THREAT ALERT

EMERGENCY CVE-2026-21891 9.4 ZimaOS (fork of CasaOS) through 1.5.0 has an authentication bypass where passwords for system service accounts are not properly validated during login. Attackers can access the system using known service account names with any password. PoC available, EPSS 13.6%. | ACT NOW CVE-2025-66376 7.2 Zimbra Collaboration Suite (ZCS) 10.x contains a stored XSS vulnerability in the Classic UI that allows attackers to execute arbitrary JavaScript through CSS @import directives in HTML emails. KEV-listed, this vulnerability (CVE-2025-66376) enables session hijacking and account takeover when administrators or users view malicious emails, making it a high-value target for email-based espionage campaigns. | ACT NOW CVE-2025-43529 8.8 WebKit arbitrary code execution via use-after-free memory corruption affects Safari 26.2, iOS/iPadOS 18.7.3 through 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2, allowing remote attackers to execute arbitrary code by convincing users to visit malicious websites. This vulnerability is confirmed actively exploited (CISA KEV) in extremely sophisticated targeted attacks against specific individuals on iOS versions prior to iOS 26, per Apple's security bulletin. EPSS score of 0.12% (32nd percentile) significantly understates real-world risk given confirmed exploitation. Related vulnerability CVE-2025-14174 was issued for the same exploitation campaign, suggesting a complex attack chain targeting Apple ecosystem users. | ACT NOW CVE-2025-43510 7.8 Apple kernel lock state checking flaw allows a malicious application to cause unexpected changes in memory shared between processes, potentially enabling cross-process data manipulation on iOS, macOS, and other Apple platforms. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 10, 2026

74 CVEs tracked today. 4 Critical, 30 High, 33 Medium, 7 Low.

CVE-2026-22688 CRITICAL CVSS 9.9
WeKnora LLM framework (before 0.2.5) allows authenticated users to inject MCP stdio commands that the server executes as subprocesses. PoC available, patch available.

Command Injection AI / ML Weknora Suse
CVE-2026-22600 CRITICAL CVSS 9.1
OpenProject (before 16.6.4) has a local file read vulnerability through SVG-based ImageMagick exploitation in the PDF export feature. Authenticated users can read server files by uploading malicious SVGs disguised as PNGs. Patch available.

Information Disclosure Openproject
CVE-2025-65091 CRITICAL CVSS 10.0
XWiki Full Calendar Macro (before 2.4.5) has SQL injection accessible to guest users via the Calendar.JSONService page. Maximum CVSS 10.0 with scope change. Patch available.

SQLi Denial Of Service Full Calendar Macro
CVE-2025-61686 CRITICAL CVSS 9.1
React Router (@react-router/node 7.0.0-7.9.3) has a path traversal in file-based session storage when using unsigned cookies. Attackers can manipulate session file paths to read or write arbitrary files on the server.

React Redhat
CVE-2026-22777 HIGH CVSS 7.5
Comfyui-Manager versions up to 3.39.2 contains a vulnerability that allows attackers to security setting tampering or modification of application behavior (CVSS 7.5).

Code Injection Comfyui Manager
CVE-2026-22704 HIGH CVSS 8.0
Stored cross-site scripting (XSS) in HAX CMS versions 11.0.6 through 24.x allows authenticated attackers to inject malicious scripts that execute in other users' browsers, potentially leading to account takeover. Public exploit code exists for this vulnerability affecting both PHP and Node.js deployments. Users should upgrade to version 25.0.0 or later to remediate the issue.

PHP Node.js Haxcms Nodejs
CVE-2026-22700 HIGH CVSS 7.5
RustCrypto's SM2 elliptic curve implementation in versions 0.14.0-pre.0 and 0.14.0-rc.0 is vulnerable to denial-of-service through improper input validation in the decrypt() function, allowing remote attackers to crash affected applications by submitting malformed or undersized ciphertext that triggers unhandled panics. Public exploit code exists for this vulnerability, though a patch is available.

Industrial Denial Of Service Sm2 Elliptic Curve
CVE-2026-22699 HIGH CVSS 7.5
RustCrypto Elliptic Curves versions 0.14.0-pre.0 and 0.14.0-rc.0 are vulnerable to denial-of-service when decrypting SM2 public key encryption, as invalid curve points with syntactically valid coordinates cause an unhandled panic during point validation. Public exploit code exists for this vulnerability, affecting applications that use the SM2 implementation. A remote attacker can crash the cryptographic service by sending specially crafted ciphertext with malformed elliptic curve points.

