Skip to main content
CVE-2025-14348 MEDIUM This Month

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. [CVSS 5.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-14798 MEDIUM This Month

The LearnPress - WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the get_item_permissions_check function. [CVSS 5.3 MEDIUM]

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-21929 MEDIUM PATCH This Month

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 5.3).

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-36419 MEDIUM This Month

IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Applinx
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-21974 MEDIUM This Month

Unauthenticated attackers can read sensitive data from Oracle Life Sciences Central Designer 7.0.1.0 through an easily exploitable information disclosure vulnerability accessible via HTTP. The flaw requires no user interaction or privileges, allowing remote attackers with network access to gain unauthorized access to a subset of application data. No patch is currently available for this vulnerability.

Oracle Life Sciences Central Designer
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-21972 MEDIUM This Month

Configurator contains a vulnerability that allows attackers to unauthorized read access to a subset of Oracle Configurator accessible data (CVSS 5.3).

Oracle Configurator
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-21928 MEDIUM This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. [CVSS 5.3 MEDIUM]

Oracle Linux Solaris
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-55132 MEDIUM PATCH This Month

A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. [CVSS 5.3 MEDIUM]

Node.js Node.Js Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-21942 MEDIUM This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystems). Supported versions that are affected are 10 and 11. [CVSS 5.0 MEDIUM]

Oracle Denial Of Service Solaris
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-21964 MEDIUM PATCH This Month

Mysql contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).

Oracle MySQL MSSQL Denial Of Service Red Hat +1
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21952 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21948 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21941 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21937 MEDIUM PATCH This Month

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21936 MEDIUM PATCH This Month

Mysql Cluster contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).

Oracle MySQL MSSQL Denial Of Service Mysql Cluster +3
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-1223 MEDIUM This Month

BROWAN COMMUNICATIONS PrismX MX100 AP controller stores SMTP credentials in plaintext accessible via the web interface, enabling authenticated administrators to retrieve sensitive password data. The vulnerability requires high-level privileges to exploit but poses a significant risk to email service credentials used by the device. No patch is currently available to remediate this exposure.

Authentication Bypass
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21959 MEDIUM PATCH This Month

Unauthorized data disclosure in Oracle Workflow Loader (versions 12.2.3-12.2.15) allows high-privileged attackers with network access to extract sensitive information from the Oracle E-Business Suite environment. The vulnerability requires administrator-level credentials and HTTP connectivity but can result in complete exposure of workflow-accessible data. A patch is available to remediate this confidentiality issue.

Oracle Workflow
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-13925 MEDIUM This Month

Aspera Console versions up to 3.4.7 is affected by insertion of sensitive information into log file (CVSS 4.9).

IBM Aspera Console
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21925 MEDIUM PATCH CISA This Month

Graalvm versions up to 21.3.16 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Java SE, Oracle G (CVSS 4.8).

Oracle Java Authentication Bypass
NVD VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-36059 MEDIUM This Month

Business Automation Workflow versions up to 24.0.0 is affected by execution with unnecessary privileges (CVSS 4.7).

IBM Business Automation Workflow
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-21981 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 4.6 MEDIUM]

Oracle Virtualbox Denial Of Service Vm Virtualbox
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-21975 MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. [CVSS 4.5 MEDIUM]

Oracle Java Denial Of Service Java Virtual Machine Suse
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2026-1042 MEDIUM This Month

Stored XSS in WP Hello Bar plugin up to version 1.02 allows authenticated administrators to inject malicious scripts through the 'digit_one' and 'digit_two' parameters due to inadequate input validation. When users visit affected pages, the injected scripts execute in their browsers, potentially compromising user sessions or stealing sensitive data. No patch is currently available.

WordPress XSS
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-1045 MEDIUM This Month

Stored XSS in the Viet contact WordPress plugin versions up to 1.3.2 allows authenticated administrators to inject malicious scripts into admin settings due to inadequate input sanitization and output escaping. The injected scripts execute when other users access affected pages, impacting multi-site WordPress installations and sites with unfiltered_html disabled. Exploitation requires administrator-level access and no patch is currently available.

WordPress XSS
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-0554 MEDIUM This Month

NotificationX plugin for WordPress versions up to 3.1.11 lacks proper authorization checks on REST API endpoints, allowing authenticated users with Contributor-level permissions to reset analytics data for any campaign regardless of ownership. This capability bypass enables low-privileged attackers to tamper with campaign analytics across the WordPress installation. The vulnerability affects WordPress deployments using the affected plugin versions, with no patch currently available.

WordPress Industrial
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-1051 MEDIUM This Month

The Newsletter WordPress plugin through version 9.1.0 contains a cross-site request forgery vulnerability in the hook_newsletter_action() function due to insufficient nonce validation, allowing unauthenticated attackers to unsubscribe legitimate users if they can trick a logged-in administrator into clicking a malicious link. This attack requires user interaction but poses a direct integrity risk to newsletter subscriber lists. No patch is currently available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-21979 MEDIUM This Month

Unauthorized data access in Oracle Planning and Budgeting Cloud Service (version 25.04.07) can be achieved by high-privileged attackers with local infrastructure access through the EPM Agent component. The vulnerability requires user interaction from a non-attacker and allows complete compromise of accessible Planning and Budgeting data. No patch is currently available.

Oracle
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-21922 MEDIUM This Month

Planning And Budgeting Cloud Service contains a vulnerability that allows attackers to unauthorized creation, deletion or modification access to critical data or all O (CVSS 4.2).

Oracle Planning And Budgeting Cloud Service
NVD
CVSS 3.1
4.2
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy