| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-68421 | Hardcoded credentials in Comarch ERP Optima | Comarch | ERP Optima | - | - | 2026-05-14 10:35:05 | Deep Dive |
| CVE-2026-8468 | Unbounded buffer accumulation in multipart header parsing causes denial of service in plug | elixir-plug | plug | - | - | 2026-05-14 10:29:51 | Deep Dive |
| CVE-2026-8295 | Integer overflow in simdjson | simdjson | simdjson | 中危 | - | 2026-05-14 10:27:42 | Deep Dive |
| CVE-2026-2347 | IDOR in Akıllı Ticaret's E-Commerce Pack | Akilli Commerce Software Technologies Ltd. Co. | E-Commerce Website | Critical | 9.8 | 2026-05-14 09:25:31 | Deep Dive |
| CVE-2025-11024 | SQLi in Akıllı Ticaret's E-Commerce Pack | Akilli Commerce Software Technologies Ltd. Co. | E-Commerce Website | Critical | 9.8 | 2026-05-14 09:21:13 | Deep Dive |
| CVE-2026-6504 | Royal Addons for Elementor <= 1.7.1058 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Parameter | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2026-05-14 08:24:28 | Deep Dive |
| CVE-2026-6512 | InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Arbitrary Post Deletion via Multiple Parameters | Infused Addons | InfusedWoo Pro | Critical | 9.1 | 2026-05-14 08:24:28 | Deep Dive |
| CVE-2026-6145 | User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2026-05-14 08:24:27 | Deep Dive |
| CVE-2026-6206 | MW WP Form <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'post_id' Query Parameter | websoudan | MW WP Form | Medium | 5.3 | 2026-05-14 08:24:27 | Deep Dive |
| CVE-2026-6174 | CC Child Pages <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'more' Parameter | caterhamcomputing | CC Child Pages | Medium | 6.4 | 2026-05-14 08:24:27 | Deep Dive |
| CVE-2026-6514 | InfusedWoo Pro <= 5.1.2 - Unauthenticated Arbitrary File Read via 'url' Parameter | Infused Addons | InfusedWoo Pro | High | 7.5 | 2026-05-14 08:24:26 | Deep Dive |
| CVE-2026-6252 | Meta Field Block <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tagName' Block Attribute | mr2p | Meta Field Block – Display custom fields in the Block Editor without coding | Medium | 6.4 | 2026-05-14 06:44:14 | Deep Dive |
| CVE-2026-6670 | Media Sync <= 1.4.9 - Authenticated (Author+) Path Traversal via 'sub_dir' and 'media_items' Parameters | erolsk8 | Media Sync | Medium | 6.5 | 2026-05-14 06:44:14 | Deep Dive |
| CVE-2026-3718 | ManageWP Worker <= 4.9.31 - Unauthenticated Stored Cross-Site Scripting via 'MWP-Key-Name' Header | managewp | ManageWP Worker | High | 7.2 | 2026-05-14 06:44:13 | Deep Dive |
| CVE-2026-3694 | Bold Page Builder <= 5.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode | boldthemes | Bold Page Builder | Medium | 6.4 | 2026-05-14 06:44:13 | Deep Dive |
| CVE-2026-5365 | LatePoint <= 5.3.2 - Cross-Site Request Forgery via 'customer_cabinet__request_cancellation' AJAX Route | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 4.3 | 2026-05-14 06:44:12 | Deep Dive |
| CVE-2026-5395 | Fluent Forms <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass via 'table' Parameter | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | High | 8.2 | 2026-05-14 06:44:12 | Deep Dive |
| CVE-2026-6506 | InfusedWoo Pro <= 5.1.2 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via Arbitrary User Meta Update | Infused Addons | InfusedWoo Pro | High | 8.8 | 2026-05-14 06:44:11 | Deep Dive |
| CVE-2026-6225 | Taskbuilder – Project Management & Task Management Tool With Kanban Board <= 5.0.6 - Authenticated (Subscriber+) Time-Based Blind SQL Injection via 'project_search' Parameter | taskbuilder | Taskbuilder – Project Management & Task Management Tool With Kanban Board | Medium | 6.5 | 2026-05-14 06:44:11 | Deep Dive |
| CVE-2026-6510 | InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Privilege Escalation via 'iwar_save_recipe' | Infused Addons | InfusedWoo Pro | Critical | 9.8 | 2026-05-14 06:44:10 | Deep Dive |