-2026-13733 MEDIUM 6.4 Download Manager — The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'no_data_msg' Short… 2026-07-01 CVE-2026-13760 HIGH 7 Aws Cdk — OS command injection in the NodejsFunction Docker bundling pipeline (OsCommand helper) in AWS aws-cdk-lib on a… 2026-07-01 CVE-2026-13769 MEDIUM 6.8 Aws Cli — Overly permissive file permissions in AWS CLI before 1.44.78 (v1) and 2.34.29 (v2) on Unix-like systems where … 2026-07-01 CVE-2026-14181 HIGH 7.5 @Fastify/Middie — @fastify/middie versions 9.1.0 through 9.3.2 fail to guard the URL normalization step used by the standalone e… 2026-07-01 CVE-2026-14191 HIGH 7.8 Winrar — An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) parser in WinRAR and UnRAR (RecVolumes5:… 2026-07-01 CVE-2026-14193 HIGH 7.5 Dvp80es300t — DVP80ES300T with Improper Validation of Array Index Vulnerability 2026-07-01 CVE-2026-14198 CRITICAL 9.1 @Fastify/Middie — @fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before … 2026-07-01

Browse by vendor

What is a CVE?

A CVE (Common Vulnerabilities and Exposures) is a public identifier for a specific software or hardware flaw. Each gets a unique ID like CVE-2024-3094, a description, and — once analyzed — a CVSS severity score and a list of affected products.

Reading a CVSS score

  • Critical 9.0+ trivially exploitable, severe impact
  • High 7.0–8.9 serious, often remotely exploitable
  • Medium 4.0–6.9 meaningful but conditional
  • Low 0.1–3.9 limited impact or hard to reach

A free, educational vulnerability reference

CVE Almanac is a non-commercial reference for students, developers, and anyone learning how software vulnerabilities are tracked and scored. It is rebuilt daily from public data published by NIST, CISA, and FIRST.