CVE-2026-24821 - Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnera

CVE-2026-24820 - Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnera

CVE-2026-24819 - Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/

CVE-2026-24818 - Out-of-bounds Read vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability

CVE-2026-24817 - Out-of-bounds Write vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability

CVE-2026-24816 - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in datavane tis (tis-console/sr

CVE-2026-24815 - Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in

CVE-2026-24814 - Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This

CVE-2026-24813 - NULL Pointer Dereference vulnerability in abcz316 SKRoot-linuxKernelRoot (testRoot/jni/utils modules

CVE-2026-24812 - Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with pr

CVE-2026-24811 - Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with pr

CVE-2026-24810 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb (s

CVE-2026-24809 - An issue from the component luaG_runerror in dependencies/lua/src/ldebug.c in praydog/REFramework ve

CVE-2026-24808 - Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). This vulnerability i

CVE-2026-24807 - Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-

CVE-2026-24806 - Improper Control of Generation of Code ('Code Injection') vulnerability in liuyueyi quick-media (plu

CVE-2026-24805 - NULL Pointer Dereference vulnerability in visualfc liteide (liteidex/src/3rdparty/libvterm/src modul

CVE-2026-24804 - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/l

CVE-2026-24803 - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/l

CVE-2026-24802 - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in briandilley jsonrpc4j (src/m

CVE-2026-24801 - Vulnerability in Ralim IronOS (source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/

CVE-2026-24800 - Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerab

CVE-2026-24799 - Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerab

CVE-2026-24798 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEnter

CVE-2026-24797 - Out-of-bounds Write vulnerability in neka-nat cupoch (third_party/libjpeg-turbo/libjpeg-turbo module

CVE-2026-24796 - Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/Regula

CVE-2026-24795 - Out-of-bounds Write vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/Regul

CVE-2026-24794 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPo

CVE-2026-24793 - Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerab

CVE-2026-24344 - Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause

CVE-2026-21721 - The dashboard permissions API does not verify the target dashboard scope and only checks the dashboa

CVE-2026-21720 - Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the re

CVE-2026-1465 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in anyrtcIO-Co

CVE-2026-1464 - Integer Overflow or Wraparound vulnerability in MuntashirAkon AppManager (app/src/main/java/org/apac

CVE-2025-14971 - The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modifica

CVE-2026-21408 - beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which ma

CVE-2026-1361 - ASDA-Soft Stack-based Buffer Overflow Vulnerability

CVE-2026-24686 - go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's TAP 4 Multirepo Client uses th

CVE-2026-24490 - MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-sit

CVE-2026-24489 - Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerabilit

CVE-2026-24486 - Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Travers

CVE-2026-24480 - QGIS is a free, open source, cross platform geographical information system (GIS) The repository con

CVE-2026-24479 - HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. P

CVE-2026-23683 - SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks fo

CVE-2026-24478 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe

CVE-2026-24477 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe

CVE-2026-1449 - A flaw has been found in Hisense TransTech Smart Bus Management System up to 20260113. Affected is t

CVE-2026-1448 - A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the f

CVE-2026-24476 - Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which s

CVE-2026-24470 - Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when r

CVE-2026-24408 - sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version

CVE-2026-24400 - AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine (JVM). Starting in

CVE-2026-24123 - BentoML is a Python library for building online serving systems optimized for AI apps and model infe

CVE-2025-30248 - DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allow

CVE-2026-24131 - pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's `directories.bi

CVE-2026-24056 - pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a `file:` (directory) or `gi

CVE-2026-24003 - EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible

CVE-2026-23890 - pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin li

CVE-2026-23889 - pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's tarbal

CVE-2026-23888 - pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's binary

CVE-2026-22709 - vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.the

CVE-2026-22696 - dcap-qvl implements the quote verification logic for DCAP (Data Center Attestation Primitives). A vu

CVE-2026-1445 - A vulnerability was found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c

CVE-2026-1444 - A vulnerability has been found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf82

CVE-2025-59473 - SQL Injection vulnerability in the Structure for Admin authenticated user

CVE-2025-59472 - A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled

CVE-2025-59471 - A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatter

CVE-2026-23864 - Multiple denial of service vulnerabilities exist in React Server Components, affecting the following

CVE-2026-1443 - A flaw has been found in code-projects Online Music Site 1.0. Affected by this issue is some unknown

CVE-2026-1190 - A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client

CVE-2026-0810 - A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings c

CVE-2025-9820 - A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that

CVE-2025-9615 - A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belon

CVE-2025-9522 - Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enablin

CVE-2025-9521 - Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid s

CVE-2025-9520 - An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permiss

CVE-2025-14969 - A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operati

CVE-2025-14525 - A flaw was found in kubevirt. A user within a virtual machine (VM), if the guest agent is active, ca

CVE-2025-14459 - A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to

CVE-2025-11687 - A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the c

CVE-2025-11065 - A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using map

CVE-2025-70368 - Worklenz version 2.1.5 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Project Upd

CVE-2025-14756 - Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v

CVE-2026-24440 - Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwor

CVE-2026-24439 - Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X

CVE-2026-24437 - Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive admin

CVE-2026-24436 - Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate l

CVE-2026-24435 - Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an insecure

CVE-2026-24433 - Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain a stored cros

CVE-2026-24432 - Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site reque

CVE-2026-24431 - Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) display stored user a

CVE-2026-24430 - Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive ac

CVE-2026-24429 - Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefine

CVE-2026-24428 - Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorizat

CVE-2026-21509 - Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attac

CVE-2026-1446 - There is a Cross‑Site Scripting (XSS) issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pr

CVE-2026-1224 - Tanium addressed an uncontrolled resource consumption vulnerability in Discover.

CVE-2026-0925 - Tanium addressed an improper input validation vulnerability in Discover.

CVE-2025-71178 - Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulne

CVE-2025-57785 - A Double Free in XSLT `show_index` has been identified in Hiawatha webserver version 11.7 which allo

CVE-2025-57784 - Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver versi

CVE-2025-57783 - Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver vers

CVE-2020-36960 - Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject m

CVE-2020-36959 - IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to p

CVE-2020-36958 - Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows servic

CVE-2020-36957 - PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service

CVE-2020-36956 - Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows

CVE-2020-36955 - Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability th

CVE-2020-36954 - Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the B

CVE-2020-36953 - MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that

CVE-2025-70982 - Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-

CVE-2025-67274 - An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive inform

CVE-2025-50537 - Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular referenc

CVE-2020-36952 - IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to

CVE-2026-1284 - An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawin

CVE-2026-1283 - A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS e

CVE-2016-15057 - ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Comm

CVE-2026-24656 - Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket

CVE-2025-59109 - The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. T

CVE-2025-59108 - By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested ve

CVE-2025-59107 - Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers

CVE-2025-59106 - The binary serving the web server and executing basically all actions launched from the Web UI is ru

CVE-2025-59105 - With physical access to the device and enough time an attacker can desolder the flash memory, modify

CVE-2025-59104 - With physical access to the device and enough time an attacker is able to solder test leads to the d

CVE-2025-59103 - The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in

CVE-2025-59102 - The web server of the Access Manager offers a functionality to download a backup of the local databa

CVE-2025-59101 - Instead of typical session tokens or cookies, it is verified on a per-request basis if the originati

CVE-2025-59100 - The web interface offers a functionality to export the internal SQLite database. After executing the

CVE-2025-59099 - The Access Manager is using the open source web server CompactWebServer written in C#. This web serv

CVE-2025-59098 - The Access Manager is offering a trace functionality to debug errors and issues with the device. The

CVE-2025-59097 - The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The c

CVE-2025-59096 - The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300

CVE-2025-59095 - The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One

CVE-2025-59094 - A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System manageme

CVE-2025-59093 - Exos 9300 instances are using a randomly generated database password to connect to the configured MS

CVE-2025-59092 - An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePh

CVE-2025-59091 - Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 d

CVE-2025-59090 - On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authent

CVE-2025-41083 - Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Al

CVE-2025-41082 - Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by incons

CVE-2025-27821 - Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Ha

CVE-2026-1429 - Single Sign-On Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerabil

CVE-2026-1428 - Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allow

CVE-2026-1427 - Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allow

CVE-2026-1425 - A security flaw has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the fu

CVE-2026-1424 - A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the co

CVE-2026-1423 - A vulnerability was determined in code-projects Online Examination System 1.0. Affected by this issu

CVE-2026-1422 - A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerabi

CVE-2025-14973 - The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter

CVE-2025-14316 - The AhaChat Messenger Marketing WordPress plugin through 1.1 does not sanitise and escape a paramete

CVE-2026-1421 - A vulnerability has been found in code-projects Online Examination System 1.0. Affected is an unknow

CVE-2026-1420 - A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /gofor

CVE-2026-1419 - A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the fil

CVE-2026-1418 - A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_im

CVE-2026-1417 - A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom

CVE-2026-1416 - A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the funct

CVE-2026-1415 - A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_

CVE-2026-1414 - A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to

CVE-2026-1413 - A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.

