NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-11252	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Wi...	2026-02-27	9.8	NETWORK	CRITICAL	NVD
CVE-2026-2831	The MailArchiver plugin for WordPress is vulnerable to SQL Injection via the ‘logid’ parameter in all versions up to, and including, 4.5.0 due to insu...	2026-02-27	4.9	NETWORK	MEDIUM	NVD
CVE-2026-24352	PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This ...	2026-02-27	9.8	NETWORK	CRITICAL	NVD
CVE-2026-24351	PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into w...	2026-02-27	5.4	NETWORK	MEDIUM	NVD
CVE-2026-24350	PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payloa...	2026-02-27	5.4	NETWORK	MEDIUM	NVD
CVE-2025-11251	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dayneks Software Industry and Trade Inc. E-Comme...	2026-02-27	9.8	NETWORK	CRITICAL	NVD
CVE-2026-1434	Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript...	2026-02-27	6.1	NETWORK	MEDIUM	NVD
CVE-2026-21660	Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD versi...	2026-02-27	6.9	LOCAL	MEDIUM	NVD
CVE-2026-21659	Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Qu...	2026-02-27	8.7	NETWORK	HIGH	NVD
CVE-2026-1305	The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a ...	2026-02-27	5.3	NETWORK	MEDIUM	NVD
CVE-2025-14142	The Electric Enquiries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button' parameter of the electric-enquiry shortcode ...	2026-02-27	6.4	NETWORK	MEDIUM	NVD
CVE-2024-10938	The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of ce...	2026-02-27	6.5	NETWORK	MEDIUM	NVD
CVE-2026-2383	The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4...	2026-02-27	6.4	NETWORK	MEDIUM	NVD
CVE-2026-2362	The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "L...	2026-02-27	6.4	NETWORK	MEDIUM	NVD
CVE-2026-2252	An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malici...	2026-02-27	7.5	NETWORK	HIGH	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.