PUBLIC VULNERABILITY INDEX · NVD · CISA KEV · EPSS
Every CVE,
explained.
Look up any vulnerability by ID, vendor, or product. Each entry carries its CVSS score, decoded attack vector, affected versions, exploit signals, and a plain-language summary.
11,003CVEs indexed
26Known exploited
1,000With public PoC
45dWindow
2026-07-02Updated
Severity mix
Recently published
latest 60 of 11,003CVE IDSeverityProduct / summaryPublished
CVE-2026-10095
MEDIUM 6.4
Wp Photo Album Plus — The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtext' pa…
2026-07-01
CVE-2026-10096
MEDIUM 4.3
Qi Blocks — The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, an…
2026-07-01
CVE-2026-10538
HIGH 8.9
Control M/Enterprise Manager — Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction…
2026-07-01
CVE-2026-10539
CRITICAL 9.5
Control M/Server — A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under c…
2026-07-01
CVE-2026-10540
MEDIUM 5.6
Control M/Enterprise Manager — The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially all…
2026-07-01
CVE-2026-10750
HIGH 8.1
Royal Mcp — The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP to…● PoC
2026-07-01
CVE-2026-11380
MEDIUM 6.4
Jetwidgets For Elementor — The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up …
2026-07-01
CVE-2026-11387
CRITICAL 9.8
Sms Alert – Sms & Otp For Woocommerce, Order Notifications & Abandoned Cart Recovery — The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress …
2026-07-01
CVE-2026-11562
MEDIUM 4.3
Ws Form Lite — The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-updat…● PoC
2026-07-01
CVE-2026-11568
HIGH 7.5
Product Configurator For Woocommerce — The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or p…● PoC
2026-07-01
CVE-2026-11570
MEDIUM 4.2
User Submitted Posts — The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting…● PoC
2026-07-01
CVE-2026-11794
HIGH 8.1
Advanced Form Integration — Connect Forms To 200+ Apps — The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the…● PoC
2026-07-01
CVE-2026-11823
HIGH 7.5
Bookingpress Appointment Booking Pro — The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'store_se…
2026-07-01
CVE-2026-11880
LOW 3.1
Fluent Forms — The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscri…● PoC
2026-07-01
CVE-2026-11883
HIGH 7.2
Webauthn Provider For Two Factor — The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-fact…● PoC
2026-07-01
CVE-2026-11887
MEDIUM 4.3
Salon Booking System — The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of…● PoC
2026-07-01
CVE-2026-11981
MEDIUM 4.3
Givewp – Donation Plugin And Fundraising Platform — The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, …
2026-07-01
CVE-2026-11988
MEDIUM 6.5
Learnpress – Wordpress Lms Plugin For Create And Sell Online Courses — The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to…
2026-07-01
CVE-2026-12090
MEDIUM 6.5
Taskbuilder – Project Management & Task Management Tool With Kanban Board — The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerab…
2026-07-01
CVE-2026-12110
MEDIUM 6.5
Taskbuilder – Project Management & Task Management Tool With Kanban Board — The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerab…
2026-07-01
CVE-2026-12113
MEDIUM 4.3
Appointment Booking Calendar — The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all v…
2026-07-01
CVE-2026-12127
MEDIUM 5.3
Wpforms – Ai Form Builder For Wordpress – Contact Forms, Payment Forms, Survey Form, Quiz & More — The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordP…
2026-07-01
CVE-2026-12133
MEDIUM 4.3
Joomsport – For Sports: Team & League, Football, Hockey & More — The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missi…
2026-07-01
CVE-2026-12135
MEDIUM 6.4
Fv Flowplayer Video Player — The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vide…
2026-07-01
CVE-2026-12142
HIGH 7.2
Nex Forms – Ultimate Forms Plugin For Wordpress — The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Sc…
2026-07-01
CVE-2026-12158
HIGH 8.8
Registrationmagic – Custom Registration Forms, User Registration, Payment, And User Login — The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Reques…
2026-07-01
CVE-2026-12224
HIGH 8.8
Dokan Pro — The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via update_capabilities REST Endpoint…
2026-07-01
CVE-2026-12374
MEDIUM 6.4
Sdp Client — Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelpe…
2026-07-01
CVE-2026-12408
MEDIUM 4.3
Slim Seo – A Fast & Automated Seo Plugin For Wordpress — The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized …
2026-07-01
CVE-2026-12435
MEDIUM 4.3
Motors – Car Dealership & Classified Listings Plugin — The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization b…
2026-07-01
CVE-2026-12480
MEDIUM 5.5
Keras Team/Keras — Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete f…
2026-07-01
CVE-2026-12575
HIGH 7.5
Dvp80es3 — DVP80ES3 with
Improper Resource Shutdown or Release vulnerability.
2026-07-01
CVE-2026-12576
HIGH 7.5
Dvp80es3 — DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnera…
2026-07-01
CVE-2026-12577
HIGH 8.7
Dvp80es3 — DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability.
