CVEs from 2026
Total
13,611
critical
critical 1,176
high
high 4,272
medium
medium 4,145
low
low 441
% Critical
8.6%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39969 | medium | 6.5 | 6.5 | 8d ago | TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint (POST /v1/workspaces/{workspaceId}/whatsapp/{credentialsId}/webhook) does not verify the x-hub… | |||
| CVE-2026-39966 | medium | 6.5 | 6.5 | 8d ago | TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block… | |||
| CVE-2026-36227 | medium | 6.5 | 6.5 | 8d ago | Directory Traversal vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the UserName parameter | |||
| CVE-2026-28444 | medium | 6.5 | 6.5 | 8d ago | Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verify… | |||
| CVE-2026-25680 | medium | 6.5 | 6.5 | 8d ago | Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html | |||
| CVE-2026-5755 | medium | 6.5 | 6.5 | 8d ago | Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, whic… | |||
| CVE-2026-5072 | medium | 6.5 | 6.5 | 9d ago | A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP_MSG_MANAGEMENT message to se… | |||
| CVE-2026-39827 | medium | 6.5 | 6.5 | 9d ago | An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users.… | |||
| CVE-2026-8435 | medium | 6.5 | 6.5 | 9d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion(). The Concrete CMS security team gave this vulnerability a CVSS v.4… | |||
| CVE-2026-8140 | medium | 6.5 | 6.5 | 9d ago | Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/install/download/<remoteId>. The download() method in concrete/controllers/single_page/dash… | |||
| CVE-2026-39593 | medium | 6.5 | 6.5 | 9d ago | Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10. | |||
| CVE-2026-45254 | medium | 6.5 | 6.5 | 9d ago | In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an… | |||
| CVE-2026-42396 | medium | 6.5 | 6.5 | 9d ago | Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail | |||
| CVE-2026-44054 | medium | 6.5 | 6.5 | 10d ago | Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect m… | |||
| CVE-2026-2734 | medium | 6.5 | 6.5 | 10d ago | In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authenticati… | |||
| CVE-2026-9149 | medium | 6.5 | 6.5 | 10d ago | A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. T… | |||
| CVE-2026-9150 | medium | 6.5 | 6.5 | 10d ago | A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could … | |||
| CVE-2026-40102 | medium | 6.5 | 6.5 | 10d ago | Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F() expression without vali… | |||
| CVE-2026-9122 | medium | 6.5 | 6.5 | 10d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrom… | |||
| CVE-2026-20240 | medium | 6.5 | 6.5 | 10d ago | In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, … | |||
| CVE-2026-20239 | medium | 6.5 | 6.5 | 10d ago | In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_… | |||
| CVE-2026-20238 | medium | 6.5 | 6.5 | 10d ago | In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations… | |||
| CVE-2026-44923 | medium | 6.5 | 6.5 | 10d ago | SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges. | |||
| CVE-2026-21836 | medium | 6.5 | 6.5 | 10d ago | The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to retur… | |||
| CVE-2026-27405 | medium | 6.5 | 6.5 | 10d ago | Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9. | |||
| CVE-2026-24573 | medium | 6.5 | 6.5 | 10d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0. | |||
| CVE-2026-8685 | medium | 6.5 | 6.5 | 11d ago | The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on… | |||
| CVE-2026-6072 | medium | 6.5 | 6.5 | 11d ago | The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin prote… | |||
| CVE-2026-34233 | medium | 6.5 | 6.5 | 11d ago | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without authorization checks, allowing any authenti… | |||
| CVE-2026-32814 | medium | 6.5 | 6.5 | 11d ago | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to … | |||
| CVE-2026-32739 | medium | 6.5 | 6.5 | 11d ago | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 1… | |||
| CVE-2026-8096 | medium | 6.5 | 6.5 | 11d ago | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not p… | |||
| CVE-2026-32738 | medium | 6.5 | 6.5 | 11d ago | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer und… | |||
| CVE-2026-8706 | medium | 6.5 | 6.5 | 11d ago | Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-… | |||
