Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

unknown — Vulnerabilities & Security Advisories 4280

Browse all 4280 CVE security advisories affecting unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

CVE IDTitleCVSSSeverityPublished
CVE-2026-9810 AI Chatbot & Workflow Automation by AIWU < 1.5.4 - Unauthenticated Privilege Escalation via MCP OAuth — AI Copilot--2026-07-17
CVE-2026-13402 Royal Elementor Addons < 1.7.1063 - Unauthenticated Private Mega Menu Template Disclosure — Royal Addons for Elementor--2026-07-17
CVE-2026-11961 User Registration & Membership < 5.2.3 - Unauthenticated Privilege Escalation via Unbound members_data Membership ID — User Registration & Membership--2026-07-17
CVE-2026-11966 User Registration & Membership < 5.2.3 - Unauthenticated Limited User Deletion via Stripe Subscription Handler — User Registration & Membership--2026-07-17
CVE-2026-11575 PhonePe Payment Solutions < 3.1.0 - Unauthenticated Payment Bypass via Forged Callback — PhonePe Payment Solutions--2026-07-17
CVE-2026-10525 NEX-Forms < 9.2.3 - Unauthenticated Stored XSS via Form Submission — NEX-Forms--2026-07-17
CVE-2026-12393 WPS Bookings for WooCommerce < 3.11.7 - Subscriber+ Arbitrary Booking Order Cancellation via IDOR — WPS Bookings for WooCommerce--2026-07-17
CVE-2026-12907 RTMKit Addons for Elementor < 2.0.9 - Author+ Site-Wide Theme Builder Template Creation and Activation — RTMKit--2026-07-16
CVE-2026-12978 FunnelKit < 3.15.0.6 - Reflected XSS via Divi Optin Form — FunnelKit--2026-07-16
CVE-2026-12979 FunnelKit < 3.15.0.6 - Admin+ Arbitrary File Deletion via Path Traversal in Template Importer — FunnelKit--2026-07-16
CVE-2026-12869 Header Footer Builder for Elementor < 1.2.1 - Contributor+ Stored XSS via Template Import — Header Footer Builder for Elementor--2026-07-16
CVE-2026-12525 Redux Framework < 4.5.13 - Subscriber+ Privilege Escalation to Administrator — Redux Framework--2026-07-16
CVE-2026-12906 RTMKit Addons for Elementor < 2.0.9 - Contributor+ Private Post Title Disclosure — RTMKit--2026-07-16
CVE-2026-12510 AI Engine < 3.5.5 - Subscriber+Chatbot Discussion Disclosure and Takeover via IDOR — AI Engine--2026-07-16
CVE-2026-12585 Abandoned Cart Lite for WooCommerce < 6.8.2 - Unauthenticated Account Takeover via Malleable Recovery-Link Token — Abandoned Cart Lite for WooCommerce--2026-07-16
CVE-2026-12684 Customer Reviews for WooCommerce < 5.113.0 - Unauthenticated Arbitrary Media Upload via cr_upload_media — Customer Reviews for WooCommerce--2026-07-16
CVE-2026-11866 LatePoint < 5.6.3 - Multiple Privileged Actions via CSRF — Appointment Booking Plugin--2026-07-16
CVE-2026-11371 BetterDocs < 4.5.5 - Unauthenticated Stored XSS via AI Doc Summarizer Prompt Injection — BetterDocs--2026-07-16
CVE-2026-12492 Happy Coders OTP Login for WooCommerce < 2.8 - Unauthenticated Account Takeover via hcotp_auto_login_user — Happy Coders OTP Login for WooCommerce--2026-07-16
CVE-2026-12395 WP Job Portal < 2.5.5 - Subscriber+ SQL Injection via Applied Resumes 'ta' Parameter — WP Job Portal--2026-07-16
CVE-2026-12512 Quotes Llama < 3.1.6 - Unauthenticated SQL Injection via sc Parameter — Quotes llama--2026-07-15
CVE-2026-11579 Kali Forms < 2.4.17 - Unauthenticated Media Upload — Kali Forms — Contact Form & Drag-and-Drop Builder--2026-07-15
CVE-2026-11580 Kali Forms < 2.4.17 - Contributor+ Arbitrary Post Metadata Disclosure via IDOR — Kali Forms — Contact Form & Drag-and-Drop Builder--2026-07-15
CVE-2026-12281 Shibboleth < 2.5.4 - Unauthenticated Administrator Account Creation via Identity Header Spoofing — Shibboleth--2026-07-15
CVE-2026-12583 Newsletters < 4.15 - Unauthenticated PHP Object Injection via Subscriber Custom Field — Newsletters--2026-07-14
CVE-2026-12988 WP 2FA < 3.1.1.2 - Account Takeover via 2FA Setup Email Binding — WP 2FA--2026-07-14
CVE-2026-11563 Word Count and Social Shares <= 1.0 - Subscriber+ Arbitrary File Deletion via Path Traversal — Word Count and Social Shares--2026-07-14
CVE-2026-11567 SureForms < 2.11.1 - Unauthenticated Payment Amount Bypass — SureForms--2026-07-14
CVE-2026-12511 AI Engine < 3.5.5 - Editor+ Arbitrary File Write via Path Traversal — AI Engine--2026-07-14
CVE-2025-15665 BEAF < 4.7.1 - Admin+ Stored XSS via Widget Shortcode Field — Ultimate Before After Image Slider & Gallery--2026-07-14

This page lists every published CVE security advisory associated with unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.