CVE-2026-26362 - Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A

CVE-2026-26361 - Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vu

CVE-2026-26360 - Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vu

CVE-2026-26359 - Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vu

CVE-2026-26358 - Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A lo

CVE-2026-25473 - Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configure

CVE-2026-25472 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25463 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25459 - Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configure

CVE-2026-25453 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25451 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25441 - Missing Authorization vulnerability in varunvairavanlc LeadConnector leadconnector allows Exploiting

CVE-2026-25432 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25428 - Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Req

CVE-2026-25423 - Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lit

CVE-2026-25422 - Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Extra popularis-extra allows

CVE-2026-25420 - Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allow

CVE-2026-25419 - Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Explo

CVE-2026-25418 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-25416 - Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addo

CVE-2026-25415 - Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Inco

CVE-2026-25412 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-25411 - Cross-Site Request Forgery (CSRF) vulnerability in themastercut Revision Manager TMC revision-manage

CVE-2026-25410 - Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Con

CVE-2026-25409 - Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows E

CVE-2026-25408 - Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exp

CVE-2026-25407 - Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly C

CVE-2026-25404 - Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting In

CVE-2026-25402 - Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI As

CVE-2026-25399 - Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows E

CVE-2026-25395 - Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Inc

CVE-2026-25394 - Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Inc

CVE-2026-25393 - Missing Authorization vulnerability in sparklewpthemes Hello FSE hello-fse allows Exploiting Incorre

CVE-2026-25392 - URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quic

CVE-2026-25391 - Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Inco

CVE-2026-25389 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagaus

CVE-2026-25388 - Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorre

CVE-2026-25387 - Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization all

CVE-2026-25386 - Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrect

CVE-2026-25385 - Server-Side Request Forgery (SSRF) vulnerability in KaizenCoders URL Shortify url-shortify allows Se

CVE-2026-25384 - Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Expl

CVE-2026-25378 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-25375 - Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-gri

CVE-2026-25374 - Missing Authorization vulnerability in raratheme Spa and Salon spa-and-salon allows Exploiting Incor

CVE-2026-25372 - Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly

CVE-2026-25370 - Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploit

CVE-2026-25368 - Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allo

CVE-2026-25367 - Missing Authorization vulnerability in NooTheme CitiLights noo-citilights allows Exploiting Incorrec

CVE-2026-25364 - Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices

CVE-2026-25363 - Missing Authorization vulnerability in FooPlugins FooGallery foogallery allows Exploiting Incorrectl

CVE-2026-25362 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25348 - Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting I

CVE-2026-25343 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25338 - Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS

CVE-2026-25337 - Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Re

CVE-2026-25336 - Missing Authorization vulnerability in wpcoachify Coachify coachify allows Exploiting Incorrectly Co

CVE-2026-25335 - Missing Authorization vulnerability in Ays Pro Secure Copy Content Protection and Content Locking se

CVE-2026-25333 - Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrect

CVE-2026-25332 - Missing Authorization vulnerability in Fahad Mahmood Endless Posts Navigation endless-posts-navigati

CVE-2026-25331 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25330 - Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows

CVE-2026-25329 - Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next a

CVE-2026-25326 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-25325 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp r

CVE-2026-25324 - Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Surve

CVE-2026-25323 - Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access

CVE-2026-25322 - Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions revisionary a

CVE-2026-25321 - Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incor

CVE-2026-25320 - Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-f

CVE-2026-25319 - Cross-Site Request Forgery (CSRF) vulnerability in wpzita Zita Elementor Site Library zita-site-libr

CVE-2026-25318 - Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce

CVE-2026-25316 - Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Objec

CVE-2026-25315 - Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows E

CVE-2026-25314 - Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows

CVE-2026-25313 - Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incor

CVE-2026-25311 - Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Explo

CVE-2026-25310 - Server-Side Request Forgery (SSRF) vulnerability in Alobaidi Extend Link extend-link allows Server S

CVE-2026-25308 - Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploit

CVE-2026-25307 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25305 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25008 - Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninj

CVE-2026-25006 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8them

CVE-2026-25005 - Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmed

CVE-2026-25004 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25003 - Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiti

CVE-2026-25000 - Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting I

CVE-2026-24999 - Missing Authorization vulnerability in Alma Alma alma-gateway-for-woocommerce allows Exploiting Inco

CVE-2026-24392 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24375 - Missing Authorization vulnerability in WP Swings Ultimate Gift Cards For WooCommerce woo-gift-cards-

CVE-2026-23805 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-23804 - Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews a

CVE-2026-23803 - Server-Side Request Forgery (SSRF) vulnerability in Burhan Nasir Smart Auto Upload Images smart-auto

CVE-2026-23549 - Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows O

CVE-2026-23548 - Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting

CVE-2026-23547 - Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-com

CVE-2026-23545 - Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows E

CVE-2026-23544 - Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.

CVE-2026-23543 - Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-f

CVE-2026-23542 - Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allow

CVE-2026-23541 - Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality

CVE-2026-22422 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeve

CVE-2026-22333 - Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerc

CVE-2026-22269 - Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of So

CVE-2025-41023 - An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allo

CVE-2025-40697 - Reflected Cross-Site Scripting (XSS) vulnerability in '/index.php' in Lewe WebMeasure, which allows

CVE-2026-2733 - A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to

CVE-2026-2711 - A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element

CVE-2026-2731 - Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.

CVE-2026-2709 - A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file s

CVE-2026-2706 - A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown

CVE-2026-2705 - A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom:

CVE-2026-2704 - A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the fu

CVE-2026-2703 - A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::de

CVE-2026-2702 - A security flaw has been discovered in Beetel 777VR1 up to 01.00.09. This issue affects some unknown

CVE-2026-2693 - A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unk

CVE-2026-2692 - A vulnerability was found in CoCoTeaNet CyreneAdmin up to 1.3.0. This affects an unknown part of the

CVE-2026-2691 - A vulnerability has been found in itsourcecode Event Management System 1.0. Affected by this issue i

CVE-2026-2690 - A flaw has been found in itsourcecode Event Management System 1.0. Affected by this vulnerability is

CVE-2026-2689 - A vulnerability was detected in itsourcecode Event Management System 1.0. Affected is an unknown fun

CVE-2026-2681 - A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, sp

CVE-2026-2504 - The Dealia – Request a quote plugin for WordPress is vulnerable to unauthorized modification of data

CVE-2026-2502 - The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in vers

CVE-2026-2284 - The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization

CVE-2026-2282 - The Slidorion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings i

CVE-2026-25474 - OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSe

CVE-2026-25242 - Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated fil

CVE-2026-25232 - Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control byp

CVE-2026-25229 - Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access contr

CVE-2026-25120 - Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API

CVE-2026-24764 - OpenClaw (formerly Clawdbot) is a personal AI assistant users run on their own devices. In versions

CVE-2026-1994 - The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all

CVE-2026-1646 - The Advance Block Extend plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the T

CVE-2026-1455 - The Whatsiplus Scheduled Notification for Woocommerce plugin for WordPress is vulnerable to Cross-Si

CVE-2026-1405 - The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file t

CVE-2026-1373 - The Easy Author Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aut

CVE-2026-1055 - The TalkJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in a

CVE-2026-1047 - The salavat counter Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-1044 - The Tennis Court Bookings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admi

CVE-2026-1043 - The PostmarkApp Email Integrator plugin for WordPress is vulnerable to Stored Cross-Site Scripting v

CVE-2026-0974 - The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for Word

CVE-2026-0926 - The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up t

CVE-2026-0912 - The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can l

CVE-2026-0722 - The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions

CVE-2026-0561 - The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'me

CVE-2026-0556 - The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug

CVE-2026-0549 - The Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'group

CVE-2025-4960 - The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a

CVE-2025-4521 - The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable

CVE-2025-15586 - OGP-Website installs prior git commit 52f865a4fba763594453068acf8fa9e3fc38d663 are affected by a typ

CVE-2025-15041 - The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized

CVE-2025-14983 - The Advanced Custom Fields: Font Awesome Field plugin for WordPress is vulnerable to Cross-Site Scri

CVE-2025-14864 - The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Informatio

CVE-2025-14851 - The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `

CVE-2025-14452 - The WP Customer Reviews plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the

CVE-2025-14445 - The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2025-14427 - The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPres

CVE-2025-14357 - The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data du

CVE-2025-14342 - The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized modification of da

CVE-2025-14294 - The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data

CVE-2025-14270 - The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up

CVE-2025-14167 - The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve

CVE-2025-14076 - The iXML – Google XML sitemap generator plugin for WordPress is vulnerable to Reflected Cross-Site S

CVE-2025-13930 - The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to

CVE-2025-13864 - The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearin

CVE-2025-13851 - The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulnerable to privilege es

CVE-2025-13842 - The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-control

CVE-2025-13738 - The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2025-13732 - The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access

CVE-2025-13617 - The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2025-13612 - The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Sc

CVE-2025-13603 - The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all v

CVE-2025-13587 - The Two Factor (2FA) Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authe

CVE-2025-13563 - The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,

CVE-2025-13438 - The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Re

CVE-2025-13413 - The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in

CVE-2025-13113 - The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Expos

CVE-2025-13091 - The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing

CVE-2025-13079 - The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress

CVE-2025-13048 - The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Si

CVE-2025-12975 - The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized a

CVE-2025-12884 - The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass i

CVE-2025-12882 - The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to,

CVE-2025-12845 - The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPre

CVE-2025-12821 - The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6

CVE-2025-12707 - The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' para

CVE-2025-12500 - The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to

CVE-2025-12451 - The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file

CVE-2025-12448 - The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to

CVE-2025-12375 - The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request F

CVE-2025-12172 - The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request Forgery i

CVE-2025-12117 - The Renden theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in al

CVE-2025-12116 - The Drift theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all

CVE-2025-12081 - The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data

CVE-2025-12027 - The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification o

CVE-2025-11754 - The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a m

CVE-2025-11725 - The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due

CVE-2025-11706 - The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the

CVE-2026-2686 - A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the fun

CVE-2026-2684 - A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(6253

CVE-2026-25926 - Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability (CWE-426

CVE-2026-24126 - Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not valida

CVE-2025-15585 - Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in th

CVE-2026-2683 - A vulnerability was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). The aff

CVE-2026-2682 - A vulnerability has been found in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(6253

CVE-2026-2676 - A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. A

CVE-2026-26281 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-26270 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-25596 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-25595 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-25594 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-25548 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-24745 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2025-15581 - Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTT

CVE-2025-12812 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Delinea Inc.

CVE-2025-12811 - Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Clo

CVE-2026-2672 - A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532

CVE-2026-2670 - A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown functio

CVE-2026-2669 - A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to

CVE-2026-2650 - Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to

CVE-2026-2649 - Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potenti

CVE-2026-2648 - Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to

CVE-2026-27182 - Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated at

CVE-2026-27181 - MajorDoMo (aka Major Domestic Module) allows unauthenticated arbitrary module uninstallation through

CVE-2026-27180 - MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution through

CVE-2026-27179 - MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the

CVE-2026-27178 - MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability thr

CVE-2026-27177 - MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability via

CVE-2026-27176 - MajorDoMo (aka Major Domestic Module) contains a reflected cross-site scripting (XSS) vulnerability

CVE-2026-27175 - MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated OS command injection via rc/i

CVE-2026-27174 - MajorDoMo (aka Major Domestic Module) allows unauthenticated remote code execution via the admin pan

CVE-2026-24744 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-24743 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2019-25401 - Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulner

CVE-2019-25400 - IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the

CVE-2019-25399 - IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the ext

CVE-2019-25398 - IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.c

CVE-2019-25397 - IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the

CVE-2019-25396 - IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlr

CVE-2019-25365 - ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that a

CVE-2019-25364 - MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remot

CVE-2019-25363 - WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows atta

CVE-2019-25362 - WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows atta

CVE-2019-25361 - Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that a

CVE-2019-25360 - Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration

CVE-2019-25359 - SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inj

CVE-2019-25358 - FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash t

CVE-2019-25357 - Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation m

CVE-2019-25356 - Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vul

CVE-2019-25355 - gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to acce

CVE-2019-25354 - iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the a