SmarterTools SmarterMail prior to build 9511 contains a critical authentication bypass in the password reset API (CVE-2026-23760) that allows unauthenticated attackers to reset system administrator passwords without verification. With EPSS 65% and KEV listing, this trivially exploitable vulnerability enables complete email server takeover, compromising all hosted mailboxes and organizational communications.
Tenda AX3 firmware has another stack-based buffer overflow in formGetIptv through a different input path, enabling remote code execution.
Dragonfly P2P file distribution system versions 2.4.1-rc.0 and below have a missing authentication vulnerability allowing unauthenticated access to the management API.
DataEase data visualization tool prior to 2.10.19 uses MD5-hashed passwords without salting, allowing attackers to crack credentials and gain unauthorized access.
Apryse HTML2PDF SDK through version 11.10 has a command injection vulnerability in the InsertFromURL function allowing remote code execution when converting HTML to PDF.
HUSTOJ online judge system has a CSV injection vulnerability in all versions that allows code execution through crafted submissions exported to spreadsheets.
TMS Management Console v6.3.7 has a CVSS 10.0 arbitrary file upload vulnerability allowing remote attackers to execute arbitrary code on the server without authentication.
g-FFL Checkout WordPress plugin has an unrestricted file upload vulnerability allowing attackers to upload web shells for remote code execution.
Farost Energia WordPress plugin allows unrestricted file upload enabling attackers to upload web shells and achieve remote code execution on the WordPress server.
Miion WordPress theme by zozothemes has an unrestricted file upload vulnerability allowing unauthenticated web shell deployment and server compromise.
Blogzee WordPress theme by blazethemes has an unrestricted file upload vulnerability — the fourth blazethemes product affected by the same shared vulnerable upload component.
Blogistic WordPress theme by blazethemes has an unrestricted file upload vulnerability enabling attackers to deploy web shells for persistent server access.
Real Homes CRM WordPress plugin has an unrestricted file upload allowing web shell deployment for persistent remote code execution.
News Event WordPress theme by blazethemes has an unrestricted file upload allowing web shell deployment and remote code execution.
Blogmatic WordPress theme by blazethemes has an unrestricted file upload vulnerability allowing attackers to upload web shells for persistent server access.
HAMASTAR MeetingHub has an arbitrary file upload vulnerability allowing unauthenticated remote attackers to upload web shells and achieve full server compromise.
Workreap Core WordPress plugin has an authentication bypass allowing unauthenticated users to access protected functionality through an alternate authentication path.
Azure Front Door has an improper access control vulnerability (CVSS 9.8) allowing unauthorized attackers to elevate privileges through the CDN and WAF infrastructure.
FmeAddons Registration & Login with Mobile Phone Number for WooCommerce has a missing authorization vulnerability allowing unauthenticated access to protected functionality.
LazyTasks project management WordPress plugin has an incorrect privilege assignment vulnerability allowing low-privileged users to escalate to administrator, gaining full site control.
ThemeREX Sound/musicplace WordPress theme has an insecure deserialization vulnerability enabling PHP object injection and potential remote code execution.
Consult Aid WordPress theme has an insecure deserialization vulnerability allowing object injection that can lead to remote code execution.
NervesHub OTA firmware management has a weak random number generation vulnerability that allows attackers to predict firmware update tokens and push malicious updates.
LA-Studio Element Kit for Elementor WordPress plugin allows unauthenticated admin user creation, enabling complete WordPress site takeover.
Soft Serve self-hosted Git server versions 0.11.2 and below have a critical authentication bypass that allows unauthenticated access to private repositories.
Appsmith platform version 1.94 and below has a missing authorization vulnerability that allows unauthenticated access to publicly deployed applications' internal APIs.
A WebSocket endpoint lacks proper authentication, allowing unauthenticated users to connect and interact with real-time data streams and server-side functionality.
Order Listener for WooCommerce has a missing authorization vulnerability enabling unauthenticated access to order data and administrative functions.
M365 Copilot has an input validation vulnerability allowing unauthorized attackers to extract sensitive information through crafted prompts over the network.
Azure Entra ID (formerly Azure AD) has an elevation of privilege vulnerability allowing attackers to escalate permissions within the identity platform.
CleverReach WordPress plugin has a SQL injection vulnerability allowing attackers to extract email marketing data and WordPress credentials from the database.
MailerLite WordPress plugin has a SQL injection vulnerability enabling attackers to extract sensitive data from the WordPress database.
Microsoft Account has a cross-site scripting vulnerability allowing unauthenticated attackers to execute scripts in the context of Microsoft Account pages.
WP Learn SQL Injection allows unauthenticated attackers to execute arbitrary SQL queries against the WordPress database, exposing all stored data.
Paid Downloads WordPress plugin has a SQL injection vulnerability enabling database compromise through the download management functionality.
Nelio AB Testing WordPress plugin has a code injection vulnerability allowing attackers to execute arbitrary code through the A/B testing functionality.
Xpro Elementor Addons WordPress plugin has an unrestricted file upload allowing attackers to upload dangerous file types through the Elementor builder integration.
Gitea fails to validate repository ownership when linking attachments to releases, allowing users to attach files from one repository to releases in another.
Gitea fails to validate repository ownership when deleting Git LFS locks, allowing users with write access to one repo to delete LFS locks in other repositories.
Gitea does not properly validate project ownership in organization operations, allowing users with project write access to manipulate projects belonging to other organizations.
The sm-crypto JavaScript library has a private key recovery vulnerability in its SM2 implementation, allowing attackers to extract secret keys from signatures.
Event Tickets with Ticket Scanner WordPress plugin has a code injection vulnerability allowing remote code execution through the event management system.
Grist spreadsheet software has an injection vulnerability in Python formula execution that allows authenticated users to escape the formula sandbox and execute arbitrary code.