CVE-2025-69240 - Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled d

CVE-2025-69239 - Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. I

CVE-2025-69238 - Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft

CVE-2025-69237 - Raytha CMS is vulnerable to Stored XSS via FieldValues[0].Value parameter in page creation functiona

CVE-2025-69236 - Raytha CMS is vulnerable to Stored XSS via FieldValues[1].Value parameter in post editing functional

CVE-2025-54920 - This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version

CVE-2025-52648 - HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of imag

CVE-2025-52638 - HCL AION is affected by a vulnerability where generated containers may execute binaries with root-le

CVE-2025-52637 - HCL AION is affected by a vulnerability where certain offering configurations may permit execution o

CVE-2025-52458 - in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-inst

CVE-2025-41432 - in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-inst

CVE-2025-26474 - in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. Th

CVE-2025-25277 - in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-inst

CVE-2025-15587 - Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged us

CVE-2025-15554 - Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with

CVE-2025-15553 - Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with a

CVE-2025-15552 - Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with ac

CVE-2025-15540 - "Functions" module in Raytha CMS allows privileged users to write custom code to add functionality t

CVE-2025-15060 - claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability. This vuln

CVE-2025-14287 - A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in th

CVE-2025-13460 - IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an obse

CVE-2025-13459 - IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service du

CVE-2025-13212 - IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of servic

CVE-2025-12736 - in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak thro

CVE-2025-11500 - Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authent

CVE-2025-10685 - Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and s

CVE-2025-10461 - Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH s

CVE-2017-20224 - Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability th

CVE-2017-20223 - Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object refere

CVE-2017-20222 - Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot

CVE-2017-20221 - Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerabilit

CVE-2017-20220 - Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that

CVE-2017-20219 - Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability

CVE-2017-20218 - Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows lo

CVE-2017-20217 - Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enfo

CVE-2016-20036 - Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the

CVE-2016-20035 - Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attacke

CVE-2016-20034 - Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated

CVE-2016-20033 - Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authent

CVE-2016-20032 - ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allo

CVE-2016-20031 - ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that al

CVE-2016-20030 - ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attac

CVE-2016-20029 - ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to ac

CVE-2016-20028 - ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers t

CVE-2016-20027 - ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow

CVE-2016-20026 - ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that all

CVE-2016-20025 - ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows a

CVE-2016-20024 - ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileg

CVE-2015-20121 - Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthentic

CVE-2015-20120 - Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilit

CVE-2015-20119 - Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that all

CVE-2015-20118 - Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the l

CVE-2015-20117 - Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allo

CVE-2015-20116 - Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attacke

CVE-2015-20115 - Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers t

CVE-2015-20114 - Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows att

CVE-2015-20113 - Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site

CVE-2013-20006 - Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative

CVE-2013-20005 - Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perfor

CVE-2026-4111 - A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specificall

CVE-2026-4105 - A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulner

CVE-2026-4092 - Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code e

CVE-2026-4063 - The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data mo

CVE-2026-3999 - A broken access control may allow an authenticated user to perform a horizontal privilege escalatio

CVE-2026-3986 - The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-3910 - Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker

CVE-2026-3909 - Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to per

CVE-2026-3891 - The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing

CVE-2026-3873 - Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not Properly

CVE-2026-3045 - The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable t

CVE-2026-32746 - telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Ch

CVE-2026-32745 - In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute f

CVE-2026-32612 - Statamic is a Laravel and Git powered content management system (CMS). Prior to 6.6.2, stored XSS in

CVE-2026-32598 - OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password

CVE-2026-32597 - PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the cri

CVE-2026-32543 - Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons

CVE-2026-32487 - Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Expl

CVE-2026-32486 - Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploitin

CVE-2026-32462 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32461 - Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl all

CVE-2026-32460 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32459 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-32458 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-32457 - Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for W

CVE-2026-32456 - Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor a

CVE-2026-32455 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32454 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32453 - Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrec

CVE-2026-32452 - Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting I

CVE-2026-32451 - Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting I

CVE-2026-32450 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32449 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32448 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32447 - Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiti

CVE-2026-32446 - Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Explo

CVE-2026-32445 - Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiti

CVE-2026-32443 - Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce wo

CVE-2026-32442 - Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Ac

CVE-2026-32440 - Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Confi

CVE-2026-32439 - Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectl

CVE-2026-32438 - Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Explo

CVE-2026-32437 - Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrec

CVE-2026-32436 - Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Inco

CVE-2026-32435 - Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectl

CVE-2026-32434 - Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly

CVE-2026-32433 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-32432 - Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-f

CVE-2026-32431 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32430 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32429 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32428 - Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Expl

CVE-2026-32427 - Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploitin

CVE-2026-32426 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-32425 - Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-p

CVE-2026-32424 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32423 - Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancement

CVE-2026-32422 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-32421 - Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Inc

CVE-2026-32420 - Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garcia GamiPress gamipress allows Cross Sit

CVE-2026-32419 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32418 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-32417 - Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Confi

CVE-2026-32416 - Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly

CVE-2026-32415 - Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal

CVE-2026-32414 - Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo Labels

CVE-2026-32413 - Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Ex

CVE-2026-32412 - Server-Side Request Forgery (SSRF) vulnerability in Gift Up! Gift Up Gift Cards for WordPress and Wo

CVE-2026-32411 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32410 - Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currenc

