CVE-2026-13504 - A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability af

CVE-2026-13503 - A vulnerability was detected in antlr ANTLR4 up to 4.13.2. Affected by this issue is the function ge

CVE-2026-13502 - A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.read

CVE-2026-13501 - A security vulnerability has been detected in antlr ANTLR4 up to 4.13.2. Affected by this vulnerabil

CVE-2026-13500 - A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the

CVE-2026-13499 - A security flaw has been discovered in yashpokharna2555 restaurent-management-system. This impacts a

CVE-2026-13498 - A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an unk

CVE-2026-13497 - A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element

CVE-2026-13496 - A vulnerability was found in itsourcecode Hospital Management System 1.0. The affected element is an

CVE-2026-13495 - A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknow

CVE-2026-13493 - A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown proce

CVE-2026-13491 - A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the functio

CVE-2026-13490 - A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects t

CVE-2026-13489 - A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the functi

CVE-2026-13488 - A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. A

CVE-2026-13487 - A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected is

CVE-2026-13486 - A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This i

CVE-2026-13485 - A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an u

CVE-2026-13484 - A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacte

CVE-2026-13483 - A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encrypt_cr

CVE-2026-13482 - A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function usernam

CVE-2026-10646 - Zephyr's BSD-sockets getaddrinfo() implementation (subsys/net/lib/sockets/getaddrinfo.c) passes a po

CVE-2026-10644 - The Microchip SERCOM-G1 UART driver (drivers/serial/uart_mchp_sercom_g1.c), used by the PIC32CM-JH S

CVE-2026-10593 - The Zephyr Bluetooth LE Audio Basic Audio Profile (BAP) unicast client mishandles peer-supplied ASE

CVE-2026-58058 - Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_ge

CVE-2026-58057 - Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a cas

CVE-2026-58056 - RustDesk gates incoming control messages on per-capability flags rather than on the session's author

CVE-2026-58055 - nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Cont

CVE-2026-58054 - MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when cre

CVE-2026-58053 - Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options

CVE-2026-58052 - 7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5

CVE-2026-58051 - libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new e

CVE-2026-58050 - libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsyste

CVE-2026-58049 - FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at t

CVE-2026-10643 - Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()

CVE-2026-49416 - The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large valu

CVE-2026-49414 - The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code

CVE-2026-49417 - Second, the audio buffer backing a mapping could be freed when the device was closed even though the

CVE-2026-49412 - The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter l

CVE-2026-45259 - sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, bu

CVE-2026-45258 - dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset an

CVE-2026-56414 - A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticate

CVE-2026-55975 - A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanit

CVE-2026-33560 - The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are expos

CVE-2026-31928 - The DMP-5000 devices are shipped with a default administrative web account with weak authentication

CVE-2026-28701 - Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated rem

CVE-2026-53577 - Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previ

CVE-2026-53576 - Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authe

CVE-2026-50767 - A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Libra

CVE-2026-50766 - A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Manag

CVE-2026-50765 - Cross-Site Scripting (XSS) vulnerability in the patron restriction type administration page of Koha

CVE-2026-49984 - Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local

CVE-2026-49869 - Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, Authentic

CVE-2026-45807 - Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several K

CVE-2026-38571 - Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory r

CVE-2026-36908 - A stack overflow in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of axiomatic-system

CVE-2026-36907 - A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component of axiomatic-systems Bento4 before v1.8

CVE-2026-36478 - An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of se

CVE-2026-54353 - Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation p

CVE-2026-54352 - Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packag

CVE-2026-54351 - Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budib

CVE-2026-52885 - Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the

CVE-2026-52884 - Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT

CVE-2026-50136 - Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an una

CVE-2026-50132 - Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token

CVE-2026-48800 - Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text con

CVE-2026-48778 - Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="comma

CVE-2026-48770 - Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the sam

CVE-2026-46710 - Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a

CVE-2026-46604 - The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.

CVE-2026-39031 - Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key ar

CVE-2026-38641 - An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Deni

CVE-2026-38639 - An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to

CVE-2026-55838 - RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-t

CVE-2026-55189 - RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9,

CVE-2026-55188 - RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9,

CVE-2026-52785 - OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there

CVE-2026-52784 - OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there

CVE-2026-52782 - OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there

CVE-2026-52781 - OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the H

CVE-2026-52780 - OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache

CVE-2026-52779 - OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cro

CVE-2026-49355 - OpenProject is open-source, web-based project management software. Prior to 17.4.0, `GET /api/v3/mee

CVE-2026-47193 - OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the j

CVE-2026-46386 - OpenProject is open-source, web-based project management software. Prior to , the official openproje

CVE-2026-44736 - OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/

CVE-2026-44735 - OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the G

CVE-2026-44734 - OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Mis

CVE-2026-44733 - OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, Busin

CVE-2026-44732 - OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, OpenP

CVE-2026-44731 - OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the w

CVE-2026-44696 - OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's ri

CVE-2026-32833 - Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerabili

CVE-2026-29509 - Patool before 4.0.5 contains a path traversal vulnerability in the safe_extract() function in patool

CVE-2026-54753 - Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0

CVE-2026-48090 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 u

CVE-2026-47220 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 u

CVE-2026-47205 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 u

CVE-2026-13372 - Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote

CVE-2026-56876 - extract-zip does not validate symlink targets when extracting zip archives. When processing a malici

CVE-2026-55448 - mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise

CVE-2026-55441 - mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feat

CVE-2026-54557 - mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP bac

CVE-2026-54341 - Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a craf

CVE-2026-48743 - Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35

CVE-2026-48706 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 u

CVE-2026-48497 - Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35

CVE-2026-48044 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 u

CVE-2026-48042 - Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35

CVE-2026-47778 - Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35

CVE-2026-47692 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 u

CVE-2026-47221 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 u

CVE-2026-47207 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 u

CVE-2026-47206 - Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragon

CVE-2026-47204 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 u

CVE-2026-33646 - mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .

CVE-2026-57518 - Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users wit

CVE-2026-57231 - Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image tha

CVE-2026-56823 - AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificia

CVE-2026-56663 - AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificia

CVE-2026-55686 - Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious c

CVE-2026-55677 - Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagre

CVE-2026-54636 - Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json f

CVE-2026-48529 - GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mod

CVE-2026-45408 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$

CVE-2026-45407 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc usi

CVE-2026-45406 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an ap

CVE-2026-45405 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract

CVE-2026-28385 - In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in th

CVE-2026-13434 - A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineI

CVE-2026-11779 - An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient acce

CVE-2025-32423 - AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificia

CVE-2025-32394 - AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificia

CVE-2026-9640 - A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.

CVE-2026-5757 - Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine al

CVE-2026-47214 - Docling simplifies document processing by parsing diverse formats and providing integrations with th

CVE-2026-45195 - Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmwar

CVE-2026-44018 - Docling simplifies document processing by parsing diverse formats and providing integrations with th

CVE-2026-21734 - A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can tri

CVE-2026-12411 - Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrust

CVE-2026-0828 - Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11

CVE-2026-0685 - Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine

CVE-2025-11919 - The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` o

CVE-2023-20572 - An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-for

CVE-2023-20540 - An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-for

CVE-2026-9699 - Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from th

CVE-2026-57667 - Sales Representative SQL Injection in Groundhogg <= 4.5 versions.

CVE-2026-57665 - Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.

CVE-2026-57664 - Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versio

CVE-2026-57663 - Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.

CVE-2026-57662 - Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.

CVE-2026-57661 - Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.

CVE-2026-57660 - Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.

CVE-2026-57659 - Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <=

CVE-2026-57658 - Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.

CVE-2026-57657 - Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.

CVE-2026-57656 - Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.

CVE-2026-57655 - Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.

CVE-2026-57654 - Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.

CVE-2026-57653 - Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.

CVE-2026-57652 - Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.

CVE-2026-57651 - Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.

CVE-2026-57650 - Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.

CVE-2026-57649 - Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.

CVE-2026-57648 - Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.

CVE-2026-57647 - Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versi

CVE-2026-57646 - Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.

CVE-2026-57645 - newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.

CVE-2026-57644 - Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.

CVE-2026-57643 - Contributor SQL Injection in WP Post Author <= 3.9.1 versions.

CVE-2026-57642 - Contributor SQL Injection in Gallery <= 4.7.8 versions.

CVE-2026-57641 - Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.

CVE-2026-57640 - Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.

CVE-2026-57638 - Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.

CVE-2026-57637 - Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce <= 6.8.0 ve

CVE-2026-57636 - Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.

CVE-2026-57635 - Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerc

CVE-2026-57634 - Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions.

CVE-2026-57633 - Unauthenticated Sensitive Data Exposure in WCBoost &#8211; Products Compare <= 1.1.0 versions.

CVE-2026-57632 - Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions.

CVE-2026-57631 - Administrator SQL Injection in Popup box <= 6.0.1 versions.

CVE-2026-57630 - Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions

CVE-2026-57629 - Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.

CVE-2026-57628 - Administrator SQL Injection in WP All Import <= 4.0.1 versions.

CVE-2026-57627 - Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.

CVE-2026-57622 - Subscriber Broken Access Control in WPCafe <= 3.0.14 versions.

CVE-2026-57618 - Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.

CVE-2026-57617 - Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.

CVE-2026-57527 - Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an insecure deserialization vulner

CVE-2026-57431 - Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.

CVE-2026-57430 - Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions.

CVE-2026-57325 - Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.

CVE-2026-57324 - Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions.

CVE-2026-57323 - Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions.

CVE-2026-57322 - Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.

CVE-2026-57321 - Contributor Arbitrary File Deletion in H5P <= 1.17.7 versions.

CVE-2026-57319 - Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.

CVE-2026-57318 - Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions.

CVE-2026-57317 - Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.

CVE-2026-57316 - Subscriber Sensitive Data Exposure in GetGenie <= 4.4.2 versions.

CVE-2026-57315 - Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.

CVE-2026-57314 - Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.

CVE-2026-57313 - Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.

CVE-2026-57312 - Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.

CVE-2026-56773 - Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenti

CVE-2026-56072 - Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.

CVE-2026-56070 - Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.

CVE-2026-56069 - Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions.

CVE-2026-56068 - Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.

CVE-2026-56067 - Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.

CVE-2026-56066 - Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images <= 3.11.4 versions.

CVE-2026-56064 - Subscriber SQL Injection in Tourfic <= 2.22.5 versions.

CVE-2026-56063 - Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.

CVE-2026-56062 - Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.

CVE-2026-56061 - Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions.

CVE-2026-56060 - Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce <= 7.1.1 v

CVE-2026-56059 - Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions.

CVE-2026-56058 - Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions.

CVE-2026-56057 - Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.

CVE-2026-56055 - Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.

CVE-2026-56048 - Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts

CVE-2026-56047 - Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.

CVE-2026-56046 - Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.

CVE-2026-56045 - Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.

CVE-2026-56044 - Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.

CVE-2026-56043 - Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.

CVE-2026-56041 - Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions.

CVE-2026-56040 - Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions.

CVE-2026-56039 - Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.

CVE-2026-56038 - Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.

CVE-2026-56036 - Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.

CVE-2026-56035 - Unauthenticated Multiple Vulnerabilities in BitFire Security <= 5.0.3 versions.

CVE-2026-56034 - Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions.

CVE-2026-56033 - Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.

CVE-2026-56032 - Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.

CVE-2026-56031 - Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.

CVE-2026-56030 - Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.

CVE-2026-56029 - Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions.

CVE-2026-56028 - Unauthenticated Privilege Escalation in Easy Elements for Elementor &#8211; Addons &amp; Website Tem

CVE-2026-56027 - Customer Arbitrary File Upload in Booster for WooCommerce <= 8.0.1 versions.

CVE-2026-56026 - Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions.

CVE-2026-56025 - Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions.

CVE-2026-56010 - Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.

CVE-2026-56008 - Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions.

CVE-2026-54847 - Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.

CVE-2026-54846 - Unauthenticated Broken Access Control in Syncee Premium Dropshipping &amp; Wholesale <= 1.0.27 versi

CVE-2026-54840 - Unauthenticated Broken Access Control in Newsletters <= 4.13 versions.

CVE-2026-54839 - Unauthenticated Sensitive Data Exposure in Trinity Backup &#8211; Backup, Migrate, Restore, Clone &a

CVE-2026-54837 - Unauthenticated Broken Access Control in Intranet &amp; Private Site &#8211; All-In-One Intranet <=

CVE-2026-54835 - Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.