2026-07-01
CVE-2026-12579
HIGH 7.4
As228t — AS228T with Authentication Bypass Vulnerability
2026-07-01
CVE-2026-12732
MEDIUM 6.4
Learnpress – Wordpress Lms Plugin For Create And Sell Online Courses — The LearnPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_wrapper_form' …
2026-07-01
CVE-2026-12754
MEDIUM 6.1
Vikbooking Hotel Booking Engine & Pms — The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting…
2026-07-01
CVE-2026-12902
MEDIUM 4.3
Kadence Blocks — Page Builder Toolkit For Gutenberg Editor — The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authoriza…
2026-07-01
CVE-2026-12904
MEDIUM 4.3
Kadence Blocks — Page Builder Toolkit For Gutenberg Editor — The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress is vulnerable to Insecure…
2026-07-01
CVE-2026-12923
HIGH 7.5
Video Gallery – Youtube Gallery, Playlist & Video Grid — The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and inclu…
2026-07-01
CVE-2026-13015
MEDIUM 6.1
Wp Google Review Slider — The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via th…
2026-07-01
CVE-2026-13211
MEDIUM 4.3
Genucenter — The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and enc…
2026-07-01
CVE-2026-13228
HIGH 8.8
Latepoint – Calendar Booking Plugin For Appointments And Events — The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Priv…
2026-07-01
CVE-2026-13246
MEDIUM 6.4
Givewp – Donation Plugin And Fundraising Platform — The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site …
2026-07-01
CVE-2026-13323
MEDIUM 4.1
Eclipse Open Vsx — In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Ty…
2026-07-01
CVE-2026-13443
MEDIUM 6.4
Tutor Lms – Elearning And Online Course Solution — The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site S…
2026-07-01
CVE-2026-13454
MEDIUM 6.5
Motopress Appointment Booking — The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' para…
2026-07-01
CVE-2026-13468
HIGH 7.5
Visualizer – Tables & Charts Manager With Built In Ai Generator — The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to auth…
2026-07-01
CVE-2026-13602
HIGH 7.7
Pretix — We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any us…
2026-07-01
CVE-2026-13603
CRITICAL 9
Pretix Oppwa — The payment integration pretix-oppwa provides support
for the payment providers VR Payment, Hobex, and potent…
2026-07-01
CVE-2026-13706
N/A 0
Urlshortener — Improper input validation vulnerability in Wikimedia Foundation UrlShortener.
This vulnerability is associat…
2026-07-01
CVE-2026-13707
N/A 0
Oauth — Session fixation vulnerability in Wikimedia Foundation OAuth.
This vulnerability is associated with program …
2026-07-01
CVE-2026-13731
HIGH 7.2
Wpbot – Ai Chatbot For Live Support, Lead Generation, Ai Services — The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to St…
2026-07-01
CVE-2026-13733
MEDIUM 6.4
Download Manager — The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'no_data_msg' Short…
2026-07-01
CVE-2026-13760
HIGH 7
Aws Cdk — OS command injection in the NodejsFunction Docker bundling pipeline (OsCommand helper) in AWS aws-cdk-lib on a…
2026-07-01
CVE-2026-13769
MEDIUM 6.8
Aws Cli — Overly permissive file permissions in AWS CLI before 1.44.78 (v1) and 2.34.29 (v2) on Unix-like systems where …
2026-07-01
CVE-2026-14181
HIGH 7.5
@Fastify/Middie — @fastify/middie versions 9.1.0 through 9.3.2 fail to guard the URL normalization step used by the standalone e…
2026-07-01
CVE-2026-14191
HIGH 7.8
Winrar — An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) parser in WinRAR and UnRAR (RecVolumes5:…
2026-07-01
CVE-2026-14193
HIGH 7.5
Dvp80es300t — DVP80ES300T with Improper Validation of Array Index Vulnerability
2026-07-01
CVE-2026-14198
CRITICAL 9.1
@Fastify/Middie — @fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before …
2026-07-01
Browse by vendor
Google1310
Linux973
Red Hat475
Oracle Corporation268
Microsoft250
Apache Software Foundation160
Adobe140
Ibm117
Mozilla85
Spring73
Unknown72
Sourcecodester71
Edimax69
Openclaw67
Capgo61
Apple58
Themerex58
Nvidia56
Mattermost54
Itsourcecode53
Imagemagick49
Jenkins Project49
Concrete Cms46
Mb Connect Line43
Dell42
Helmholz42
Totolink39
Open Ises37
Acer36
Picklescan34
Netatalk33
Code Projects32
Jetbrains32
Gitlab32
Wolfssl32
Misp32
What is a CVE?
A CVE (Common Vulnerabilities and Exposures) is a public identifier for a specific software or hardware flaw. Each gets a unique ID like CVE-2024-3094, a description, and — once analyzed — a CVSS severity score and a list of affected products.
Reading a CVSS score
- Critical 9.0+ trivially exploitable, severe impact
- High 7.0–8.9 serious, often remotely exploitable
- Medium 4.0–6.9 meaningful but conditional
- Low 0.1–3.9 limited impact or hard to reach
A free, educational vulnerability reference
CVE Almanac is a non-commercial reference for students, developers, and anyone learning how software vulnerabilities are tracked and scored. It is rebuilt daily from public data published by NIST, CISA, and FIRST.