Skip to main content
CVE-2026-23946 MEDIUM POC PATCH This Month

Remote code execution in Tendenci CMS versions 15.3.11 and below allows authenticated staff users to execute arbitrary code through unsafe pickle deserialization in the Helpdesk module's reporting function. The vulnerability stems from incomplete patching of CVE-2020-14942, where the run_report() function continues to use unsafe pickle.loads() despite the ticket_list() function being corrected. Public exploit code exists for this issue, though impact is limited to the privileges of the application's runtime user.

Python RCE Deserialization Tendenci
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2025-69612 MEDIUM POC This Month

A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. [CVSS 6.5 MEDIUM]

Path Traversal Tms Management Console
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-70899 MEDIUM POC This Month

Online Course Registration versions up to 3.1 is affected by cross-site request forgery (csrf) (CVSS 6.5).

CSRF Online Course Registration
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23952 MEDIUM POC PATCH This Month

ImageMagick and Magick.NET versions 14.10.1 and below are vulnerable to denial of service attacks through a null pointer dereference in the MSL parser when processing malformed comment tags, exploitable by authenticated attackers without user interaction. Public exploit code exists for this vulnerability, and affected systems may crash or experience assertion failures depending on build configuration. No patch is currently available to address this medium-severity issue.

Null Pointer Dereference Denial Of Service Magick.Net Imagemagick Red Hat +1
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-69820 MEDIUM POC PATCH This Month

Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function. [CVSS 6.0 MEDIUM]

Path Traversal Beta9 Suse
NVD GitHub
CVSS 3.1
6.0
EPSS
0.2%
CVE-2026-24049 MEDIUM POC PATCH This Month

Malicious wheel files can modify file permissions on critical system files during extraction in Python wheel versions 0.40.0-0.46.1, enabling attackers to alter SSH keys, configuration files, or executable scripts. This path traversal and permission manipulation flaw affects systems unpacking untrusted wheels and can lead to privilege escalation or arbitrary code execution. Public exploit code exists for this vulnerability, though a patch is available in version 0.46.2.

Python Privilege Escalation Wheel RCE Path Traversal
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23951 MEDIUM POC This Month

SumatraPDF on Windows is vulnerable to a denial-of-service attack through a maliciously crafted Mobi file that triggers an integer underflow in record validation, causing an out-of-bounds heap read and application crash. The vulnerability stems from an off-by-one error in the PalmDbReader::GetRecord function that only occurs with exactly 2 records, and public exploit code is available. No patch has been released at this time.

Windows Integer Overflow Denial Of Service Sumatrapdf
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23887 MEDIUM POC PATCH This Month

Stored XSS in Group-Office through unsanitized filenames allows authenticated users to inject malicious scripts that execute when other users view affected files, potentially compromising sessions or triggering unintended browser actions. The vulnerability affects versions 6.8.148 and below, and 25.0.1 through 25.0.79, with public exploit code available. Patches are available in versions 6.8.149 and 25.0.80.

XSS Group Office
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-24034 MEDIUM POC This Month

Horilla versions up to 1.5.0 is affected by unrestricted upload of file with dangerous type (CVSS 5.4).

XSS Horilla
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-24036 MEDIUM POC PATCH This Month

Horilla HRMS versions 1.4.0 and above allow unauthenticated access to unpublished job postings through the /recruitment/recruitment-details/ endpoint, exposing draft job titles, descriptions, and application workflows. An attacker can leverage public exploit code to view sensitive internal hiring information and access recruitment processes for unpublished positions. The vulnerability affects all users with network access to affected Horilla instances and has been patched in version 1.5.0.

Authentication Bypass Horilla
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-1325 MEDIUM POC This Month

Operation And Maintenance Security Management System versions up to 3.0.12. is affected by weak password recovery mechanism for forgotten password (CVSS 5.3).