CVE-2026-32409 - Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator form

CVE-2026-32408 - Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Config

CVE-2026-32407 - Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlis

CVE-2026-32406 - Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bund

CVE-2026-32405 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos W

CVE-2026-32404 - Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Explo

CVE-2026-32403 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32402 - Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Inco

CVE-2026-32401 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-32400 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-32399 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-32398 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerab

CVE-2026-32397 - Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorre

CVE-2026-32396 - Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Confi

CVE-2026-32395 - Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder &#8211; Lite xpro-addons-

CVE-2026-32394 - Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enh

CVE-2026-32393 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-32392 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-32391 - Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Co

CVE-2026-32390 - Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Co

CVE-2026-32388 - Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured A

CVE-2026-32387 - Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Expl

CVE-2026-32386 - Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectl

CVE-2026-32385 - Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-

CVE-2026-32384 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-32383 - Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configure

CVE-2026-32382 - Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting

CVE-2026-32381 - Missing Authorization vulnerability in raratheme App Landing Page app-landing-page allows Exploiting

CVE-2026-32380 - Missing Authorization vulnerability in raratheme Numinous numinous allows Exploiting Incorrectly Con

CVE-2026-32379 - Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incor

CVE-2026-32378 - Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiti

CVE-2026-32377 - Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Inc

CVE-2026-32376 - Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting Incorrectly Configure

CVE-2026-32375 - Missing Authorization vulnerability in raratheme Travel Diaries travel-diaries allows Exploiting Inc

CVE-2026-32374 - Missing Authorization vulnerability in raratheme The Minimal the-minimal allows Exploiting Incorrect

CVE-2026-32373 - Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Ex

CVE-2026-32372 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTh

CVE-2026-32371 - Missing Authorization vulnerability in raratheme Elegant Pink elegant-pink allows Exploiting Incorre

CVE-2026-32370 - Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly

CVE-2026-32369 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-32368 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-32367 - Improper Control of Generation of Code ('Code Injection') vulnerability in Yannick Lefebvre Modal Di

CVE-2026-32366 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-32365 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-32364 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-32363 - Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting

CVE-2026-32362 - Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic a

CVE-2026-32361 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32360 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32359 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32358 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-32357 - Server-Side Request Forgery (SSRF) vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-c

CVE-2026-32356 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32355 - Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Inj

CVE-2026-32354 - Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eve

CVE-2026-32353 - Server-Side Request Forgery (SSRF) vulnerability in MailerPress Team MailerPress mailerpress allows

CVE-2026-32352 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32351 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32350 - Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting I

CVE-2026-32349 - Server-Side Request Forgery (SSRF) vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer al

CVE-2026-32348 - Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrect

CVE-2026-32347 - Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Expl

CVE-2026-32346 - Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incor

CVE-2026-32345 - Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Exploiti

CVE-2026-32344 - Cross-Site Request Forgery (CSRF) vulnerability in desertthemes Corpiva corpiva allows Cross Site Re

CVE-2026-32343 - Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-co

CVE-2026-32342 - Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site R

CVE-2026-32341 - Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly

CVE-2026-32340 - Missing Authorization vulnerability in raratheme Business One Page business-one-page allows Exploiti

CVE-2026-32339 - Missing Authorization vulnerability in raratheme Bakes And Cakes bakes-and-cakes allows Exploiting I

CVE-2026-32338 - Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page

CVE-2026-32337 - Missing Authorization vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergart

CVE-2026-32336 - Missing Authorization vulnerability in raratheme Rara Business rara-business allows Exploiting Incor

CVE-2026-32335 - Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Inc

CVE-2026-32334 - Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Con

CVE-2026-32332 - Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Con

CVE-2026-32331 - Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly

CVE-2026-32330 - Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows

CVE-2026-32329 - Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows

CVE-2026-32328 - Cross-Site Request Forgery (CSRF) vulnerability in shufflehound Lemmony lemmony allows Cross Site Re

CVE-2026-32322 - soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr (scala

CVE-2026-32320 - Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processi

CVE-2026-32319 - Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processi

CVE-2026-32308 - OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown

CVE-2026-32306 - OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry

CVE-2026-32304 - Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior

CVE-2026-32302 - OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections co

CVE-2026-32301 - Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vuln

CVE-2026-31949 - LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service (DoS)

CVE-2026-31944 - LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP (Model Conte

CVE-2026-31922 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-31919 - Missing Authorization vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanc

CVE-2026-31918 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-31917 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-31916 - Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allow

CVE-2026-31915 - Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Con

CVE-2026-31899 - CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has expo

CVE-2026-31897 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of

CVE-2026-31886 - Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request f

CVE-2026-31885 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of

CVE-2026-31884 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero i

CVE-2026-31883 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow

CVE-2026-31882 - Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configure

CVE-2026-31864 - JumpServer is an open source bastion host and an operation and maintenance security audit system. a

CVE-2026-31814 - Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to befo

CVE-2026-31806 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdi_surface_b

CVE-2026-31798 - JumpServer is an open source bastion host and an operation and maintenance security audit system. Pr

CVE-2026-30961 - Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior

CVE-2026-30955 - Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior

CVE-2026-30943 - Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior

CVE-2026-30915 - SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain

CVE-2026-30914 - SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a

CVE-2026-30853 - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books.

CVE-2026-2890 - The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all version

CVE-2026-2888 - The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-cont

CVE-2026-2879 - The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions

CVE-2026-2859 - Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, an

CVE-2026-2673 - Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange g

CVE-2026-2257 - The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions

CVE-2026-29776 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow

CVE-2026-29775 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap