Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

60 New today

64,239 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

255

Jun 8

658

Jun 9

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

Jun 21

Critical

High

Medium

Low

Latest

CVE CVSS 6.4

Appointment Booking Calendar <= 1.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Booking Field Label_CVE-2026-1856

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a...

CVE-2026-1856 creavi Creavi Appointment Booking Calendar

Jun 19, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-12644	CVE-2026-12644_CVE-2026-12644 Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype me...	n/a	ts-deepmerge	Jun 19, 2026	CVE
MEDIUM 4.4	CVE-2026-12430	Blocksy Companion <= 2.1.45 - Authenticated (Editor+) Stored Cross-Site Scripting via 'product_description' Parameter_CVE-2026-12430 The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2....	creativethemeshq	Blocksy Companion	Jun 19, 2026	CVE
MEDIUM 6.4	CVE-2026-12157	BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'blockId' Block Attribute_CVE-2026-12157 The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...	wpdevteam	BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-11989	Bit integrations <= 2.8.7 - Unauthenticated Server-Side Request Forgery via Form Field Upload Mapping_CVE-2026-11989 The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Reque...	bitpressadmin	Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation	Jun 19, 2026	CVE
MEDIUM 5.9	CVE-2026-11752	CVE-2026-11752_CVE-2026-11752 A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-pla...	LY Corporation	Armeria 1.38.0	Jun 19, 2026	CVE
MEDIUM 5.1	CVE-2026-10720	MicroCeph path traversal issue in the remote-import API_CVE-2026-10720 Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trus...	Canonical	Microceph 19.2.1+snap74c0060321	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-10034	WP DSGVO Tools (GDPR) <= 3.1.39 - Missing Authorization to Unauthenticated Sensitive Personal Data Disclosure via subject-access-request AJAX Endpoint (process_now/is_ajax Parameters)_CVE-2026-10034 The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.39. This is due to t...	legalweb	WP DSGVO Tools (GDPR)	Jun 19, 2026	CVE
HIGH 8.6	CVE-2025-7737	DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform_CVE-2025-7737 DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E990, E1090, E...	Hitachi	Hitachi Virtual Storage Platform E990, E1090, E1090H	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-6798	2Download Connector for 2DL Hosted Checkout <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure via 'ToDownload_email' Parameter_CVE-2026-6798 The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1...	2download	2Download Connector for 2DL Hosted Checkout	Jun 19, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Appointment Booking Calendar <= 1.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Booking Field Label_CVE-2026-1856

Recent Advisories

CVE-2026-12644_CVE-2026-12644

Blocksy Companion <= 2.1.45 - Authenticated (Editor+) Stored Cross-Site Scripting via 'product_description' Parameter_CVE-2026-12430

BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'blockId' Block Attribute_CVE-2026-12157

Bit integrations <= 2.8.7 - Unauthenticated Server-Side Request Forgery via Form Field Upload Mapping_CVE-2026-11989

CVE-2026-11752_CVE-2026-11752

MicroCeph path traversal issue in the remote-import API_CVE-2026-10720

WP DSGVO Tools (GDPR) <= 3.1.39 - Missing Authorization to Unauthenticated Sensitive Personal Data Disclosure via subject-access-request AJAX Endpoint (process_now/is_ajax Parameters)_CVE-2026-10034

DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform_CVE-2025-7737

2Download Connector for 2DL Hosted Checkout <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure via 'ToDownload_email' Parameter_CVE-2026-6798

Protect Your Attack Surface with RedGem

Security Intelligence
Feed