| CVE-2026-8971 | medium | 6.5 | 6.5 | 11d ago | Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | |||
| CVE-2026-8951 | medium | 6.5 | 6.5 | 11d ago | Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151. | |||
| CVE-2026-23557 | medium | 6.5 | 6.5 | 11d ago | Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will hap… | |||
| CVE-2026-37979 | medium | 6.5 | 6.5 | 11d ago | A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpoint allows a confidential client to bypass audience restrictions. An attac… | |||
| CVE-2026-45187 | medium | 6.5 | 6.5 | 11d ago | Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | |||
| CVE-2026-35086 | medium | 6.5 | 6.5 | 11d ago | Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to vers… | |||
| CVE-2026-31380 | medium | 6.5 | 6.5 | 11d ago | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06… | |||
| CVE-2026-31378 | medium | 6.5 | 6.5 | 11d ago | Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | |||
| CVE-2026-29220 | medium | 6.5 | 6.5 | 11d ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to v… | |||
| CVE-2026-29207 | medium | 6.5 | 6.5 | 11d ago | Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24… | |||
| CVE-2026-28733 | medium | 6.5 | 6.5 | 12d ago | in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution. | |||
| CVE-2026-27737 | medium | 6.5 | 6.5 | 12d ago | BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user's input in public chat. This allowed for a malicio… | |||
| CVE-2026-8843 | medium | 6.5 | 6.5 | 12d ago | Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A simi… | |||
| CVE-2026-45149 | medium | 6.5 | 6.5 | 12d ago | The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large num… | |||
| CVE-2026-20685 | medium | 6.5 | 6.5 | 12d ago | An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3. | |||
| CVE-2026-45582 | medium | 6.5 | 6.5 | 12d ago | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of … | |||
| CVE-2026-6345 | medium | 6.5 | 6.5 | 13d ago | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of som… | |||
| CVE-2026-5163 | medium | 6.5 | 6.5 | 13d ago | Mattermost versions 11.5.x <= 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private ch… | |||
| CVE-2026-3471 | medium | 6.5 | 6.5 | 13d ago | Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated cra… | |||
| CVE-2026-3117 | medium | 6.5 | 6.5 | 13d ago | Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or se… | |||
| CVE-2026-6340 | medium | 6.5 | 6.5 | 13d ago | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exh… | |||
| CVE-2026-2325 | medium | 6.5 | 6.5 | 13d ago | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cau… | |||
| CVE-2026-33637 | medium | 6.5 | 6.5 | 13d ago | Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping | |||
| CVE-2026-8769 | medium | 6.5 | 6.5 | 13d ago | @ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue | |||
| CVE-2026-8766 | medium | 6.5 | 6.5 | 13d ago | @kilocode/cli Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2026-8765 | medium | 6.5 | 6.5 | 13d ago | A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component Fi… | |||
| CVE-2026-8746 | medium | 6.5 | 6.5 | 13d ago | A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover_handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation res… | |||
| CVE-2026-8745 | medium | 6.5 | 6.5 | 13d ago | A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogs_timer_add in the library /src/ausf/nausf-handler.c of the component AUSF. The manipulation le… | |||
| CVE-2026-8744 | medium | 6.5 | 6.5 | 13d ago | A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogs_sbi_subscription_data_add/ogs_sbi_nf_service_add in the library /lib/sbi/context.c of the component NRF. Executing … | |||
| CVE-2026-8738 | medium | 6.5 | 6.5 | 14d ago | A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file public… | |||
| CVE-2026-8731 | medium | 6.5 | 6.5 | 14d ago | A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs_sbi_client_add in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument client_pool … | |||
| CVE-2026-8730 | medium | 6.5 | 6.5 | 14d ago | A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs_sbi_nf_instance_set_id in the library /lib/sbi/context.c of the component NRF. Executing a manipulation of the argument nfI… | |||
