CVEs from 2026
Total
13,532
critical
critical 1,163
high
high 4,144
medium
medium 4,137
low
low 440
% Critical
8.6%
% with KEV
0.4%
% with exploit
0.5%
Top products
- chrome 411
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4958 | medium | 6.5 | 6.5 | 2mo ago | A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.send_data of the file XAgentServer/application/websockets/replayer.py of the com… | |||
| CVE-2026-33693 | medium | 6.5 | 6.5 | 2mo ago | Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid() | |||
| CVE-2026-4825 | medium | 6.5 | 6.5 | 2mo ago | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /update_sales.php of the component HTTP GET Parameter Handler. The manipulation of… | |||
| CVE-2026-32541 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premm… | |||
| CVE-2026-32535 | medium | 6.5 | 6.5 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS … | |||
| CVE-2026-32533 | medium | 6.5 | 6.5 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: f… | |||
| CVE-2026-32527 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control … | |||
| CVE-2026-32514 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through <= … | |||
| CVE-2026-32483 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Emai… | |||
| CVE-2026-27046 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Kaira StoreCustomizer woocustomizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StoreCustomizer: from n/a through… | |||
| CVE-2026-25469 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill – WooCommerce viabill-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Via… | |||
| CVE-2026-25465 | medium | 6.5 | 6.5 | 2mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affe… | |||
| CVE-2026-25455 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect… | |||
| CVE-2026-25454 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through <= 4.4.1. | |||
| CVE-2026-25430 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Se… | |||
| CVE-2026-25390 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n… | |||
| CVE-2026-25365 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-turkiye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kargo Takip: from n/a t… | |||
| CVE-2026-25339 | medium | 6.5 | 6.5 | 2mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Retrieve Embedded Sensitive Data.This issue affects Contact Form by WPForms:… | |||
| CVE-2026-25327 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects … | |||
| CVE-2026-25034 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: fr… | |||
| CVE-2026-24987 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a thr… | |||
| CVE-2026-24376 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Javier Casares WPVulnerability wpvulnerability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPVulnerability: from … | |||
| CVE-2026-23972 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.Thi… | |||
| CVE-2026-3119 | medium | 6.5 | 6.5 | 2mo ago | Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction sig… | |||
| CVE-2026-28863 | medium | 6.5 | 6.5 | 2mo ago | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user. | |||
| CVE-2026-20657 | medium | 6.5 | 6.5 | 2mo ago | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Ta… | |||
| CVE-2026-33658 | medium | 6.5 | 6.5 | 2mo ago | Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests | |||
| CVE-2026-4778 | medium | 6.5 | 6.5 | 2mo ago | A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file update_category.php of the component HTTP GET Parameter Handler. T… | |||
| CVE-2026-4777 | medium | 6.5 | 6.5 | 2mo ago | A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulat… | |||
| CVE-2026-4749 | medium | 6.5 | 6.5 | 2mo ago | NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0. | |||
| CVE-2026-31849 | medium | 6.5 | 6.5 | 2mo ago | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a … | |||
| CVE-2026-31846 | medium | 6.5 | 6.5 | 2mo ago | Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device informa… | |||
| CVE-2026-4572 | medium | 6.5 | 6.5 | 2mo ago | A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /view_product.php of the component HTTP POST Request … | |||
| CVE-2026-4571 | medium | 6.5 | 6.5 | 2mo ago | A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_payments.php of the component HTTP P… | |||
| CVE-2026-4569 | medium | 6.5 | 6.5 | 2mo ago | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manip… | |||
| CVE-2026-4568 | medium | 6.5 | 6.5 | 2mo ago | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulati… | |||
| CVE-2026-32896 | medium | 6.5 | 6.5 | 2mo ago | OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback) | |||
| CVE-2026-32663 | medium | 6.5 | 6.5 | 2mo ago | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predi… | |||
| CVE-2026-27649 | medium | 6.5 | 6.5 | 2mo ago | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predi… | |||
| CVE-2026-32941 | medium | 6.5 | 6.5 | 2mo ago | Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports in github.com/bishopfox/sliver | |||
| CVE-2026-32889 | medium | 6.5 | 6.5 | 2mo ago | Denial of service via non-terminating SYLT frame parsing loop in tinytag | |||
| CVE-2026-32022 | medium | 6.5 | 6.5 | 2mo ago | OpenClaw safeBins grep -e File Read Bypass (stdin-only policy bypass) | |||
| CVE-2026-4426 | medium | 6.5 | 6.5 | 2mo ago | A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge exte… | |||
| CVE-2026-27397 | medium | 6.5 | 6.5 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This is… | |||
| CVE-2026-0708 | medium | 6.5 | 6.5 | 2mo ago | A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can… | |||
| CVE-2026-28522 | medium | 6.5 | 6.5 | 2mo ago | arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP p… | |||
| CVE-2026-32451 | medium | 6.5 | 6.5 | 3mo ago | Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a th… | |||
| CVE-2026-32398 | medium | 6.5 | 6.5 | 3mo ago | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This… | |||
| CVE-2026-2673 | medium | 6.5 | 6.5 | 3mo ago | Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword.… | |||
| CVE-2026-32237 | medium | 6.5 | 6.5 | 3mo ago | @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint | |||
| CVE-2026-21670 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability allowing a low-privileged user to extract saved SSH credentials. | |||
| CVE-2026-21668 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository. | |||
| CVE-2026-3954 | medium | 6.5 | 6.5 | 3mo ago | A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by this vulnerability is the function workspace of the file XAgentServer/application/routers/workspace.py. This manipulation of the ar… | |||
| CVE-2026-1471 | medium | 6.5 | 6.5 | 3mo ago | Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after resta… | |||
| CVE-2026-30973 | medium | 6.5 | 6.5 | 3mo ago | @appium/support has a Zip Slip arbitrary file write in its ZIP extraction | |||
| CVE-2026-3816 | medium | 6.5 | 6.5 | 3mo ago | A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderPa… | |||
| CVE-2026-3695 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traver… | |||
| CVE-2026-29781 | medium | 6.5 | 6.5 | 3mo ago | Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers in github.com/bishopfox/sliver | |||
| CVE-2026-29771 | medium | 6.5 | 6.5 | 3mo ago | Netmaker Vulnerable to Denial of Service via Server Shutdown Endpoint in github.com/gravitl/netmaker | |||
| CVE-2026-22723 | medium | 6.5 | 6.5 | 3mo ago | Cloudfoundry UAA has logic error in the token revocation endpoint implementation | |||
| CVE-2026-27362 | medium | 6.5 | 6.5 | 3mo ago | Missing Authorization vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP … | |||
| CVE-2026-23799 | medium | 6.5 | 6.5 | 3mo ago | Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.5. | |||
| CVE-2026-22459 | medium | 6.5 | 6.5 | 3mo ago | Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a… | |||
| CVE-2026-20064 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) co… | |||
| CVE-2026-20023 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjace… | |||
| CVE-2026-20022 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpe… | |||
| CVE-2026-3408 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads t… | |||
| CVE-2026-3269 | medium | 6.5 | 6.5 | 3mo ago | PSI Probe: Broken access control can lead to DoS | |||
| CVE-2026-3118 | medium | 6.5 | 6.5 | 3mo ago | A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user … | |||
| CVE-2026-2984 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability was identified in SourceCodester Student Result Management System 1.0. This affects an unknown function of the file /admin/core/drop_user.php. Such manipulation of the argument ID lea… | |||
| CVE-2026-2976 | medium | 6.5 | 6.5 | 3mo ago | A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function download_controller of the file /backend/app/api/v1/module_common/file/controller.py of the componen… | |||
| CVE-2026-2945 | medium | 6.5 | 6.5 | 3mo ago | A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl… | |||
| CVE-2026-2898 | medium | 6.5 | 6.5 | 3mo ago | funadmin: Deserialization Vulnerability in Backend Endpoint via AuthCloudService getMember Function | |||
| CVE-2026-2850 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\s… | |||
| CVE-2026-22350 | medium | 6.5 | 6.5 | 3mo ago | Missing Authorization vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Exploiting Incorrectly Configured Access Control Security Le… | |||
| CVE-2026-2693 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unknown code of the file /api/system/dashboard/getCount of the component System Info Endpoint. Executi… | |||
| CVE-2026-2692 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability was found in CoCoTeaNet CyreneAdmin up to 1.3.0. This affects an unknown part of the file /api/system/user/getAvatar of the component Image Handler. Performing a manipulation of the a… | |||
| CVE-2026-2669 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This impacts an unknown function of the file /dm/dispatch/user/delete of the component Us… | |||
| CVE-2026-25729 | medium | 6.5 | 6.5 | 4mo ago | DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated use… | |||
| CVE-2026-2009 | medium | 6.5 | 6.5 | 4mo ago | A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/php_action/createUser.php. Executing a manipulation can lead … | |||
| CVE-2026-24988 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.… | |||
| CVE-2026-24601 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Pay Writer penci-pay-writer allows Stored XSS.This issue affects Penci Pay Writ… | |||
| CVE-2026-24600 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a… | |||
| CVE-2026-24591 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion allows Stored XSS.Th… | |||
| CVE-2026-24576 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through <= 5.4.0. | |||
| CVE-2026-24558 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/… | |||
| CVE-2026-24555 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget… | |||
| CVE-2026-24550 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through <= 1.2.19. | |||
| CVE-2026-24526 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options … | |||
| CVE-2026-24379 | medium | 6.5 | 6.5 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP… | |||
| CVE-2026-24361 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress – Course Review learnpress-course-review allows Stored XSS.This issue affect… | |||
| CVE-2026-24355 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue a… | |||
| CVE-2026-22349 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linux4me2 Menu In Post menu-in-post allows DOM-Based XSS.This issue affects Menu In Post: from n/… | |||
| CVE-2026-1142 | medium | 6.5 | 6.5 | 4mo ago | A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be init… | |||
| CVE-2026-0571 | medium | 6.5 | 6.5 | 5mo ago | A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function createResponseEntity of the file warehouse\src\main\java… | |||
| CVE-2026-9557 | medium | 6.4 | 6.4 | 9h ago | A Server-Side Request Forgery (SSRF) vulnerability exists in Mautic's Focus component. Due to insufficient validation of user-supplied URLs, an authenticated user can trigger outbound HTTP requests f… | |||
| CVE-2026-9243 | medium | 6.4 | 6.4 | 12h ago | The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carousel_direction' parameter of the Carousel Anything widget in versions up to, and including… | |||
| CVE-2026-9714 | medium | 6.4 | 6.4 | 13h ago | The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the [showmodule] shortcode in versions up to, and including, 1.2 This is due to i… | |||
| CVE-2026-6275 | medium | 6.4 | 6.4 | 13h ago | The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on… | |||
| CVE-2026-44462 | medium | 6.4 | 6.4 | 1d ago | Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining (${var@P}), allowing arbitrary command execution under an allowliste… |