| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-42727 | WordPress Active Products Tables for WooCommerce plugin <= 1.0.8 - SQL Injection vulnerability | RealMag777 | Active Products Tables for WooCommerce | Critical | 9.3 | 2026-05-27 09:49:04 | Deep Dive |
| CVE-2026-42726 | WordPress AWP Classifieds plugin <= 4.4.5 - Broken Access Control vulnerability | Strategy11 Team | AWP Classifieds | Medium | 6.5 | 2026-05-27 09:49:04 | Deep Dive |
| CVE-2026-42735 | WordPress KiviCare plugin <= 4.3.0 - Broken Authentication vulnerability | Iqonic Design | KiviCare | High | 8.2 | 2026-05-27 09:49:04 | Deep Dive |
| CVE-2026-42725 | WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability | WP Wham | Checkout Files Upload for WooCommerce | Medium | 6.5 | 2026-05-27 09:49:04 | Deep Dive |
| CVE-2026-42732 | WordPress Ads by WPQuads plugin <= 3.0.2 - Broken Authentication vulnerability | Ads by WPQuads | Ads by WPQuads | Medium | 6.5 | 2026-05-27 09:49:04 | Deep Dive |
| CVE-2026-42734 | WordPress Geo Mashup plugin <= 1.13.19 - Cross Site Scripting (XSS) vulnerability | Dylan Kuhn | Geo Mashup | High | 7.1 | 2026-05-27 09:49:04 | Deep Dive |
| CVE-2026-42733 | WordPress WPCS plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability | RealMag777 | WPCS | High | 7.1 | 2026-05-27 09:49:04 | Deep Dive |
| CVE-2026-42728 | WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability | HT Plugins | HT Contact Form 7 | High | 7.1 | 2026-05-27 09:49:04 | Deep Dive |
| CVE-2026-42729 | WordPress PropertyHive plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability | Property Hive | PropertyHive | High | 7.1 | 2026-05-27 09:49:04 | Deep Dive |
| CVE-2026-42736 | WordPress BP Better Messages plugin <= 2.14.16 - Insecure Direct Object References (IDOR) vulnerability | wordplus | BP Better Messages | High | 7.5 | 2026-05-27 09:49:04 | Deep Dive |
| CVE-2026-42731 | WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability | miniOrange | miniorange otp verification | Critical | 9.8 | 2026-05-27 09:49:03 | Deep Dive |
| CVE-2026-3349 | MinhNhut Link Gateway <= 3.6.1 - Reflected Cross-Site Scripting via 'url' Parameter | minhnhut | MinhNhut Link Gateway | Medium | 6.1 | 2026-05-27 09:27:32 | Deep Dive |
| CVE-2026-2288 | myLinksDump <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'link_title' Parameter | silvercover | myLinksDump | Medium | 4.8 | 2026-05-27 09:27:32 | Deep Dive |
| CVE-2026-3348 | MinhNhut Link Gateway <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Plugin Settings | minhnhut | MinhNhut Link Gateway | Medium | 4.4 | 2026-05-27 09:27:31 | Deep Dive |
| CVE-2026-2280 | rexCrawler <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings | larsdrasmussen | rexCrawler | Medium | 4.8 | 2026-05-27 09:27:31 | Deep Dive |
| CVE-2025-0898 | Xpro Elementor Addons - Pro <= 1.4.7 - Authenticated (Contributor+) Arbitrary File Read via Draw SVG | WPXpro | Xpro Elementor Addons - Pro | Medium | 6.5 | 2026-05-27 09:27:30 | Deep Dive |
| CVE-2026-45846 | bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() | Linux | Linux | - | - | 2026-05-27 09:24:52 | Deep Dive |
| CVE-2026-45845 | net/sched: taprio: fix NULL pointer dereference in class dump | Linux | Linux | - | - | 2026-05-27 09:24:48 | Deep Dive |
| CVE-2026-45844 | netfilter: arp_tables: fix IEEE1394 ARP payload parsing | Linux | Linux | 中危 | - | 2026-05-27 09:24:47 | Deep Dive |
| CVE-2026-45843 | slip: bound decode() reads against the compressed packet length | Linux | Linux | High | 8.2 | 2026-05-27 09:24:46 | Deep Dive |