| CVE-2026-8729 | medium | 6.5 | 6.5 | 14d ago | A vulnerability was detected in Open5GS up to 2.7.7. This affects an unknown function in the library /lib/sbi/message.c of the component NRF. Performing a manipulation of the argument service-names/s… | |||
| CVE-2026-8728 | medium | 6.5 | 6.5 | 14d ago | A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_discovery_option_parse_plmn_list in the library /lib/sbi/conv.c of the component NRF. S… | |||
| CVE-2026-46719 | medium | 6.5 | 6.5 | 14d ago | Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject add… | |||
| CVE-2026-8704 | medium | 6.5 | 6.5 | 15d ago | Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified. | |||
| CVE-2026-45667 | medium | 6.5 | 6.5 | 15d ago | Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS) | |||
| CVE-2026-45666 | medium | 6.5 | 6.5 | 15d ago | Open WebUI has an Indirect Object Reference (IDOR) in user notes | |||
| CVE-2026-45351 | medium | 6.5 | 6.5 | 15d ago | Open WebUI Exposes System Prompt to Regular User [Non-Admin] | |||
| CVE-2026-45345 | medium | 6.5 | 6.5 | 15d ago | Open WebUI missing authorization check at the model update function - models from other users can be updated | |||
| CVE-2026-44571 | medium | 6.5 | 6.5 | 15d ago | Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission | |||
| CVE-2026-45008 | medium | 6.5 | 6.5 | 15d ago | phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit tr… | |||
| CVE-2026-44562 | medium | 6.5 | 6.5 | 15d ago | Open WebUI's Model Import Overwrites Any Model Without Ownership Check | |||
| CVE-2026-44560 | medium | 6.5 | 6.5 | 15d ago | Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search | |||
| CVE-2026-4054 | medium | 6.5 | 6.5 | 15d ago | Mattermost doesn't validate the response body of proxied images | |||
| CVE-2026-46362 | medium | 6.5 | 6.5 | 15d ago | phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution after sending a forbidden response. Att… | |||
| CVE-2026-45619 | medium | 6.5 | 6.5 | 15d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL() for DNS … | |||
| CVE-2026-45773 | medium | 6.5 | 6.5 | 15d ago | Trubo: Login callback CSRF/session fixation | |||
| CVE-2026-8669 | medium | 6.5 | 6.5 | 15d ago | Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized… | |||
| CVE-2026-39053 | medium | 6.5 | 6.5 | 15d ago | Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils… | |||
| CVE-2026-39052 | medium | 6.5 | 6.5 | 15d ago | Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled sc… | |||
| CVE-2026-8503 | medium | 6.5 | 6.5 | 15d ago | Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator re… | |||
| CVE-2026-4683 | medium | 6.5 | 6.5 | 16d ago | The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and … | |||
| CVE-2026-45339 | medium | 6.5 | 6.5 | 16d ago | Open WebUI's API key endpoint restrictions bypassed via `x-api-key` header — full message processing on restricted endpoints | |||
| CVE-2026-45306 | medium | 6.5 | 6.5 | 16d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storage_folder inside PKGDIR or userdir, but does NOT protect… | |||
| CVE-2026-8570 | medium | 6.5 | 6.5 | 16d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrom… | |||
| CVE-2026-8550 | medium | 6.5 | 6.5 | 16d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrom… | |||
| CVE-2026-26062 | medium | 6.5 | 6.5 | 16d ago | Fleet server may terminate unexpectedly when handling certain gRPC requests | |||
| CVE-2026-22706 | medium | 6.5 | 6.5 | 16d ago | Strapi: Password Reset Does Not Revoke Existing Refresh Sessions | |||
| CVE-2026-42572 | medium | 6.5 | 6.5 | 16d ago | Hatchet affected by cross-tenant information disclosure in `listTasksByDAGIds` | |||
| CVE-2026-41888 | medium | 6.5 | 6.5 | 16d ago | Distribution's tag deletion bypasses `storage.delete.enabled` configuration | |||
| CVE-2026-44514 | medium | 6.5 | 6.5 | 16d ago | Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users | |||
| CVE-2026-6478 | medium | 6.5 | 6.5 | 16d ago | Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 … | |||
| CVE-2026-6670 | medium | 6.5 | 6.5 | 17d ago | The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_dir' and 'media_items' parameters. This is due to insufficient validation … | |||
| CVE-2026-6225 | medium | 6.5 | 6.5 | 17d ago | The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'project_search' parameter in all versions u… | |||
| CVE-2026-5193 | medium | 6.5 | 6.5 | 17d ago | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insu… |