Code Injection Sm2 Elliptic Curve
CVE-2026-22698 HIGH CVSS 7.5
SM2 elliptic curve implementations in RustCrypto versions 0.14.0-pre.0 and 0.14.0-rc.0 suffer from a critical entropy reduction flaw where ephemeral nonce generation requests only 32 bits instead of 256 bits of randomness, degrading encryption security from 128-bit to 16-bit strength. Public exploit code exists, allowing attackers to recover the nonce and decrypt ciphertexts using only the public key and encrypted message. A patch is available for affected deployments.

Information Disclosure Sm2 Elliptic Curve
CVE-2026-22697 HIGH CVSS 7.5
CryptoLib versions prior to 1.4.3 contain a heap buffer overflow in the KMC crypto service's Base64 decoder, where oversized input strings can write beyond allocated buffer boundaries when processing KMC JSON responses. An attacker with network access to the KMC service can trigger this vulnerability to crash the spacecraft-ground station communication process or potentially execute arbitrary code. Public exploit code exists for this vulnerability, and no patch is currently available.

Buffer Overflow Denial Of Service Cryptolib
CVE-2026-22685 HIGH CVSS 8.8
DevToys versions 2.0.0.0 through 2.0.8.x are vulnerable to path traversal attacks during extension package installation, allowing attackers to write files outside the intended directory by crafting malicious NUPKG archives with directory traversal sequences. An attacker can exploit this to overwrite arbitrary files with DevToys process privileges, potentially enabling code execution or system compromise on affected systems. The vulnerability is patched in version 2.0.9.0.

Path Traversal Devtoys
CVE-2026-22612 HIGH CVSS 7.8
Fickling versions prior to 0.1.7 fail to properly detect malicious pickle payloads due to inadequate handling of the "builtins" module, allowing attackers to bypass security analysis and potentially execute arbitrary code. This vulnerability affects Python environments using vulnerable versions of Fickling for pickle inspection and static analysis. An attacker can craft specially designed pickle files that evade detection mechanisms, compromising the integrity of pickle validation workflows.

Python AI / ML Fickling
CVE-2026-22609 HIGH CVSS 7.8
Fickling's static analyzer before version 0.1.7 fails to detect several dangerous Python modules in pickled objects, enabling attackers to craft malicious pickles that bypass safety checks and achieve arbitrary code execution. This vulnerability affects users relying on Fickling to validate untrusted serialized Python objects for safety. Public exploit code exists for this HIGH severity vulnerability, though a patch is available in version 0.1.7 and later.

Python Deserialization AI / ML Fickling
CVE-2026-22608 HIGH CVSS 7.8
Fickling before version 0.1.7 allows local attackers to achieve arbitrary code execution through Python pickle deserialization by chaining unblocked ctypes and pydoc modules, bypassing the tool's safety scanner which incorrectly reports malicious files as LIKELY_SAFE. An attacker with user interaction can exploit this vulnerability to execute code with the privileges of the Python process. A patch is available in version 0.1.7 and later.

Python RCE Deserialization AI / ML Fickling
CVE-2026-22607 HIGH CVSS 7.8
Fickling's static analyzer through version 0.1.6 fails to properly classify the cProfile module as unsafe during pickle analysis, causing malicious pickles leveraging cProfile.run() to be marked as SUSPICIOUS rather than OVERTLY_MALICIOUS. Organizations using Fickling as a security gate for deserialization decisions may be deceived into executing attacker-controlled code. Public exploit code exists for this vulnerability, and patches are available in version 0.1.7 and later.

Python Deserialization AI / ML Fickling
CVE-2026-22606 HIGH CVSS 7.8
Fickling's incomplete pickle analysis allows attackers to bypass security checks by using Python's runpy module to execute arbitrary code. Versions through 0.1.6 misclassify dangerous runpy-based payloads as merely suspicious rather than malicious, enabling code execution on systems that rely on Fickling to validate pickle safety. Public exploit code exists for this vulnerability, though a patch is available in version 0.1.7.

Python Deserialization AI / ML Fickling
CVE-2026-22601 HIGH CVSS 7.2
Arbitrary command execution in OpenProject versions 16.6.1 and below allows authenticated administrators to execute system commands by manipulating the sendmail binary path configuration and triggering a test email function. An admin-level attacker can leverage this to achieve full system compromise with high impact on confidentiality, integrity, and availability. No patch is currently available, and exploitation requires high privileges but no user interaction.

Command Injection RCE Openproject
CVE-2026-22595 HIGH CVSS 8.1
Ghost CMS versions 5.121.0-5.130.5 and 6.0.0-6.10.3 incorrectly allow Staff Token authentication to access endpoints restricted to Staff Session authentication, enabling authenticated Admin/Owner-role users to perform unauthorized actions. An attacker with valid Staff Token credentials for elevated roles could bypass authentication restrictions and access sensitive endpoints not intended for token-based access. Patches are available in versions 5.130.6 and 6.11.0.

Node.js Ghost
CVE-2026-22594 HIGH CVSS 8.1
Ghost CMS versions 5.105.0-5.130.5 and 6.0.0-6.10.3 contain an authentication bypass in their two-factor authentication implementation that allows authenticated staff members to circumvent email-based 2FA requirements. An attacker with valid staff credentials can exploit this flaw to gain unauthorized access to administrative functions without completing the required second authentication factor. Patches are available in versions 5.130.6 and 6.11.0.

Node.js Ghost
CVE-2026-22589 HIGH CVSS 7.5
Spree versions up to 4.10.2 is affected by authorization bypass through user-controlled key (CVSS 7.5).

Ruby Spree
CVE-2026-22029 HIGH CVSS 8.0
React Router is a router for React. In @remix-run/router version prior to 1.23.2. [CVSS 8.0 HIGH]

React Open Redirect React Router Redhat Suse
CVE-2026-22026 HIGH CVSS 7.5
CryptoLib versions prior to 1.4.3 are vulnerable to denial of service through unbounded memory allocation in the KMC crypto service client's HTTP response handling. A malicious or compromised KMC server can trigger excessive memory consumption by sending arbitrarily large responses, causing the client process to crash. Public exploit code exists for this vulnerability affecting spacecraft communications secured by SDLS-EP.

Buffer Overflow Cryptolib
CVE-2026-22023 HIGH CVSS 7.5
CryptoLib versions prior to 1.4.3 contain an out-of-bounds heap read in the cryptography_aead_encrypt() function, affecting spacecraft communications secured via the SDLS-EP protocol. Public exploit code exists for this vulnerability, allowing remote attackers to trigger a denial of service condition without authentication. The vulnerability impacts systems using CryptoLib for ground-to-spacecraft communications and has been patched in version 1.4.3.

Buffer Overflow Information Disclosure Cryptolib
CVE-2026-21898 HIGH CVSS 8.2
CryptoLib versions prior to 1.4.3 contain an out-of-bounds read vulnerability in the Crypto_AOS_ProcessSecurity function that allows remote attackers to crash spacecraft communications systems when parsing malformed AOS frame hashes. Public exploit code exists for this vulnerability affecting cFS deployments that rely on SDLS-EP for spacecraft-to-ground station security. The vulnerability has high severity due to its denial of service impact on critical space communications infrastructure, and no patch is currently available.

Buffer Overflow Information Disclosure Cryptolib
CVE-2026-21897 HIGH CVSS 7.3
Out-of-bounds write in CryptoLib's SDLS-EP implementation allows unauthenticated network attackers to corrupt the gvcid_counter variable by writing beyond array bounds during parameter registration, potentially disrupting spacecraft-to-ground station communications security. Affected systems running CryptoLib versions prior to 1.4.3 are vulnerable to manipulation of parameter lookup logic without authentication or user interaction. No patch is currently available for this vulnerability affecting NASA's core Flight System deployments.

Buffer Overflow Cryptolib
CVE-2026-21884 HIGH CVSS 8.2
React Router is a router for React. In @remix-run/react version prior to 2.17.3. [CVSS 8.2 HIGH]

React XSS React Router Redhat Suse
CVE-2026-0821 HIGH CVSS 7.3
Heap-based buffer overflow in QuickJS up to version 0.11.0 within the js_typed_array_constructor function allows unauthenticated remote attackers to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. Affected users should apply patch c5d80831e51e48a83eab16ea867be87f091783c5 immediately.

Buffer Overflow Heap Overflow Quickjs Redhat
CVE-2025-62235 HIGH CVSS 8.1
Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. [CVSS 8.1 HIGH]

Apache Authentication Bypass Nimble
CVE-2025-59057 HIGH CVSS 7.6
React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. [CVSS 7.6 HIGH]

React XSS React Router Redhat
CVE-2025-53477 HIGH CVSS 7.5
NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. [CVSS 7.5 HIGH]

Apache Null Pointer Dereference Nimble
CVE-2025-52435 HIGH CVSS 7.5
J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange. [CVSS 7.5 HIGH]

Apache Nimble
CVE-2025-15503 HIGH CVSS 7.3
Operation And Maintenance Security Management System versions up to 3.0.8. is affected by improper access control (CVSS 7.3).

File Upload Authentication Bypass Operation And Maintenance Security Management System
CVE-2025-15502 HIGH CVSS 7.3
Operation And Maintenance Security Management System versions up to 3.0.8. is affected by command injection (CVSS 7.3).

Command Injection Operation And Maintenance Security Management System
CVE-2025-13457 HIGH CVSS 7.5
WooCommerce Square (WordPress plugin) versions up to 5.1.1 is affected by authorization bypass through user-controlled key (CVSS 7.5).

WordPress PHP
CVE-2026-22773 MEDIUM CVSS 6.5
Vllm versions up to 0.12.0 is affected by allocation of resources without limits or throttling (CVSS 6.5).

Denial Of Service AI / ML Vllm Redhat
CVE-2026-22705 MEDIUM CVSS 6.4
which provide authentication of data using public-key cryptography. versions up to 0.1.0 contains a security vulnerability (CVSS 6.4).

Information Disclosure
CVE-2026-22703 MEDIUM CVSS 5.5
Cosign's bundle verification mechanism fails to properly validate that embedded Rekor entries reference the correct artifact digest, signature, and public key, allowing an attacker with a compromised signing identity to forge valid bundles and bypass transparency log verification. A malicious actor could exploit this to create counterfeit signatures that pass validation checks, affecting users relying on Cosign for container and binary code signing verification. Public exploit code exists for this vulnerability; patches are available in versions 2.6.2 and 3.0.4.

Authentication Bypass Cosign Redhat Suse
CVE-2026-22702 MEDIUM CVSS 4.5
Virtualenv versions up to 20.36.1 is affected by improper link resolution before file access (CVSS 4.5).

Python Race Condition Virtualenv Redhat Suse
CVE-2026-22701 MEDIUM CVSS 5.3
Python's filelock SoftFileLock implementation prior to version 3.20.3 contains a TOCTOU race condition that allows local attackers with symlink creation privileges to interfere with lock file operations between permission validation and file creation. An attacker can exploit this window to create a symlink at the target lock path, causing lock operations to fail or redirect to unintended files, resulting in denial of service or unexpected behavior. Upgrade to filelock version 3.20.3 or later to remediate this vulnerability.

Python Denial Of Service Race Condition Filelock Redhat
CVE-2026-22693 MEDIUM CVSS 5.3
HarfBuzz text shaping engine versions prior to 12.3.0 crash when the SubtableUnicodesCache::create function attempts to dereference a null pointer returned by failed memory allocation, enabling denial of service in applications processing untrusted font data. Public exploit code exists for this vulnerability. A patch is available in version 12.3.0 and later.

Null Pointer Dereference Harfbuzz Redhat Suse
CVE-2026-22691 MEDIUM CVSS 5.3
pypdf versions prior to 6.6.0 are vulnerable to denial of service through CPU exhaustion when processing malformed PDF files with crafted startxref entries in non-strict reading mode. An attacker can create a specially crafted PDF containing excessive whitespace that causes the library to consume significant processing resources during cross-reference table reconstruction. A patch is available in version 6.6.0 and later.

Python Pypdf Redhat Suse
CVE-2026-22690 MEDIUM CVSS 5.3
Denial of service via resource exhaustion in pypdf prior to version 6.6.0 allows remote attackers to trigger excessive processing times by submitting specially crafted PDF files with missing /Root objects and inflated /Size values. The vulnerability only affects non-strict parsing mode and causes the library to consume significant CPU resources when processing otherwise invalid documents. A patch is available in version 6.6.0 and later.

Python Pypdf Redhat Suse
CVE-2026-22689 MEDIUM CVSS 6.5
Mailpit versions up to 1.28.2 contains a vulnerability that allows attackers to intercept sensitive data such as email contents, headers, and server statistics (CVSS 6.5).

Industrial Mailpit Suse
CVE-2026-22687 MEDIUM CVSS 5.6
WeKnora versions before 0.2.5 allow unauthenticated attackers to bypass database query restrictions through prompt injection techniques when the Agent service is enabled, enabling unauthorized access to sensitive data. Public exploit code exists for this vulnerability, which affects the framework's document understanding and semantic retrieval capabilities. A patch is available in version 0.2.5 and later.

SQLi AI / ML Weknora Suse
CVE-2026-22610 MEDIUM CVSS 6.1
Angular's Template Compiler fails to properly sanitize href and xlink:href attributes on SVG script elements, enabling reflected cross-site scripting attacks against applications using affected versions (prior to 19.2.18, 20.3.16, 21.0.7, or 21.1.0-rc.0). An attacker can inject malicious scripts through specially crafted SVG elements that bypass the framework's built-in sanitization, allowing session hijacking, credential theft, or other client-side attacks when users interact with affected content. Updates are available for all affected version branches.

Angular XSS Redhat
CVE-2026-22605 MEDIUM CVSS 4.3
OpenProject versions before 16.6.3 allow authenticated users with View Meetings permission to bypass access controls and view meeting details from projects they lack authorization to access. This permission-based access control flaw enables information disclosure across project boundaries for low-privileged users. A patch is available in version 16.6.3 and later.

Authentication Bypass Openproject
CVE-2026-22604 MEDIUM CVSS 5.3
OpenProject is an open-source, web-based project management software. [CVSS 5.3 MEDIUM]

Information Disclosure Openproject
CVE-2026-22603 MEDIUM CVSS 6.5
OpenProject versions prior to 16.6.2 fail to implement rate-limiting on the unauthenticated password-change endpoint, allowing attackers to conduct brute-force attacks against known user accounts without triggering lockout mechanisms. An attacker can systematically guess passwords using common wordlists and achieve full account compromise, potentially escalating privileges depending on the victim's role within the application. A patch is available in version 16.6.2.

Privilege Escalation Openproject
CVE-2026-22596 MEDIUM CVSS 6.7
SQL injection in Ghost's Admin API members/events endpoint enables authenticated administrators to execute arbitrary database queries, affecting versions 5.90.0-5.130.5 and 6.0.0-6.10.3. An attacker with valid Admin API credentials could exploit this to extract, modify, or delete sensitive data stored in the Ghost database. Patches are available in versions 5.130.6 and 6.11.0.

Node.js Ghost
CVE-2026-22030 MEDIUM CVSS 6.5
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. [CVSS 6.5 MEDIUM]

React CSRF React Router Redhat Suse
CVE-2026-22027 MEDIUM CVSS 6.0
Heap buffer overflow in CryptoLib versions prior to 1.4.3 allows a high-privileged local attacker to corrupt adjacent memory by supplying oversized hex strings in MariaDB SA fields without capacity validation. Public exploit code exists for this vulnerability affecting spacecraft communication security implementations. The flaw enables denial of service and potential code execution through heap memory manipulation.

Mariadb Cryptolib
CVE-2026-22024 MEDIUM CVSS 5.3
CryptoLib versions prior to 1.4.3 leak approximately 400 bytes of memory with each call to the cryptography_encrypt() function due to unfreed buffers, allowing remote attackers to conduct denial-of-service attacks against spacecraft-to-ground communications by exhausting available memory through sustained traffic. Public exploit code exists for this vulnerability. The issue is resolved in version 1.4.3 and later.

Denial Of Service Cryptolib
CVE-2026-21900 MEDIUM CVSS 5.9
CryptoLib versions prior to 1.4.3 suffer from an out-of-bounds heap read in the cryptography_encrypt() function when processing malformed JSON metadata from KMC servers, allowing remote attackers to trigger a denial of service condition. The vulnerability stems from improper buffer boundary checking during string parsing in spacecraft-ground station communications secured by the SDLS-EP protocol. Public exploit code exists for this medium-severity flaw, though a patch is available.

Buffer Overflow Information Disclosure Cryptolib
CVE-2026-21899 MEDIUM CVSS 4.7
CryptoLib versions prior to 1.4.3 contain an out-of-bounds read vulnerability in the base64urlDecode function that dereferences memory before validating input parameters, potentially causing a denial of service in spacecraft communications secured by SDLS-EP. Affected systems running cFS with vulnerable CryptoLib versions could crash when processing malformed base64 input. Public exploit code exists for this vulnerability, though no patch is currently available.

Denial Of Service Cryptolib
CVE-2026-0831 MEDIUM CVSS 5.3
Templately (WordPress plugin) versions up to 3.4.8. is affected by incorrect authorization (CVSS 5.3).

WordPress
CVE-2026-0822 MEDIUM CVSS 6.3
Heap-based buffer overflow in QuickJS up to version 0.11.0 within the js_typed_array_sort function allows remote attackers to corrupt memory and potentially achieve code execution with minimal user interaction. Public exploit code exists for this vulnerability. Users should apply the available patch (commit 53eefbcd695165a3bd8c584813b472cb4a69fbf5) to remediate the risk.

Buffer Overflow Heap Overflow Quickjs Redhat
CVE-2025-68470 MEDIUM CVSS 6.5
React-Router versions up to 6.30.1 is affected by url redirection to untrusted site (open redirect) (CVSS 6.5).

React React Router Redhat
CVE-2025-65090 MEDIUM CVSS 5.3
XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page (including guest users) can exploit the data leak vulnerability by accessing database info, with the exception of passwords. [CVSS 5.3 MEDIUM]

Information Disclosure Full Calendar Macro
CVE-2025-61676 MEDIUM CVSS 6.1
October is a Content Management System (CMS) and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting (XSS) vulnerabilities was identified in October CMS backend configuration forms. [CVSS 6.1 MEDIUM]

XSS October
CVE-2025-61674 MEDIUM CVSS 6.1
October is a Content Management System (CMS) and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting (XSS) vulnerability was identified in October CMS backend configuration forms. [CVSS 6.1 MEDIUM]

XSS October
CVE-2025-14976 MEDIUM CVSS 5.4
The User Registration & Membership - Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. [CVSS 5.4 MEDIUM]

WordPress CSRF PHP
CVE-2025-14948 MEDIUM CVSS 5.3
miniOrange OTP Verification and SMS Notification for WooCommerce (WordPress plugin) is affected by missing authorization (CVSS 5.3).

WordPress PHP
CVE-2025-14943 MEDIUM CVSS 4.3
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. [CVSS 4.3 MEDIUM]

WordPress Information Disclosure PHP
CVE-2025-14555 MEDIUM CVSS 6.4
The Countdown Timer - Widget Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdevart_countdown' shortcode in all versions up to, and including, 2.7.7 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14506 MEDIUM CVSS 6.4
The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gutenberg block's `entrance_animation` attribute in all versions up to, and including, 0.0.7. This is due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-13393 MEDIUM CVSS 4.3
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize() function in the Elementor widget integration. [CVSS 4.3 MEDIUM]

WordPress SSRF PHP
CVE-2025-12379 MEDIUM CVSS 6.4
Shortcodes and extra features for Phlox theme (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS PHP
CVE-2026-22611 LOW CVSS 3.7
AWS SDK for .NET works with Amazon Web Services to help build scalable solutions with Amazon S3, Amazon DynamoDB, Amazon Glacier, and more. From versions 4.0.0 to before 4.0.3.3, Customer applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input fie...

Dotnet Aws
CVE-2026-22602 LOW CVSS 3.5
OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, a low‑privileged logged-in user can view the full names of other users. [CVSS 3.5 LOW]

Information Disclosure
CVE-2026-22597 LOW CVSS 2.7
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. [CVSS 2.7 LOW]

Node.js SSRF
CVE-2026-22025 LOW CVSS 3.7
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. [CVSS 3.7 LOW]

Denial Of Service
CVE-2026-0824 LOW CVSS 3.5
A security flaw has been discovered in questdb u versions up to 1.11.9. is affected by cross-site scripting (xss) (CVSS 3.5).

XSS
CVE-2025-53470 LOW CVSS 3.1
Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. [CVSS 3.1 LOW]

Apache
CVE-2025-15504 LOW CVSS 3.3
A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. [CVSS 3.3 LOW]

Null Pointer Dereference

Today's Vulnerabilities Vulnerabilities