CVE-2026-1412 - A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to

CVE-2026-1411 - A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknow

CVE-2026-1410 - A vulnerability was detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. Impacted is an unknown fun

CVE-2026-1409 - A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. This issue a

CVE-2026-1408 - A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability affec

CVE-2026-1407 - A security flaw has been discovered in Beetel 777VR1 up to 01.00.09/01.00.09_55. This affects an unk

CVE-2026-23013 - In the Linux kernel, the following vulnerability has been resolved: net: octeon_ep_vf: fix free_irq

CVE-2026-23012 - In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove call_cont

CVE-2026-23011 - In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_gre: make ipgre_header

CVE-2026-23010 - In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in ine

CVE-2026-23009 - In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereferen

CVE-2026-23008 - In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on

CVE-2026-23007 - In the Linux kernel, the following vulnerability has been resolved: block: zero non-PI portion of a

CVE-2026-23006 - In the Linux kernel, the following vulnerability has been resolved: ASoC: tlv320adcx140: fix null p

CVE-2026-23005 - In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATE_BV[i] in

CVE-2026-23004 - In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6_uncached_

CVE-2026-23003 - In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: use skb_vlan_inet_p

CVE-2026-23002 - In the Linux kernel, the following vulnerability has been resolved: lib/buildid: use __kernel_read(

CVE-2026-23001 - In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in ma

CVE-2026-23000 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash on profile

CVE-2026-22999 - In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free

CVE-2026-22998 - In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dere

CVE-2026-22997 - In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939_xtp_rx_r

CVE-2026-22996 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't store mlx5e_pr

CVE-2025-71163 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device lea

CVE-2025-71162 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-

CVE-2020-36937 - Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows ser

CVE-2020-36936 - Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service

CVE-2020-36935 - KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuratio

CVE-2020-36934 - Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetw

CVE-2020-36933 - HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service confi

CVE-2020-36932 - SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the a

CVE-2020-36931 - Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inje

CVE-2026-1406 - A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Aff

CVE-2025-6461 - The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information

CVE-2026-0593 - The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modifica

CVE-2026-0862 - The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Script

CVE-2026-0911 - The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to

CVE-2025-13920 - The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all ver

CVE-2026-1302 - The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin

CVE-2026-1300 - The Responsive Header plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple

CVE-2026-1266 - The Postalicious plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin setting

CVE-2026-1208 - The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery

CVE-2026-1191 - The JavaScript Notifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin

CVE-2026-1189 - The LeadBI Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi

CVE-2026-1127 - The Timeline Event History plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via

CVE-2026-1098 - The CM CSS Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' s

CVE-2026-0800 - The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is v

CVE-2026-0687 - The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due

CVE-2026-0633 - The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress i

CVE-2025-15516 - The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data

CVE-2025-14907 - The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all

CVE-2025-14630 - The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u

CVE-2025-13205 - The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any co

CVE-2025-13194 - The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any co

CVE-2025-13139 - The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Re

CVE-2026-1257 - The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all vers

CVE-2026-1103 - The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing aut

CVE-2026-1099 - The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-1097 - The ThemeRuby Multi Authors – Assign Multiple Writers to Posts plugin for WordPress is vulnerable to

CVE-2026-1095 - The Canto Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fx

CVE-2026-1088 - The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versio

CVE-2026-1084 - The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-1081 - The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all

CVE-2026-1076 - The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers

CVE-2026-1075 - The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t

CVE-2026-1070 - The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versio

CVE-2026-0807 - The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions

CVE-2026-0806 - The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in a

CVE-2025-14985 - The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alpha_bl

CVE-2025-14941 - The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Sc

CVE-2025-14906 - The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all

CVE-2025-14903 - The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in ver

CVE-2025-14843 - The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Or

CVE-2025-14797 - The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wi

CVE-2025-14629 - The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due

CVE-2025-14609 - The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to

CVE-2025-13676 - The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in a

CVE-2025-13374 - The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file

CVE-2025-12836 - The VK Google Job Posting Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-24649 - Rejected reason: Not used

CVE-2026-24648 - Rejected reason: Not used

CVE-2026-24647 - Rejected reason: Not used

CVE-2026-24646 - Rejected reason: Not used

CVE-2026-24645 - Rejected reason: Not used

CVE-2026-24644 - Rejected reason: Not used

CVE-2026-24643 - Rejected reason: Not used

CVE-2026-24642 - Rejected reason: Not used

CVE-2026-24469 - C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Ve

CVE-2026-24422 - phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API en

CVE-2026-24420 - phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated use