Skip to main content
CVE-2025-12379 MEDIUM This Month

Shortcodes and extra features for Phlox theme (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-22705 MEDIUM PATCH This Month

which provide authentication of data using public-key cryptography. versions up to 0.1.0 contains a security vulnerability (CVSS 6.4).

Information Disclosure
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-0822 LOW POC PATCH Monitor

Heap-based buffer overflow in QuickJS up to version 0.11.0 within the js_typed_array_sort function allows remote attackers to corrupt memory and potentially achieve code execution with minimal user interaction. Public exploit code exists for this vulnerability. Users should apply the available patch (commit 53eefbcd695165a3bd8c584813b472cb4a69fbf5) to remediate the risk.

Buffer Overflow Quickjs
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-61676 MEDIUM PATCH This Month

October is a Content Management System (CMS) and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting (XSS) vulnerabilities was identified in October CMS backend configuration forms. [CVSS 6.1 MEDIUM]

XSS October
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-61674 MEDIUM PATCH This Month

October is a Content Management System (CMS) and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting (XSS) vulnerability was identified in October CMS backend configuration forms. [CVSS 6.1 MEDIUM]

XSS October
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-22029 MEDIUM PATCH This Month

React Router is a router for React. In @remix-run/router version prior to 1.23.2. [CVSS 8.0 HIGH]

Open Redirect XSS Remix Run React React Router
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-15504 LOW POC PATCH Monitor

A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. [CVSS 3.3 LOW]

Denial Of Service Lief
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-14976 MEDIUM This Month

The User Registration & Membership - Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. [CVSS 5.4 MEDIUM]

WordPress CSRF PHP
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-14948 MEDIUM This Month

miniOrange OTP Verification and SMS Notification for WooCommerce (WordPress plugin) is affected by missing authorization (CVSS 5.3).

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-0831 MEDIUM This Month

Templately (WordPress plugin) versions up to 3.4.8. is affected by incorrect authorization (CVSS 5.3).

WordPress
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-22604 MEDIUM PATCH This Month

OpenProject is an open-source, web-based project management software. [CVSS 5.3 MEDIUM]

Information Disclosure Openproject
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-65090 MEDIUM PATCH This Month

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page (including guest users) can exploit the data leak vulnerability by accessing database info, with the exception of passwords. [CVSS 5.3 MEDIUM]

Information Disclosure Full Calendar Macro
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22691 MEDIUM PATCH This Month

pypdf versions prior to 6.6.0 are vulnerable to denial of service through CPU exhaustion when processing malformed PDF files with crafted startxref entries in non-strict reading mode. An attacker can create a specially crafted PDF containing excessive whitespace that causes the library to consume significant processing resources during cross-reference table reconstruction. A patch is available in version 6.6.0 and later.

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22690 MEDIUM PATCH This Month

Denial of service via resource exhaustion in pypdf prior to version 6.6.0 allows remote attackers to trigger excessive processing times by submitting specially crafted PDF files with missing /Root objects and inflated /Size values. The vulnerability only affects non-strict parsing mode and causes the library to consume significant CPU resources when processing otherwise invalid documents. A patch is available in version 6.6.0 and later.

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22701 MEDIUM PATCH This Month

Python's filelock SoftFileLock implementation prior to version 3.20.3 contains a TOCTOU race condition that allows local attackers with symlink creation privileges to interfere with lock file operations between permission validation and file creation. An attacker can exploit this window to create a symlink at the target lock path, causing lock operations to fail or redirect to unintended files, resulting in denial of service or unexpected behavior. Upgrade to filelock version 3.20.3 or later to remediate this vulnerability.

Python Denial Of Service Race Condition Filelock Red Hat +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22597 MEDIUM PATCH This Month

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. [CVSS 2.7 LOW]

Node.js SSRF
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-22702 MEDIUM PATCH This Month

Virtualenv versions up to 20.36.1 is affected by improper link resolution before file access (CVSS 4.5).

Python Race Condition Virtualenv Red Hat Suse
NVD GitHub
CVSS 3.1
4.5
EPSS
0.0%
CVE-2026-22605 MEDIUM PATCH This Month

OpenProject versions before 16.6.3 allow authenticated users with View Meetings permission to bypass access controls and view meeting details from projects they lack authorization to access. This permission-based access control flaw enables information disclosure across project boundaries for low-privileged users. A patch is available in version 16.6.3 and later.

Authentication Bypass Openproject
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-14943 MEDIUM This Month

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. [CVSS 4.3 MEDIUM]

WordPress Information Disclosure PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13393 MEDIUM This Month

The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize() function in the Elementor widget integration. [CVSS 4.3 MEDIUM]

WordPress SSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22611 LOW PATCH Monitor

AWS SDK for .NET works with Amazon Web Services to help build scalable solutions with Amazon S3, Amazon DynamoDB, Amazon Glacier, and more. From versions 4.0.0 to before 4.0.3.3, Customer applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input fie...

.NET AWS
NVD GitHub
CVSS 3.1
3.7
EPSS
0.1%
CVE-2026-22602 LOW PATCH Monitor

OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, a low‑privileged logged-in user can view the full names of other users. [CVSS 3.5 LOW]

Information Disclosure Openproject
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-53470 LOW PATCH Monitor

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. [CVSS 3.1 LOW]

Apache
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-0824 LOW PATCH Monitor

A security flaw has been discovered in questdb u versions up to 1.11.9. is affected by cross-site scripting (xss) (CVSS 3.5).

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy