CVEs from 2026
Total
13,909
critical
critical 1,208
high
high 4,525
medium
medium 4,356
low
low 481
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35074 | medium | 6.7 | 6.7 | 2mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat… | |||
| CVE-2026-35073 | medium | 6.7 | 6.7 | 2mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat… | |||
| CVE-2026-35072 | medium | 6.7 | 6.7 | 2mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat… | |||
| CVE-2026-32176 | medium | 6.7 | 6.7 | 2mo ago | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32167 | medium | 6.7 | 6.7 | 2mo ago | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-0390 | medium | 6.7 | 6.7 | 2mo ago | Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2026-4105 | medium | 6.7 | 6.7 | 3mo ago | A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop… | |||
| CVE-2026-21422 | medium | 6.7 | 6.7 | 3mo ago | Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentiall… | |||
| CVE-2026-22341 | medium | 6.7 | 6.7 | 3mo ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-Themes Booked booked allows Authentication Abuse.This issue affects Booked: from n/a through <= 3.0.0. | |||
| CVE-2026-48919 | medium | 6.6 | 6.6 | 6d ago | Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation. | |||
| CVE-2026-48918 | medium | 6.6 | 6.6 | 6d ago | Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default. | |||
| CVE-2026-48917 | medium | 6.6 | 6.6 | 6d ago | Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation. | |||
| CVE-2026-48916 | medium | 6.6 | 6.6 | 6d ago | Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals. | |||
| CVE-2026-27768 | medium | 6.6 | 6.6 | 8d ago | SQL Injection affecting the Access Manager role. | |||
| CVE-2026-6366 | medium | 6.6 | 6.6 | 13d ago | Drupal core contains a chain of methods that could be exploitable when an insecure deserialization vulnerability exists on the site. This so-called "gadget chain" presents no direct threat, but is a … | |||
| CVE-2026-34216 | medium | 6.6 | 6.6 | 13d ago | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied requ… | |||
| CVE-2026-20905 | medium | 6.6 | 6.6 | 20d ago | Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an… | |||
| CVE-2026-20782 | medium | 6.6 | 6.6 | 20d ago | Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenti… | |||
| CVE-2026-20717 | medium | 6.6 | 6.6 | 20d ago | Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with a… | |||
| CVE-2026-35255 | medium | 6.6 | 6.6 | 27d ago | Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability… | |||
| CVE-2026-42510 | medium | 6.6 | 6.6 | 1mo ago | OpenStack Ironic is Vulnerable to Inclusion of Functionality from Untrusted Control Sphere | |||
| CVE-2026-35365 | medium | 6.6 | 6.6 | 1mo ago | The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands t… | |||
| CVE-2026-4114 | medium | 6.6 | 6.6 | 2mo ago | Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication. | |||
| CVE-2026-3401 | medium | 6.6 | 6.6 | 3mo ago | A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of th… | |||
| CVE-2026-24753 | medium | 6.5 | 6.5 | 4h ago | Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resou… | |||
| CVE-2026-0080 | medium | 6.5 | 6.5 | 5h ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution priv… | |||
| CVE-2026-0052 | medium | 6.5 | 6.5 | 5h ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution priv… | |||
| CVE-2026-0051 | medium | 6.5 | 6.5 | 5h ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a system crash due to improper input validation. This could lead to remote denial of service with no additional e… | |||
| CVE-2026-0044 | medium | 6.5 | 6.5 | 5h ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause the system to crash due to an integer overflow. This could lead to remote denial of service with no additional ex… | |||
| CVE-2026-0041 | medium | 6.5 | 6.5 | 5h ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible UBSan failure due to an integer overflow. This could lead to remote denial of service with no additional execution privileges … | |||
| CVE-2026-0040 | medium | 6.5 | 6.5 | 5h ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution priv… | |||
| CVE-2026-0039 | medium | 6.5 | 6.5 | 5h ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to remote denial of service with no additional execut… | |||
| CVE-2026-45282 | medium | 6.5 | 6.5 | 8h ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of… | |||
| CVE-2026-45275 | medium | 6.5 | 6.5 | 8h ago | Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to f… | |||
| CVE-2026-23638 | medium | 6.5 | 6.5 | 8h ago | Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper w… | |||
| CVE-2026-45267 | medium | 6.5 | 6.5 | 10h ago | Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been p… | |||
| CVE-2026-42679 | medium | 6.5 | 6.5 | 10h ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n… | |||
| CVE-2026-42676 | medium | 6.5 | 6.5 | 10h ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4. | |||
| CVE-2026-42671 | medium | 6.5 | 6.5 | 10h ago | Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GeoDirectory: from n/a through 2.8.157. | |||
| CVE-2026-10272 | medium | 6.5 | 6.5 | 10h ago | A vulnerability has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The impacted element is an unknown function of the file admin/deleteform.php. Such man… | |||
| CVE-2026-42360 | medium | 6.5 | 6.5 | 18h ago | A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g. nested `password` / `token` / `secret` / `api_key` keys inside a JSON template structure) to be by… | |||
| CVE-2026-42358 | medium | 6.5 | 6.5 | 18h ago | A bug in Apache Airflow's Variable response masker caused nested-key redaction (triggered by secret-suffixed key names like `password`, `token`, `secret`, `api_key`) to be bypassed when the JSON valu… | |||
| CVE-2026-45192 | medium | 6.5 | 6.5 | 19h ago | A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connect… | |||
| CVE-2026-48208 | medium | 6.5 | 6.5 | 23h ago | An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to… | |||
| CVE-2026-10190 | medium | 6.5 | 6.5 | 1d ago | A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the arg… | |||
| CVE-2026-49386 | medium | 6.5 | 6.5 | 3d ago | In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas | |||
| CVE-2026-49385 | medium | 6.5 | 6.5 | 3d ago | In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts | |||
| CVE-2026-49379 | medium | 6.5 | 6.5 | 3d ago | In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names | |||
| CVE-2026-49376 | medium | 6.5 | 6.5 | 3d ago | In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin | |||
| CVE-2026-47745 | medium | 6.5 | 6.5 | 3d ago | Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions (enable, disable, edit, delete… | |||
| CVE-2026-47742 | medium | 6.5 | 6.5 | 3d ago | Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor (Edit, Inventory, Seo, Shipping, Files) had no authorization on their store() met… | |||
| CVE-2026-39229 | medium | 6.5 | 6.5 | 3d ago | Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective comp… | |||
| CVE-2026-35673 | medium | 6.5 | 6.5 | 3d ago | OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked tabs. Attackers with access to these routes can byp… | |||
| CVE-2026-9493 | medium | 6.5 | 6.5 | 4d ago | Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query fun… | |||
| CVE-2026-9996 | medium | 6.5 | 6.5 | 4d ago | Out of bounds read in WebRTC in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromi… | |||
| CVE-2026-9981 | medium | 6.5 | 6.5 | 4d ago | Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chrom… | |||
| CVE-2026-9953 | medium | 6.5 | 6.5 | 4d ago | Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secur… | |||
| CVE-2026-9917 | medium | 6.5 | 6.5 | 4d ago | Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chro… | |||
| CVE-2026-9912 | medium | 6.5 | 6.5 | 4d ago | Inappropriate implementation in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML pa… | |||
| CVE-2026-9908 | medium | 6.5 | 6.5 | 4d ago | Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secur… | |||
| CVE-2026-9882 | medium | 6.5 | 6.5 | 4d ago | Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-10018 | medium | 6.5 | 6.5 | 4d ago | Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium securit… | |||
| CVE-2026-10008 | medium | 6.5 | 6.5 | 4d ago | Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromi… | |||
| CVE-2026-10004 | medium | 6.5 | 6.5 | 4d ago | Insufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity:… | |||
| CVE-2026-33464 | medium | 6.5 | 6.5 | 4d ago | Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially … | |||
| CVE-2026-49094 | medium | 6.5 | 6.5 | 4d ago | Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with viewer-level access can submit a request containin… | |||
| CVE-2026-49095 | medium | 6.5 | 6.5 | 4d ago | Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent po… | |||
| CVE-2026-42399 | medium | 6.5 | 6.5 | 4d ago | Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated low-privileged user can cause Kibana to consume exponentiall… | |||
| CVE-2026-42400 | medium | 6.5 | 6.5 | 4d ago | Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user can send a specially crafted compressed request payload… | |||
| CVE-2026-47673 | medium | 6.5 | 6.5 | 4d ago | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the jwt and jwk middlewares do not verify that the Authorization header value uses theBearer sc… | |||
| CVE-2026-41141 | medium | 6.5 | 6.5 | 4d ago | EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning e… | |||
| CVE-2026-7048 | medium | 6.5 | 6.5 | 5d ago | The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order_by' parameter in all versions up to, and including, 1.8.… | |||
| CVE-2026-3173 | medium | 6.5 | 6.5 | 5d ago | The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary … | |||
| CVE-2026-9796 | medium | 6.5 | 6.5 | 5d ago | A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can exploit a Time-of-check to time-of-use (TOCTOU) vulnerability in the name-based admin role checks. This… | |||
| CVE-2026-9792 | medium | 6.5 | 6.5 | 5d ago | A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain condition providers (client-type, client-roles, client-attributes, client-… | |||
| CVE-2026-5737 | medium | 6.5 | 6.5 | 5d ago | The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/searc… | |||
| CVE-2026-47273 | medium | 6.5 | 6.5 | 5d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb builds XPath expressions from user-supplied identifiers (PAM username, service name) and dev… | |||
| CVE-2026-1402 | medium | 6.5 | 6.5 | 5d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authen… | |||
| CVE-2026-45081 | medium | 6.5 | 6.5 | 5d ago | Frappe HR is an open-source human resources management solution (HRMS). Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This… | |||
| CVE-2026-48147 | medium | 6.5 | 6.5 | 5d ago | Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex() / matches() functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanc… | |||
| CVE-2026-45719 | medium | 6.5 | 6.5 | 5d ago | Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API | |||
| CVE-2026-44317 | medium | 6.5 | 6.5 | 5d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose as… | |||
| CVE-2026-44324 | medium | 6.5 | 6.5 | 5d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions han… | |||
| CVE-2026-44353 | medium | 6.5 | 6.5 | 6d ago | Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries an… | |||
| CVE-2026-49044 | medium | 6.5 | 6.5 | 6d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Ad… | |||
| CVE-2026-47118 | medium | 6.5 | 6.5 | 6d ago | Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, whi… | |||
| CVE-2026-9035 | medium | 6.5 | 6.5 | 6d ago | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte… | |||
| CVE-2026-8405 | medium | 6.5 | 6.5 | 6d ago | IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode. | |||
| CVE-2026-6936 | medium | 6.5 | 6.5 | 6d ago | IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit th… | |||
| CVE-2026-3676 | medium | 6.5 | 6.5 | 6d ago | IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of se… | |||
| CVE-2026-2340 | medium | 6.5 | 6.5 | 6d ago | A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to i… | |||
| CVE-2026-42751 | medium | 6.5 | 6.5 | 6d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: f… | |||
| CVE-2026-42750 | medium | 6.5 | 6.5 | 6d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nexcess WPComplete wpcomplete allows Stored XSS.This issue affects WPComplete: from n/a through <… | |||
| CVE-2026-42744 | medium | 6.5 | 6.5 | 6d ago | Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a … | |||
| CVE-2026-42732 | medium | 6.5 | 6.5 | 6d ago | Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a thr… | |||
| CVE-2026-42725 | medium | 6.5 | 6.5 | 6d ago | Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Exploiting Incorrectly Configured Access Contr… | |||
| CVE-2026-42726 | medium | 6.5 | 6.5 | 6d ago | Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects … | |||
| CVE-2026-48968 | medium | 6.5 | 6.5 | 6d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.… | |||
| CVE-2026-48877 | medium | 6.5 | 6.5 | 6d ago | Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0. | |||
| CVE-2026-40849 | medium | 6.5 | 6.5 | 6d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user_alarmprofile view due to improper neutralization of special elements in a SQL SELECT command. … |