CVE-2026-26286 - SillyTavern is a locally installed user interface that allows users to interact with text generation

CVE-2026-26282 - NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.

CVE-2025-67305 - In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the p

CVE-2026-27013 - Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies `escapeXml

CVE-2026-26318 - systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are v

CVE-2026-26280 - systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a

CVE-2026-26278 - fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object wi

CVE-2026-26267 - soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the

CVE-2026-26205 - opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 ha

CVE-2026-26203 - PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a crit

CVE-2026-26202 - Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an

CVE-2026-26201 - emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple sh

CVE-2026-26200 - HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` f

CVE-2026-26193 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-26192 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-26189 - Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A com

CVE-2026-26063 - CediPay is a crypto-to-fiat app for the Ghanaian market. A vulnerability in CediPay prior to version

CVE-2025-67304 - In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for th

CVE-2026-27475 - SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter

CVE-2026-27474 - SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the private area, complementing an incomplete

CVE-2026-27473 - SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via syndicated sites in the private area.

CVE-2026-27472 - SPIP before 4.4.9 allows Blind Server-Side Request Forgery (SSRF) via syndicated sites in the privat

CVE-2026-26059 - ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible fo

CVE-2026-26057 - Skill Scanner is a security scanner for AI Agent Skills that detects prompt injection, data exfiltra

CVE-2026-23621 - GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vu

CVE-2026-2817 - Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, p

CVE-2026-2409 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-2243 - A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnera

CVE-2026-26339 - Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execu

CVE-2026-26338 - Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side reque

CVE-2026-26337 - Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary fi

CVE-2026-23620 - GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnera

CVE-2026-23619 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23618 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23617 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23616 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23615 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23614 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23613 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23612 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23611 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23610 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23609 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23608 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23607 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23606 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23605 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-23604 - GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in

CVE-2026-2232 - The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-b

CVE-2026-26336 - Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories

CVE-2026-26030 - Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability i

CVE-2026-26016 - Wings is the server control plane for Pterodactyl, a free, open-source game server management panel.

CVE-2026-25998 - strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing cred

CVE-2026-24834 - Kata Containers is an open source project focusing on a standard implementation of lightweight Virtu

CVE-2026-1581 - The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' para

CVE-2025-69725 - An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote atta

CVE-2025-69674 - Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7_P161006 (Build.0333.250211) allows an at

CVE-2026-2274 - A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23

CVE-2026-26345 - SPIP before 4.4.8 contains a stored cross-site scripting (XSS) vulnerability in the public area trig

CVE-2026-26223 - SPIP before 4.4.8 allows cross-site scripting (XSS) in the private area via malicious iframe tags. T

CVE-2026-25940 - jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and me

CVE-2026-25766 - Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s `middleware.Static` u

CVE-2026-25739 - Indico is an event management system that uses Flask-Multipass, a multi-backend authentication syste

CVE-2026-25738 - Indico is an event management system that uses Flask-Multipass, a multi-backend authentication syste

CVE-2025-71250 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-71249 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-71248 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-71247 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-71246 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-71245 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-71244 - SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An at

CVE-2025-71243 - The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a cri

CVE-2025-71242 - SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. Th

CVE-2025-71241 - SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS) in the private area. The con

CVE-2025-71240 - SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The appl

CVE-2026-25755 - jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of t

CVE-2026-25535 - jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argumen

CVE-2026-25527 - changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2

CVE-2025-55853 - SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery (SSRF). The PDF convert

CVE-2026-2744 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2019-25430 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unaut

CVE-2019-25429 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25428 - Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the o

CVE-2019-25427 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25426 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25425 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25424 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25423 - Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the /

CVE-2019-25422 - Comodo Dome Firewall 2.7.0 contains cross-site scripting vulnerabilities that allow attackers to inj

CVE-2019-25421 - Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attacke

CVE-2019-25420 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25419 - Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attacker

CVE-2019-25418 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25417 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25416 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25415 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25414 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unaut

CVE-2019-25413 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unaut

CVE-2019-25412 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25411 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25410 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25409 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25408 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25407 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25406 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attac

CVE-2019-25405 - Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attacker

CVE-2019-25404 - Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenti

CVE-2019-25403 - Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenti

CVE-2019-25402 - Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unaut

CVE-2025-9953 - Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Trai

CVE-2025-8350 - Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove

CVE-2025-9062 - Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering

CVE-2025-15563 - Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific

CVE-2025-15562 - The server API endpoint /report/internet/urls reflects received data into the HTML response without

CVE-2025-15561 - An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges

CVE-2025-15560 - An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime serve

CVE-2025-15559 - An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft

CVE-2026-2718 - The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via G

CVE-2026-2716 - The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-22268 - Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignm

CVE-2026-22267 - Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignm

CVE-2026-22266 - Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of So

CVE-2026-1461 - The Simple Membership plugin for WordPress is vulnerable to Improper Handling of Missing Values in a

CVE-2026-1219 - The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulner

CVE-2025-13590 - A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled l

CVE-2025-12107 - Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin pr

CVE-2026-2736 - Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which allows an attacker to execute

CVE-2026-2735 - Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which occurs when user input is not pr

CVE-2026-27094 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27092 - Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrec

CVE-2026-27090 - Cross-Site Request Forgery (CSRF) vulnerability in WP Moose Kenta Companion kenta-companion allows C

CVE-2026-27074 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27069 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27066 - Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-

CVE-2026-27059 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27058 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27057 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27056 - Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorre

CVE-2026-27055 - Missing Authorization vulnerability in PenciDesign Penci AI SmartContent Creator penci-ai allows Exp

CVE-2026-27052 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-27050 - Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross Site R

CVE-2026-27042 - Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Inc

CVE-2026-26362 - Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A

CVE-2026-26361 - Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vu

CVE-2026-26360 - Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vu

CVE-2026-26359 - Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vu

CVE-2026-26358 - Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A lo

CVE-2026-25473 - Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configure

CVE-2026-25472 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25463 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25459 - Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configure

CVE-2026-25453 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25451 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25441 - Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting I

CVE-2026-25432 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25428 - Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Req

CVE-2026-25423 - Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lit

CVE-2026-25422 - Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Extra popularis-extra allows

CVE-2026-25420 - Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allow

CVE-2026-25419 - Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Explo

CVE-2026-25418 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-25416 - Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addo

CVE-2026-25415 - Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Inco

CVE-2026-25412 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-25411 - Cross-Site Request Forgery (CSRF) vulnerability in themastercut Revision Manager TMC revision-manage

CVE-2026-25410 - Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Con

CVE-2026-25409 - Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows E

CVE-2026-25408 - Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exp

CVE-2026-25407 - Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly C

CVE-2026-25404 - Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting In

CVE-2026-25402 - Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI As

CVE-2026-25399 - Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows E

CVE-2026-25395 - Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Inc

CVE-2026-25394 - Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Inc

CVE-2026-25393 - Missing Authorization vulnerability in sparklewpthemes Hello FSE hello-fse allows Exploiting Incorre

CVE-2026-25392 - URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs &#8211

CVE-2026-25391 - Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Inco

CVE-2026-25389 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagaus

CVE-2026-25388 - Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorre

CVE-2026-25387 - Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization all

CVE-2026-25386 - Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrect

CVE-2026-25385 - Server-Side Request Forgery (SSRF) vulnerability in KaizenCoders URL Shortify url-shortify allows Se

CVE-2026-25384 - Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Expl

CVE-2026-25378 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-25375 - Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-gri

CVE-2026-25374 - Missing Authorization vulnerability in raratheme Spa and Salon spa-and-salon allows Exploiting Incor

CVE-2026-25372 - Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly

CVE-2026-25370 - Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploit

CVE-2026-25368 - Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allo

CVE-2026-25367 - Missing Authorization vulnerability in NooTheme CitiLights noo-citilights allows Exploiting Incorrec

CVE-2026-25364 - Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices

CVE-2026-25363 - Missing Authorization vulnerability in FooPlugins FooGallery foogallery allows Exploiting Incorrectl

CVE-2026-25362 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25348 - Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting I

CVE-2026-25343 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25338 - Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS

CVE-2026-25337 - Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Re

CVE-2026-25336 - Missing Authorization vulnerability in wpcoachify Coachify coachify allows Exploiting Incorrectly Co

CVE-2026-25335 - Missing Authorization vulnerability in Ays Pro Secure Copy Content Protection and Content Locking se

CVE-2026-25333 - Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrect

CVE-2026-25332 - Missing Authorization vulnerability in Fahad Mahmood Endless Posts Navigation endless-posts-navigati

CVE-2026-25331 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25330 - Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows

CVE-2026-25329 - Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next a

CVE-2026-25326 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-25325 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp r

CVE-2026-25324 - Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Surve

CVE-2026-25323 - Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access

CVE-2026-25322 - Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions revisionary a

CVE-2026-25321 - Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incor

CVE-2026-25320 - Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-f

CVE-2026-25319 - Cross-Site Request Forgery (CSRF) vulnerability in wpzita Zita Elementor Site Library zita-site-libr

CVE-2026-25318 - Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce

CVE-2026-25316 - Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Objec

CVE-2026-25315 - Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows E

CVE-2026-25314 - Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows

CVE-2026-25313 - Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incor

CVE-2026-25311 - Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Explo

CVE-2026-25310 - Server-Side Request Forgery (SSRF) vulnerability in Alobaidi Extend Link extend-link allows Server S

CVE-2026-25308 - Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploit

CVE-2026-25307 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25305 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25008 - Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninj

CVE-2026-25006 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8them

CVE-2026-25005 - Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmed

CVE-2026-25004 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25003 - Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiti

CVE-2026-25000 - Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting I

CVE-2026-24999 - Missing Authorization vulnerability in Alma Alma alma-gateway-for-woocommerce allows Exploiting Inco

CVE-2026-24392 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24375 - Missing Authorization vulnerability in WP Swings Ultimate Gift Cards For WooCommerce woo-gift-cards-

CVE-2026-23805 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-23804 - Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews a

CVE-2026-23803 - Server-Side Request Forgery (SSRF) vulnerability in Burhan Nasir Smart Auto Upload Images smart-auto

CVE-2026-23549 - Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows O

CVE-2026-23548 - Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting

CVE-2026-23547 - Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-com

CVE-2026-23545 - Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows E

CVE-2026-23544 - Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.

CVE-2026-23543 - Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-f

CVE-2026-23542 - Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allow

CVE-2026-23541 - Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality

CVE-2026-22422 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeve

CVE-2026-22333 - Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerc

CVE-2026-22269 - Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of So

CVE-2025-41023 - An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allo

CVE-2025-40697 - Reflected Cross-Site Scripting (XSS) vulnerability in '/index.php' in Lewe WebMeasure, which allows

CVE-2026-2733 - A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to

CVE-2026-2711 - A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element

CVE-2026-2731 - Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.