Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

244 New today
65,333 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
46
Jun 25
Critical
High
Medium
Low
Latest
CVE CVSS 5.3

Advanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' Parameter_CVE-2026-12094

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdb_ajax_delete_user() function in versions up to, and including, 1.0.0. The handler is registered against both `wp_ajax_cf7...

CVE-2026-12094 iamranit Advanced Contact Form 7 – Compact DB
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.3 CVE-2026-11997

Bulk SEO Image <= 1.1 - Cross-Site Request Forgery to Settings Update_CVE-2026-11997

The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing or ...

seo_tools Bulk SEO Image CVE
MEDIUM 6.4 CVE-2026-11370

WP Meta SEO <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery via 'new_link' Parameter_CVE-2026-11370

The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'new_link' p...

joomunited WP Meta SEO CVE
MEDIUM 4.3 CVE-2026-10552

Blue Captcha <= 2.0.1 - Cross-Site Request Forgery via 'blcap_action' Parameter_CVE-2026-10552

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or ...

jotis Blue Captcha CVE
HIGH 7.2 CVE-2026-10092

Cincopa video and media plug-in <= 1.163 - Unauthenticated Stored Cross-Site Scripting via cincopa Shortcode in Post Comments_CVE-2026-10092

The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cincopa Shortcode in Post Comments in all...

nicashmu Cincopa video and media plug-in CVE
HIGH 7.2 CVE-2026-10091

Email JavaScript Cloak <= 1.03 - Unauthenticated Stored Cross-Site Scripting_CVE-2026-10091

The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up ...

cgarvey Email JavaScript Cloak CVE
HIGH 8.8 CVE-2026-7761

Ultimate Member <= 2.11.4 - Authenticated (Contributor+) Account Takeover via Password Reset Link Disclosure_CVE-2026-7761

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2...

ultimatemember Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin CVE
HIGH 7.6 CVE-2026-56052

WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.5 - SQL Injection vulnerability_CVE-2026-56052

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows ...

FunnelKit Funnel Builder by FunnelKit n/a CVE
HIGH 8.8 5CCE7939-1019-

Exploit for CVE-2026-8461_5CCE7939-1019-5F8F-A1B9-EA7B129C8C99

CVE-2026-8461 "PixelSmash" — FFmpeg MagicYUV Heap OOB Write PoC !WARNING This repository contains a working exploit PoC for a heap corruption vulne...

N/A N/A GITHUBEXPLOIT
HIGH 8.6 THN:881DB7D7759...

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root_THN:881DB7D77599D527FA15CA26FD8CBC33

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivauBSNOsDqBHvUFSnF1NdlWJ8BAt2JVgIo_ZUQhBkVppSz0PvkEmrc9RP1hMf2-oFFRgr5PNm7pxLmPngAJ...

N/A N/A THN