CVE Prioritization
Triage CVEs by EPSS, CISA KEV, PoC availability, attack complexity, and in-feed incidents.
50
Total CVEs
4
Critical
0
KEV / Exploited
0
PoC Exists
0
Zero Day
0
Patch Available
| CVE ID | Published | Severity | EPSS Score | Complexity | Status | PoC | Patch | Due Date | Feed Hits | Description | |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middl | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzin | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multip | Details | |
| 22 May 2026 | HIGH 7.5 |
0.0%
|
LOW |
—
|
— | — | — | 0 | The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in al | Details | |
| 22 May 2026 | MEDIUM 4.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to | Details | |
| 22 May 2026 | MEDIUM 5.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and includ | Details | |
| 22 May 2026 | HIGH 7.5 |
0.0%
|
LOW |
—
|
— | — | — | 0 | The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including | Details | |
| 22 May 2026 | MEDIUM 5.4 |
0.0%
|
LOW |
—
|
— | — | — | 0 | A broken access control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain bac | Details | |
| 22 May 2026 | MEDIUM 5.4 |
0.0%
|
HIGH |
—
|
— | — | — | 0 | The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin f | Details | |
| 22 May 2026 | MEDIUM 4.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Informat | Details | |
| 22 May 2026 | MEDIUM 4.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potenti | Details | |
| 22 May 2026 | MEDIUM 6.4 |
0.0%
|
LOW |
—
|
— | — | — | 0 | The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up | Details | |
| 22 May 2026 | HIGH 8.8 |
0.0%
|
LOW |
—
|
— | — | — | 0 | The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation | Details | |
| 22 May 2026 | MEDIUM 6.4 |
0.0%
|
LOW |
—
|
— | — | — | 0 | The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `the-subtitle` short | Details | |
| 22 May 2026 | MEDIUM 4.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability c | Details | |
| 22 May 2026 | MEDIUM 6.1 |
0.0%
|
LOW |
—
|
— | — | — | 0 | The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' param | Details | |
| 22 May 2026 | MEDIUM 4.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and incl | Details | |
| 22 May 2026 | MEDIUM 5.7 |
0.0%
|
LOW |
—
|
— | — | — | 0 | There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control m | Details | |
| 22 May 2026 | MEDIUM 6.1 |
0.0%
|
LOW |
—
|
— | — | — | 0 | The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in al | Details | |
| 22 May 2026 | MEDIUM 4.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing ca | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel p | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website wi | Details | |
| 22 May 2026 | HIGH 7.5 |
0.0%
|
LOW |
—
|
— | — | — | 0 | The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in all versions up to, | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafte | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of cal | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be c | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enf | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serializ | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessive | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory gr | Details | |
| 22 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution an | Details | |
| 22 May 2026 | HIGH 7.7 |
0.0%
|
LOW |
—
|
— | — | — | 0 | A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in Un | Details | |
| 22 May 2026 | CRITICAL 10 |
0.0%
|
LOW |
—
|
— | — | — | 1 | A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS | Details | |
| 22 May 2026 | CRITICAL 10 |
0.0%
|
LOW |
—
|
— | — | — | 1 | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to a | Details | |
| 22 May 2026 | CRITICAL 10 |
0.0%
|
LOW |
—
|
— | — | — | 1 | A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS de | Details | |
| 22 May 2026 | CRITICAL 9.1 |
0.0%
|
LOW |
—
|
— | — | — | 0 | A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerabilit | Details | |
| 21 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Details | |
| 21 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file appr | Details | |
| 21 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file resc | Details | |
| 21 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file resc | Details | |
| 21 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star | Details | |
| 21 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file remo | Details | |
| 21 May 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addF | Details |