CVE-2025-50648 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validati

CVE-2025-50647 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of

CVE-2025-50646 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input valida

CVE-2025-50645 - A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflo

CVE-2025-50644 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of us

CVE-2025-30650 - A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networ

CVE-2026-33756 - Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Sal

CVE-2026-33466 - Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitra

CVE-2026-33459 - Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Al

CVE-2026-33458 - Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An

CVE-2026-32591 - A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administr

CVE-2026-32590 - A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload p

CVE-2026-32589 - A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push a

CVE-2025-52222 - D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200

CVE-2025-52221 - Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the func

CVE-2025-45059 - D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the t

CVE-2025-45058 - D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the j

CVE-2025-45057 - D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the i

CVE-2026-4837 - An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions cou

CVE-2026-4498 - Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can le

CVE-2026-33461 - Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (

CVE-2026-33460 - Incorrect Authorization (CWE-863) in Kibana can lead to cross-space information disclosure via Privi

CVE-2026-31017 - A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNe

CVE-2026-30080 - OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configurati

CVE-2026-30075 - OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport

CVE-2026-2377 - A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature i

CVE-2025-57175 - Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root passwor

CVE-2025-14243 - A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, rem

CVE-2023-46945 - QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request

CVE-2026-33753 - rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161.

CVE-2026-33229 - XWiki Platform is a generic wiki platform offering runtime services for applications built on top of

CVE-2026-31040 - A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-s

CVE-2026-39865 - Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and pri

CVE-2026-39410 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-39409 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-39408 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-39407 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-39406 - @hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling

CVE-2026-39394 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-39393 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-39392 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-39391 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-39390 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-39389 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-5795 - In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two Th

CVE-2026-35023 - Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulner

CVE-2026-31411 - In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unva

CVE-2026-2509 - The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th

CVE-2025-58713 - A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images

CVE-2025-57854 - A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. T

CVE-2025-57853 - A container privilege escalation flaw was found in certain Web Terminal images. This issue stems fro

CVE-2025-57851 - A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images

CVE-2025-57847 - A container privilege escalation flaw was found in certain Ansible Automation Platform images. This

CVE-2025-14816 - Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 ver

CVE-2025-14815 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 1

CVE-2026-5600 - A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a sp

CVE-2026-5302 - CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers

CVE-2026-5301 - Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers t

CVE-2026-5300 - Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows unauthenticated attacke

CVE-2026-4402 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-28261 - Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0

CVE-2026-27102 - Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, con

CVE-2026-24511 - Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, con

CVE-2026-5208 - Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to

CVE-2026-3396 - WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'po

CVE-2026-3243 - The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to in

CVE-2026-2481 - The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable t

CVE-2026-28264 - Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assign

CVE-2026-1865 - The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, Us

CVE-2026-1673 - The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for

CVE-2026-1672 - The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for

CVE-2026-4303 - The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Sit

CVE-2026-4300 - The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading

CVE-2026-4073 - The pdfl.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pdflio' short

CVE-2026-4025 - The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'a

CVE-2026-39716 - Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Conf

CVE-2026-39715 - Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-l

CVE-2026-39714 - Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrect

CVE-2026-39713 - Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize

CVE-2026-39712 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDi

CVE-2026-39711 - Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions r

CVE-2026-39710 - Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions a

CVE-2026-39709 - Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-

CVE-2026-39708 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39707 - Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contac

CVE-2026-39706 - Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incor

CVE-2026-39705 - Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync all

CVE-2026-39704 - Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing –

CVE-2026-39703 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39702 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39701 - Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configu

CVE-2026-39700 - Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured

CVE-2026-39699 - Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-workflow-automation-li

CVE-2026-39698 - Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-a

CVE-2026-39697 - Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the-n

CVE-2026-39696 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39695 - Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allows Server Side Reque

CVE-2026-39694 - Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appoint

CVE-2026-39693 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39692 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39691 - Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto

CVE-2026-39690 - Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows E

CVE-2026-39689 - Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploitin

CVE-2026-39688 - Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exp

CVE-2026-39687 - Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-dat

CVE-2026-39686 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersk

CVE-2026-39685 - Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Inco

CVE-2026-39684 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39683 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39682 - Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploi

CVE-2026-39681 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39680 - Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculat

CVE-2026-39679 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39678 - Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Expl

CVE-2026-39677 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39676 - Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting

CVE-2026-39675 - Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiti

CVE-2026-39674 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39673 - Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorre

CVE-2026-39672 - Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discoun

CVE-2026-39671 - Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-co

CVE-2026-39670 - Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview a

CVE-2026-39669 - Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Con

CVE-2026-39668 - Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woo

CVE-2026-39667 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39666 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39665 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39664 - Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly C

CVE-2026-39663 - Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allo

CVE-2026-39662 - Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product

CVE-2026-39660 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-39659 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-39658 - Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-fi

CVE-2026-39657 - Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploitin

CVE-2026-39656 - Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploit

CVE-2026-39654 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39653 - Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-confere

CVE-2026-39652 - Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploitin

CVE-2026-39651 - Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting I

CVE-2026-39650 - Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allo

CVE-2026-39649 - Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrect

CVE-2026-39648 - Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly

CVE-2026-39647 - Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podca

CVE-2026-39646 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39645 - Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPayments WooCommerce globa

CVE-2026-39644 - Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploitin

CVE-2026-39643 - Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntp

CVE-2026-39641 - Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site

CVE-2026-39640 - Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Cod

CVE-2026-39639 - Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allow

CVE-2026-39638 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39637 - Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured A

CVE-2026-39636 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39635 - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cr

CVE-2026-39634 - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows

CVE-2026-39633 - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows

CVE-2026-39632 - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site

CVE-2026-39631 - Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiti

CVE-2026-39630 - Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Se

CVE-2026-39629 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutet

CVE-2026-39628 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutet

CVE-2026-39627 - Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Ac

CVE-2026-39626 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutet

CVE-2026-39625 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutet

CVE-2026-39624 - Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Conf

CVE-2026-39623 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39622 - Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting In

CVE-2026-39621 - Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a

CVE-2026-39620 - Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Up

CVE-2026-39619 - Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a

CVE-2026-39618 - Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site Requ

CVE-2026-39617 - Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cros

CVE-2026-39616 - Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments down

CVE-2026-39615 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39614 - Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exp

CVE-2026-39613 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39612 - Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Co

CVE-2026-39611 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39610 - Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorr

CVE-2026-39609 - Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrect

CVE-2026-39608 - Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exp

CVE-2026-39607 - Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly

CVE-2026-39606 - Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectl

CVE-2026-39605 - Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiti

CVE-2026-39604 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39603 - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography grandphotography all

CVE-2026-39602 - Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting In

CVE-2026-39592 - Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows

CVE-2026-39588 - Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-an

CVE-2026-39586 - Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer

CVE-2026-39585 - Missing Authorization vulnerability in Arraytics Booktics allows Exploiting Incorrectly Configured A

CVE-2026-39575 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39572 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeop

CVE-2026-39571 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic

CVE-2026-39570 - Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting Li

CVE-2026-39569 - Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allo

CVE-2026-39566 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designin

CVE-2026-39565 - Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploit

CVE-2026-39564 - Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo

CVE-2026-39563 - Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Inc

CVE-2026-39562 - Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices

CVE-2026-39561 - Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Co

CVE-2026-39544 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39543 - Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Config

CVE-2026-39542 - Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommer

CVE-2026-39541 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39538 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39536 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill

CVE-2026-39535 - Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api

CVE-2026-39528 - Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting

CVE-2026-39526 - Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows

CVE-2026-39521 - Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allow

CVE-2026-39520 - Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured

CVE-2026-39517 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39516 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH

CVE-2026-39510 - Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final

CVE-2026-39509 - Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly C

CVE-2026-39508 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39506 - Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting In

CVE-2026-39505 - Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-pod

CVE-2026-39504 - Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Inc

CVE-2026-39501 - Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Exploitin

CVE-2026-39500 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39497 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39496 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39495 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39488 - Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Conf

CVE-2026-39487 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39486 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39485 - Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploi

CVE-2026-39484 - URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hi

CVE-2026-39483 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39482 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39479 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39477 - Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorr

CVE-2026-39476 - Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting

CVE-2026-39475 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39473 - Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History sim

CVE-2026-39469 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softacul

CVE-2026-39466 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39464 - Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction &

CVE-2026-33088 - Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an a

CVE-2026-25776 - Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an a

CVE-2026-1396 - The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-4655 - The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Script

CVE-2026-4654 - The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Inse

CVE-2026-4483 - An exposed IOCTL with an  insufficient access control vulnerability has been identified in the utili

CVE-2026-4330 - The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorizat

CVE-2026-5508 - The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wow

CVE-2026-5506 - The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wave` s