Information Disclosure Operation And Maintenance Security Management System
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-24055 MEDIUM POC PATCH This Month

Langfuse versions 3.146.0 and below allow unauthenticated attackers to hijack Slack OAuth integrations by injecting arbitrary projectIds into the /api/public/slack/install endpoint, enabling them to bind malicious Slack workspaces to any project and intercept prompt management data. An attacker can replace existing Prompt Slack Automations or pre-register malicious integrations that execute when authenticated users unknowingly configure them. Public exploit code exists for this vulnerability, which affects the DNS and AI/ML components of the Langfuse platform.

DNS AI / ML Langfuse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24037 MEDIUM POC This Month

Horilla HRMS version 1.4.0 contains insufficient input validation in its XSS prevention function, allowing attackers to bypass protections through context-agnostic regex patterns. Public exploit code exists for this vulnerability, enabling attackers to redirect users to malicious sites, execute arbitrary JavaScript, and steal CSRF tokens for use in admin-targeted attacks. The vulnerability affects Horilla 1.4.0 and has been patched in version 1.5.0.

XSS CSRF Horilla
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-24035 MEDIUM POC This Month

Horilla is a free and open source Human Resource Management System (HRMS). [CVSS 4.3 MEDIUM]

File Upload Authentication Bypass Horilla
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24039 MEDIUM POC This Month

Horilla HRMS 1.4.0 contains insufficient server-side authorization checks that permit low-privileged employees to self-approve documents they have submitted, bypassing intended administrative-only controls. Public exploit code exists for this vulnerability, enabling standard users to alter HR application state and potentially submit unvetted credentials or certifications. The integrity of HR document workflows is compromised as employees can modify approval statuses reserved for administrators.

Authentication Bypass Horilla
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-27379 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content. [CVSS 6.8 MEDIUM]

XSS On Prem Enterprise Server
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-23893 MEDIUM PATCH This Month

Privilege escalation in openCryptoki 2.3.2+ allows token-group members to exploit insecure symlink handling in group-writable token directories, enabling file operations on arbitrary filesystem targets when the library runs with elevated privileges. An attacker with token-group membership can plant symlinks to redirect administrative operations, potentially leading to privilege escalation or unauthorized data access. A patch is available.

Linux Privilege Escalation Opencryptoki Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-71176 MEDIUM POC PATCH This Month

pytest versions up to 9.0.2 contains a vulnerability that allows attackers to cause a denial of service or possibly gain privileges (CVSS 6.8).

Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-68609 MEDIUM This Month

A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. [CVSS 6.6 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-69055 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder allows Path Traversal.This issue affects BM Content Builder: from n/a before 3.16.3.3. [CVSS 6.5 MEDIUM]

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-68896 MEDIUM This Month

Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through <= 1.2.4. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-68558 MEDIUM This Month

Missing Authorization vulnerability in averta Depicter Slider depicter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through <= 4.0.4. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-68019 MEDIUM This Month

Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <= 6.1.8. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-67958 MEDIUM This Month

Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through <= 8.3.8. [CVSS 6.5 MEDIUM]

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-5805 MEDIUM This Month

Missing Authorization vulnerability in Ninetheme Electron electron allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Electron: from n/a through <= 1.8.2. [CVSS 8.8 HIGH]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54002 MEDIUM This Month

Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through <= 1.2.9.4. [CVSS 8.8 HIGH]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-24379 MEDIUM This Month

WP Job Portal has an authorization bypass through user-controlled keys allowing attackers to access other users' job applications and employer data.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24389 MEDIUM This Month

WP Chill Gallery PhotoBlocks photoblocks-grid-gallery is affected by cross-site scripting (xss) (CVSS 6.5).

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24383 MEDIUM This Month

DOM-based cross-site scripting in bPlugins B Slider through version 2.0.6 enables authenticated attackers to inject malicious scripts that execute in users' browsers with network access. An attacker with user privileges can exploit improper input neutralization during web page generation to steal session tokens, perform unauthorized actions, or redirect victims to malicious sites. No patch is currently available for this vulnerability.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24361 MEDIUM This Month

ThimPress LearnPress Course Review plugin through version 4.1.9 is vulnerable to stored cross-site scripting (XSS) that allows authenticated users with insufficient input validation to inject malicious scripts into course reviews. An attacker with user privileges can exploit this to execute arbitrary JavaScript in other users' browsers, potentially stealing session tokens or performing unauthorized actions on their behalf. No patch is currently available for this vulnerability.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24354 MEDIUM This Month

DOM-based cross-site scripting in PenciDesign Penci Shortcodes & Performance plugin versions 6.1 and earlier allows authenticated attackers to inject malicious scripts that execute in users' browsers. An attacker with user-level privileges can exploit improper input neutralization during page generation to steal session cookies, perform unauthorized actions, or deface content for affected users. No patch is currently available for this vulnerability.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22463 MEDIUM This Month

Stored XSS in Micro.company Form to Chat App versions up to 1.2.5 enables authenticated attackers to inject malicious scripts that execute in other users' browsers, potentially compromising session data and stealing sensitive information. The vulnerability stems from insufficient input sanitization during form processing and requires user interaction to trigger. No patch is currently available for this medium-severity flaw.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22353 MEDIUM This Month

Stored XSS in teachPress through version 9.0.12 enables authenticated attackers to inject malicious scripts that execute in other users' browsers, potentially compromising session data and performing unauthorized actions within the application. The vulnerability requires user interaction to trigger and can affect multiple users across the application scope. No security patch is currently available for affected installations.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22347 MEDIUM This Month

subhansanjaya Carousel Horizontal Posts Content Slider carousel-horizontal-posts-content-slider is affected by cross-site scripting (xss) (CVSS 6.5).

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68046 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through <= 2.0.1. [CVSS 6.5 MEDIUM]

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68006 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Retrieve Embedded Sensitive Data.This issue affects Booking Ultra Pro: from n/a through <= 1.1.23. [CVSS 6.5 MEDIUM]

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-67954 MEDIUM This Month

Dimitri Grassi Salon booking system salon-booking-system contains a security vulnerability (CVSS 6.5).

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-69315 MEDIUM This Month

NSquared Simply Schedule Appointments simply-schedule-appointments is affected by missing authorization (CVSS 6.5).

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-69095 MEDIUM This Month

designthemes Reservation Plugin dt-reservation-plugin is affected by missing authorization (CVSS 6.5).

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68507 MEDIUM This Month

Missing Authorization vulnerability in Icegram Icegram icegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram: from n/a through <= 3.1.35. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68072 MEDIUM This Month

Merv Barrett Easy Property Listings easy-property-listings is affected by missing authorization (CVSS 6.5).

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68039 MEDIUM This Month

Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-backitup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP BackItUp: from n/a through <= 2.0.0. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68020 MEDIUM This Month

Missing Authorization vulnerability in WANotifier WANotifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WANotifier: from n/a through <= 2.7.12. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68016 MEDIUM This Month

Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce is affected by missing authorization (CVSS 6.5).

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68009 MEDIUM This Month

Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through <= 1.0.3. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68007 MEDIUM This Month

Event Espresso Event Espresso 4 Decaf event-espresso-decaf is affected by missing authorization (CVSS 6.5).

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68003 MEDIUM This Month

Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through <= 1.2.10. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-67942 MEDIUM This Month

peachpayments Peach Payments Gateway wc-peach-payments-gateway is affected by missing authorization (CVSS 6.5).

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23964 MEDIUM This Month

Mastodon is a free, open-source social network server based on ActivityPub. [CVSS 6.5 MEDIUM]

Authentication Bypass Mastodon
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68073 MEDIUM This Month

Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance is affected by missing authorization (CVSS 6.5).

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy