THREAT ALERT

EMERGENCY CVE-2026-24423 9.8 SmarterTools SmarterMail prior to build 9511 contains a second critical vulnerability (CVE-2026-24423) — an unauthenticated remote code execution flaw in the ConnectToHub API method. An attacker can redirect the SmarterMail server to connect to a malicious HTTP endpoint that serves OS commands for execution. KEV-listed with EPSS 29%, this is chainable with CVE-2026-23760 for complete server compromise. | EMERGENCY CVE-2026-23760 9.8 SmarterTools SmarterMail prior to build 9511 contains a critical authentication bypass in the password reset API (CVE-2026-23760) that allows unauthenticated attackers to reset system administrator passwords without verification. With EPSS 65% and KEV listing, this trivially exploitable vulnerability enables complete email server takeover, compromising all hosted mailboxes and organizational communications. | ACT NOW CVE-2026-20045 8.2 Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that allows unauthenticated remote attackers to execute arbitrary code. This KEV-listed vulnerability affects the core enterprise voice/video infrastructure including Unified CM, IM&P, Unity Connection, and Webex Calling Dedicated Instance, making it a high-priority threat for organizations dependent on Cisco collaboration tools. | ACT NOW CVE-2026-24061 9.8 GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain root access by setting the USER environment variable to '-f root' during TELNET negotiation. With EPSS 75% and KEV listing, this trivially exploitable vulnerability (CVE-2026-24061) has been widely weaponized. Public PoC is available and patches exist. | EMERGENCY CVE-2026-20963 9.8 Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration. | ACT NOW CVE-2026-22200 7.5 Arbitrary file disclosure in osTicket 1.18.x before 1.18.3 and 1.17.x before 1.17.7 allows unauthenticated attackers to read sensitive server files by injecting malicious PHP filter expressions into ticket descriptions that are processed during PDF export. The vulnerability exploits insufficient sanitization in the mPDF library integration, enabling attackers to embed arbitrary file contents as images in generated PDFs when exporting tickets. Public exploit code exists and the issue affects default configurations where guest ticket creation is enabled. | EMERGENCY CVE-2026-21891 9.4 ZimaOS (fork of CasaOS) through 1.5.0 has an authentication bypass where passwords for system service accounts are not properly validated during login. Attackers can access the system using known service account names with any password. PoC available, EPSS 13.6%. | ACT NOW CVE-2025-66376 7.2 Zimbra Collaboration Suite (ZCS) 10.x contains a stored XSS vulnerability in the Classic UI that allows attackers to execute arbitrary JavaScript through CSS @import directives in HTML emails. KEV-listed, this vulnerability (CVE-2025-66376) enables session hijacking and account takeover when administrators or users view malicious emails, making it a high-value target for email-based espionage campaigns. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 23, 2026

258 CVEs tracked today. 35 Critical, 81 High, 137 Medium, 3 Low.

CVE-2026-24423 CRITICAL CVSS 9.8
SmarterTools SmarterMail prior to build 9511 contains a second critical vulnerability (CVE-2026-24423) — an unauthenticated remote code execution flaw in the ConnectToHub API method. An attacker can redirect the SmarterMail server to connect to a malicious HTTP endpoint that serves OS commands for execution. KEV-listed with EPSS 29%, this is chainable with CVE-2026-23760 for complete server compromise.

RCE Command Injection Smartermail
CVE-2022-25369 CRITICAL CVSS 9.8
Dynamicweb CMS before version 9.12.8 contains a critical authentication bypass that allows unauthenticated attackers to create new administrator accounts. The vulnerability exists because the application's setup wizard can be re-executed on deployed instances, enabling attackers to initialize a fresh admin account and subsequently upload webshells.

Authentication Bypass
CVE-2026-24531 CRITICAL CVSS 9.8
A WordPress plugin has a PHP Remote File Inclusion vulnerability (CWE-98) allowing unauthenticated remote code execution through crafted include paths.

PHP Lfi
CVE-2026-24304 CRITICAL CVSS 9.9
Azure Resource Manager has a CVSS 9.9 access control vulnerability allowing authorized users to escalate privileges across Azure subscriptions and resource groups.

Azure Azure Resource Manager
CVE-2026-24132 CRITICAL CVSS 9.8
Orval TypeScript code generator versions 7.19+ have a command injection vulnerability allowing RCE through malicious OpenAPI specifications during code generation.

Command Injection Orval
CVE-2026-1364 CRITICAL CVSS 9.8
IAQS and I6 by JNC have a missing authentication vulnerability allowing unauthenticated remote attackers to directly access sensitive system functionality.

Authentication Bypass
CVE-2026-1363 CRITICAL CVSS 9.8
IAQS and I6 systems by JNC have a client-side enforcement vulnerability allowing unauthenticated attackers to bypass security controls and access server functionality.

Information Disclosure
CVE-2026-0794 CRITICAL CVSS 9.8
ALGO 8180 has a use-after-free in SIP session handling (EPSS 1.1%) enabling remote code execution through crafted VoIP signaling sequences.

Golang RCE Use After Free 8180 Ip Audio Alerter Firmware
CVE-2026-0793 CRITICAL CVSS 9.8
ALGO 8180 has a heap-based buffer overflow in InformaCast message processing enabling remote code execution through the emergency notification protocol.

Golang RCE Buffer Overflow Heap Overflow 8180 Ip Audio Alerter Firmware
CVE-2026-0792 CRITICAL CVSS 9.8
ALGO 8180 has a stack-based buffer overflow in SIP INVITE Alert-Info header processing, enabling remote code execution through the VoIP protocol.

Golang RCE Buffer Overflow Stack Overflow 8180 Ip Audio Alerter Firmware
CVE-2026-0791 CRITICAL CVSS 9.8
ALGO 8180 has a stack-based buffer overflow in SIP INVITE Replaces header processing enabling remote code execution through crafted VoIP calls.

Golang RCE Buffer Overflow Stack Overflow 8180 Ip Audio Alerter Firmware
CVE-2026-0787 CRITICAL CVSS 9.8
ALGO 8180 IP Audio Alerter has a command injection in the SAC interface (EPSS 0.68%) allowing remote code execution on the emergency notification device.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
CVE-2026-0773 CRITICAL CVSS 9.8
Upsonic has an insecure deserialization via cloudpickle (EPSS 1.3%) enabling remote code execution through crafted serialized AI agent data.

RCE Deserialization AI / ML
CVE-2026-0770 CRITICAL CVSS 9.8
Langflow has a third RCE vulnerability via exec_globals (EPSS 10.0%) allowing inclusion of untrusted code that executes in the application's global scope.

RCE AI / ML Langflow
CVE-2026-0769 CRITICAL CVSS 9.8
Langflow has an eval injection in eval_custom_component_code (EPSS 2.0%) enabling remote code execution through crafted custom component definitions.

Python RCE AI / ML Langflow
CVE-2026-0768 CRITICAL CVSS 9.8
Langflow has a code injection vulnerability in the code component (EPSS 2.6%) enabling remote code execution through the visual AI workflow builder.

Python RCE Code Injection AI / ML Langflow
CVE-2026-0764 CRITICAL CVSS 9.8
GPT Academic has a second insecure deserialization vulnerability in the upload function (EPSS 1.5%) allowing remote code execution through crafted file uploads.

RCE Deserialization AI / ML Gpt Academic
CVE-2026-0763 CRITICAL CVSS 9.8
GPT Academic has an insecure deserialization in run_in_subprocess_wrapper_func (EPSS 1.7%) enabling remote code execution through crafted subprocess data.

RCE Deserialization AI / ML Gpt Academic
CVE-2026-0761 CRITICAL CVSS 9.8
MetaGPT has a code injection vulnerability in actionoutput_str_to_mapping (EPSS 2.6%) allowing remote attackers to execute arbitrary code through crafted AI agent output processing.

Python RCE Code Injection AI / ML Metagpt
CVE-2026-0760 CRITICAL CVSS 9.8
MetaGPT by Foundation Agents has an insecure deserialization in deserialize_message (EPSS 1.7%) enabling remote code execution through crafted serialized data in AI agent communications.

RCE Deserialization AI / ML Metagpt
CVE-2026-0759 CRITICAL CVSS 9.8
Katana Network Development Starter Kit has a command injection in executeCommand enabling remote code execution through the development framework.

RCE Command Injection AI / ML
CVE-2026-0756 CRITICAL CVSS 9.8
github-kanban-mcp-server has a command injection in execAsync (EPSS 1.0%) enabling remote code execution on developer machines using the GitHub Kanban MCP integration.

Github RCE Command Injection AI / ML
CVE-2026-0755 CRITICAL CVSS 9.8
gemini-mcp-tool has a command injection in execAsync allowing remote code execution on systems using the Gemini AI MCP integration.

RCE Command Injection AI / ML
CVE-2025-70985 CRITICAL CVSS 9.1
RuoYi v4.8.2 has an access control flaw in the update function allowing unauthorized attackers to modify arbitrary data in the admin management system.

Authentication Bypass Ruoyi
CVE-2025-70983 CRITICAL CVSS 9.9
SpringBlade v4.5.0 has an access control flaw in authRoutes allowing low-privileged users to escalate to admin through the authentication routing mechanism.

Spring Java Privilege Escalation Authentication Bypass Springblade
CVE-2025-70457 CRITICAL CVSS 9.8
Sourcecodester Modern Image Gallery App v1.0 has an arbitrary file upload in the gallery endpoint allowing unauthenticated remote code execution.

PHP RCE Modern Image Gallery App
CVE-2025-67229 CRITICAL CVSS 9.8
ToDesktop Builder v0.32.1 has an improper certificate validation vulnerability allowing man-in-the-middle attackers to inject malicious code into desktop application builds.

Authentication Bypass Builder
CVE-2025-66719 CRITICAL CVSS 9.1
Free5gc NRF 1.4.0 has an authorization bypass in access token generation that allows authenticated users to request tokens with broader scope than permitted.

Golang Nrf
CVE-2025-52025 CRITICAL CVSS 9.4
Aptsys gemscms POS Platform has a SQL injection in the GetServiceByRestaurantID endpoint allowing extraction of restaurant and payment data.

SQLi Gemscms Backend
CVE-2025-52024 CRITICAL CVSS 9.4
Aptsys POS Platform Web Services module exposes internal API testing endpoints to the public, allowing unauthenticated access to point-of-sale backend systems.

Authentication Bypass Gemscms Backend
CVE-2025-15063 CRITICAL CVSS 9.8
Ollama MCP Server has a command injection vulnerability in execAsync (EPSS 1.0%) allowing remote attackers to execute arbitrary commands on systems running the Ollama AI integration.

RCE Command Injection AI / ML Ollama
CVE-2025-15061 CRITICAL CVSS 9.8
Framelink Figma MCP Server has a command injection vulnerability in fetchWithRetry (EPSS 1.4%) enabling remote code execution on developer machines using the MCP integration.

RCE Command Injection AI / ML
CVE-2025-4320 CRITICAL CVSS 10.0
A Birebir product has a CVSS 10.0 authentication bypass through a primary weakness in the password recovery mechanism, allowing complete account takeover without any authentication.

Authentication Bypass
CVE-2025-4319 CRITICAL CVSS 9.4
A product by Birebir has weak authentication with improper rate limiting on login attempts and insecure password recovery, enabling brute-force attacks and account takeover.

Authentication Bypass
CVE-2021-47891 CRITICAL CVSS 9.8
Unified Remote 3.9.0.2463 allows unauthenticated remote code execution by sending crafted network packets to the remote control service.

RCE
CVE-2026-24635 HIGH CVSS 7.5
DevsBlink EduBlink Core through version 2.0.7 contains a local file inclusion vulnerability in its PHP file handling that allows authenticated attackers to read arbitrary files on the server. An attacker with valid credentials can manipulate filename parameters to bypass proper input validation and access sensitive system files. No patch is currently available for this vulnerability.

PHP Lfi
CVE-2026-24624 HIGH CVSS 7.2
Blind SQL injection in Neoforum version 1.0 and earlier allows high-privileged attackers to execute arbitrary SQL commands over the network without user interaction, potentially compromising data confidentiality and integrity. The vulnerability stems from inadequate sanitization of user inputs in SQL queries, and no patch is currently available.

SQLi
CVE-2026-24609 HIGH CVSS 7.5
The Laurent theme for PHP versions 3.1 and earlier contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files on the affected system. An attacker with valid credentials can manipulate filename parameters in include/require statements to access sensitive data outside the intended application directory. No patch is currently available for this vulnerability.

PHP Lfi
CVE-2026-24608 HIGH CVSS 7.5
Laurent Core plugin for PHP through version 2.4.1 contains a local file inclusion vulnerability in its filename handling for include/require statements, allowing authenticated attackers to read arbitrary files from the affected system. With a CVSS score of 7.5, this vulnerability enables confidentiality and integrity compromise, though exploitation requires valid credentials and no patch is currently available.

PHP Lfi
CVE-2026-24572 HIGH CVSS 8.8
Nelio Content versions 4.1.0 and earlier contain a blind SQL injection vulnerability that allows authenticated attackers to execute arbitrary database queries over the network. This vulnerability requires valid user credentials but no user interaction, enabling attackers to read, modify, or delete sensitive database contents. No patch is currently available to address this high-severity flaw.

SQLi
CVE-2026-24538 HIGH CVSS 7.6
Omnipress through version 1.6.6 contains a local file inclusion vulnerability in its PHP program that allows authenticated attackers to read arbitrary files on the server. An attacker with valid credentials can manipulate filename parameters in include/require statements to access sensitive files outside the intended directory. This vulnerability requires user interaction but poses significant risk to confidentiality with no available patch at this time.

PHP Lfi Information Disclosure
CVE-2026-24536 HIGH CVSS 7.5
Webpushr web push notification plugin versions 4.38.0 and earlier expose sensitive embedded system data to unauthorized parties through an information disclosure vulnerability. An unauthenticated remote attacker can retrieve this sensitive information without user interaction, potentially compromising system configuration details and credentials. No patch is currently available.

Information Disclosure
CVE-2026-24534 HIGH CVSS 8.8
UPress Booter versions up to 1.5.7 contain an authorization bypass in the booter-bots-crawlers-manager component that allows authenticated users to exploit misconfigured access controls and gain unauthorized administrative capabilities. An attacker with low-privilege credentials could achieve complete compromise of the application, including confidentiality, integrity, and availability violations. No patch is currently available for this vulnerability.

Authentication Bypass
CVE-2026-24532 HIGH CVSS 8.8
Incorrect access control in SiteLock Security plugin versions up to 5.0.2 for WordPress allows authenticated users to modify content they should not have permission to access. An attacker with login credentials could exploit misconfigured security levels to bypass authorization checks and alter website data. No patch is currently available.

Authentication Bypass
CVE-2026-24524 HIGH CVSS 8.1
Essekia Tablesome versions up to 1.1.35.2 contain an authorization bypass vulnerability that allows authenticated attackers to access or modify resources they should not have permission to reach due to misconfigured access controls. The vulnerability requires low attack complexity and network access, potentially exposing sensitive data and allowing unauthorized modifications without authentication bypass. A patch is not currently available, leaving affected users vulnerable to exploitation by authenticated users.

Authentication Bypass
CVE-2026-24523 HIGH CVSS 7.5
WP FullCalendar through version 1.6 exposes sensitive system information to unauthenticated remote attackers, allowing them to retrieve embedded data without authentication. The vulnerability affects WordPress installations using the vulnerable plugin and requires no user interaction to exploit. No patch is currently available.

WordPress
CVE-2026-24138 HIGH CVSS 7.5
Unauthenticated Server-Side Request Forgery (SSRF) in FOG 1.5.10.1754 and earlier allows remote attackers to read internal files and access local services by manipulating the url parameter in getversion.php when newService=1 is present. The vulnerability requires no authentication or user interaction and affects the confidentiality of sensitive data accessible from the affected system. No patch is currently available.

PHP SSRF
CVE-2026-22995 HIGH CVSS 7.8
Linux kernel ublk subsystem suffers from a use-after-free vulnerability in partition scan operations where a race condition between device teardown and asynchronous partition scanning allows local attackers with user privileges to access freed memory, potentially causing denial of service or information disclosure. The vulnerability stems from improper reference counting of disk objects during concurrent operations, affecting all Linux systems with the vulnerable ublk driver. A patch is available to resolve this issue by implementing proper disk reference management in the partition scan worker.

Linux Use After Free Race Condition Linux Kernel Redhat
CVE-2026-22984 HIGH CVSS 7.1
A bounds checking vulnerability in the Linux kernel's libceph authentication handler allows local attackers with user privileges to trigger out-of-bounds memory reads, potentially leading to information disclosure or denial of service. The flaw exists in the handle_auth_done() function which fails to properly validate payload length before processing authentication data. A patch is available to address this vulnerability.

Linux Linux Kernel Redhat Suse
CVE-2026-22980 HIGH CVSS 7.8
The Linux kernel NFSv4 grace period handler contains a use-after-free vulnerability in the v4_end_grace function that can be triggered by local attackers with unprivileged access, allowing them to read or modify sensitive kernel memory or cause a denial of service. The vulnerability arises from improper synchronization between the grace period shutdown logic and the NFSv4 client tracking mechanism, which can result in memory being accessed after it has been freed. A patch is available to add proper locking that prevents concurrent access to the vulnerable code path.

Linux Use After Free Linux Kernel Redhat Suse
CVE-2026-22273 HIGH CVSS 8.8
Privilege escalation in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale prior to 4.2.0.0 stems from hardcoded default credentials in the operating system that a remote authenticated attacker can leverage to gain elevated privileges. An attacker with low-level access can exploit this vulnerability to achieve full system compromise including confidentiality, integrity, and availability impacts. No patch is currently available for affected versions.

Information Disclosure Dell Objectscale Elastic Cloud Storage
CVE-2026-22271 HIGH CVSS 7.5
Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext transmission of sensitive information (CVSS 7.5).

Information Disclosure Objectscale Elastic Cloud Storage
CVE-2026-20613 HIGH CVSS 7.8
Path traversal in the ArchiveReader.extractContents() function used by container image load operations allows local attackers to write arbitrary files to any user-writable location on the system by crafting malicious archives with relative pathnames. Public exploit code exists for this vulnerability, and affected users cannot currently patch as fixes are only available in container 0.8.0 and containerization 0.21.0. The vulnerability requires local access and user interaction but carries high severity due to potential for file overwrite and system compromise.

Path Traversal Containerization Container
CVE-2026-0994 HIGH CVSS 8.2
A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.

Google Python Authentication Bypass
CVE-2026-0796 HIGH CVSS 8.8
Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. The vulnerability requires valid credentials to exploit but provides complete system compromise with high confidentiality, integrity, and availability impact. No patch is currently available for this issue.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
CVE-2026-0795 HIGH CVSS 8.8
Remote code execution in ALGO 8180 IP Audio Alerter devices via command injection in the web UI allows authenticated attackers to execute arbitrary system commands due to insufficient input validation. An attacker with valid credentials can inject malicious commands through user-supplied parameters to gain code execution on the affected device. No patch is currently available for this vulnerability.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
CVE-2026-0790 HIGH CVSS 7.5
8180 Ip Audio Alerter Firmware versions up to 5.5 contains a vulnerability that allows attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio A (CVSS 7.5).

Golang Information Disclosure 8180 Ip Audio Alerter Firmware
CVE-2026-0789 HIGH CVSS 7.5
The ALGO 8180 IP Audio Alerter web interface improperly exposes authentication cookies in HTTP response bodies, enabling unauthenticated remote attackers to steal sensitive credentials and gain unauthorized access to affected devices. This information disclosure vulnerability requires no authentication or user interaction to exploit and affects the device's web-based management interface. No patch is currently available for this vulnerability.

Golang Information Disclosure 8180 Ip Audio Alerter Firmware
CVE-2026-0786 HIGH CVSS 8.8
Remote code execution in ALGO 8180 IP Audio Alerter firmware results from insufficient input validation in the SCI module, allowing authenticated attackers to inject arbitrary commands and execute code with device privileges. The vulnerability affects Golang-based implementations and carries a high CVSS score of 8.8, with no patch currently available. Exploitation requires valid credentials but poses significant risk to networked audio alerting infrastructure.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
CVE-2026-0785 HIGH CVSS 8.8
Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the API interface allows authenticated attackers to execute arbitrary system commands on affected devices due to insufficient input validation. The vulnerability has a high CVSS score of 8.8 and currently lacks a patch. With an EPSS score of 0.8%, exploitation is possible but not yet widely observed in the wild.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
CVE-2026-0784 HIGH CVSS 8.8
Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on vulnerable devices due to insufficient input validation. An attacker with valid credentials can inject malicious commands through unsanitized user input to compromise the device and execute code with device privileges. No patch is currently available for this vulnerability.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
CVE-2026-0783 HIGH CVSS 8.8
Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices through insufficient input validation. An attacker with valid credentials can inject malicious commands through unsanitized user input parameters to achieve code execution in the device context. No patch is currently available for this high-severity vulnerability.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
CVE-2026-0782 HIGH CVSS 8.8
Remote code execution in ALGO 8180 IP Audio Alerter devices through command injection in the web management interface allows authenticated attackers to execute arbitrary commands with device privileges. The vulnerability stems from insufficient input validation of user-supplied parameters passed to system calls. A patch is not currently available for this high-severity flaw affecting Golang-based firmware.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
CVE-2026-0781 HIGH CVSS 8.8
Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. An attacker with valid credentials can exploit this vulnerability to achieve code execution in the device context. No patch is currently available for this high-severity vulnerability (CVSS 8.8).

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
CVE-2026-0780 HIGH CVSS 8.8
Remote code execution in ALGO 8180 IP Audio Alerter firmware through command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. The vulnerability requires valid credentials to exploit but enables complete device compromise once authenticated. No patch is currently available for this high-severity flaw affecting the Golang-based firmware.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
CVE-2026-0779 HIGH CVSS 8.8
Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web interface allows authenticated attackers to execute arbitrary code on affected devices through insufficient input validation. The vulnerability requires valid credentials but no user interaction to exploit, presenting significant risk to networked audio alerting systems. No patch is currently available.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
CVE-2026-0778 HIGH CVSS 8.8
Unauthenticated remote code execution in Enel X JuiceBox 40 charging stations via an exposed Telnet service on TCP port 2000 allows network-adjacent attackers to execute arbitrary commands without credentials. The vulnerability affects all installations of the JuiceBox 40 and runs with service account privileges, enabling full system compromise. No patch is currently available.

RCE
CVE-2026-0776 HIGH CVSS 7.3
Discord Client's discord_rpc module improperly loads files from an unsecured search path, enabling local attackers with low-privilege code execution to escalate privileges and run arbitrary code with elevated user context. This vulnerability requires prior local code execution capability and affects systems running vulnerable Discord Client installations. No patch is currently available.

Privilege Escalation
CVE-2026-0775 HIGH CVSS 7.0
npm cli contains an insecure module loading mechanism that enables local privilege escalation on Node.js installations. An attacker with low-privileged code execution can exploit this flaw to gain elevated privileges and execute arbitrary code with target user permissions. No patch is currently available for this vulnerability.

Node.js Privilege Escalation Redhat Suse
CVE-2026-0774 HIGH CVSS 8.8
WatchYourLAN's configuration page is vulnerable to argument injection through improper validation of the arpstrs parameter, enabling unauthenticated network-adjacent attackers to execute arbitrary code with service account privileges. The vulnerability stems from insufficient input sanitization before system command execution and currently lacks an available patch. An attacker on the same network can exploit this without authentication to achieve complete system compromise.

RCE
CVE-2026-0772 HIGH CVSS 7.5
Remote code execution in Langflow's disk cache service allows authenticated attackers to execute arbitrary code by exploiting improper deserialization of untrusted data. The vulnerability affects Langflow installations and requires valid authentication credentials to exploit, enabling attackers to gain code execution within the service account context. No patch is currently available.

RCE Deserialization AI / ML Langflow
CVE-2026-0771 HIGH CVSS 7.1
Langflow's PythonFunction component allows authenticated attackers with user interaction to inject and execute arbitrary Python code within application workflows, achieving remote code execution. The vulnerability affects Langflow deployments using Python-based AI/ML components, with exploitation feasibility depending on specific product configurations. No patch is currently available.

Python RCE Code Injection AI / ML Langflow
CVE-2026-0766 HIGH CVSS 8.8
Remote code execution in Open WebUI through the load_tool_module_by_id function allows authenticated attackers to execute arbitrary Python code due to insufficient input validation on user-supplied strings. An attacker with valid credentials can leverage this vulnerability to achieve code execution with service account privileges. No patch is currently available, making this a critical risk for deployed Open WebUI instances.

Python RCE Command Injection AI / ML Open Webui
CVE-2026-0765 HIGH CVSS 8.8
Remote code execution in Open WebUI's install_frontmatter_requirements function allows authenticated attackers to execute arbitrary commands on the host system by bypassing input validation in system call parameters. The vulnerability affects AI/ML deployments using Open WebUI and requires valid authentication credentials to exploit. No patch is currently available.

RCE Command Injection AI / ML Open Webui
CVE-2026-0762 HIGH CVSS 8.1
Remote code execution in GPT Academic's stream_daas function results from improper deserialization of untrusted data when communicating with external servers, allowing unauthenticated attackers to execute arbitrary code with root privileges. The vulnerability requires interaction with a malicious DAAS server and currently has no available patch. Organizations using GPT Academic should implement network controls to restrict connections to untrusted DAAS services until patching is available.

RCE Deserialization AI / ML Gpt Academic
CVE-2026-0758 HIGH CVSS 7.8
mcp-server-siri-shortcuts fails to validate the shortcutName parameter before using it in system calls, enabling local attackers with low-privileged code execution to inject arbitrary commands and escalate to service account privileges. This command injection vulnerability (CVE-2026-0758, CVSS 7.8) affects the AI/ML tool and currently lacks a patch. An attacker exploiting this flaw can execute arbitrary code with elevated privileges on the affected system.

Privilege Escalation Command Injection AI / ML
CVE-2026-0757 HIGH CVSS 8.8
MCP Manager for Claude Desktop is vulnerable to command injection through improperly validated MCP config objects, enabling remote attackers to escape the sandbox and execute arbitrary code on affected systems. The vulnerability requires user interaction such as visiting a malicious page or opening a malicious file, and currently lacks an available patch. An attacker can leverage this flaw to achieve code execution with medium integrity privileges in the context of the running process.

Command Injection AI / ML
CVE-2026-0710 HIGH CVSS 8.4
SIPp is vulnerable to a NULL pointer dereference that can be triggered by remote attackers sending malicious SIP messages during active calls, resulting in application crashes and denial of service. Under certain conditions, this vulnerability may also enable arbitrary code execution, potentially compromising system integrity and availability. No patch is currently available.

Null Pointer Dereference Denial Of Service Suse
CVE-2026-0603 HIGH CVSS 8.3
Hibernate's InlineIdsOrClauseBuilder is vulnerable to second-order SQL injection when processing non-alphanumeric characters in ID columns, allowing authenticated attackers to read sensitive data, modify database contents, or cause denial of service. The vulnerability requires low privileges and network access with no user interaction, making it exploitable by remote attackers with valid credentials. No patch is currently available.

SQLi Denial Of Service Information Disclosure Redhat
CVE-2025-71159 HIGH CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node() Previously, btrfs_get_or_create_delayed_node() set the delayed_node's refcount before acquiring the root->delayed_nodes lock. [CVSS 7.8 HIGH]

Linux Use After Free Linux Kernel Redhat Suse
CVE-2025-71157 HIGH CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ib_del_sub_device_and_put() Since nldev_deldev() (introduced by commit 060c642b2ab8 ("RDMA/nldev: Add support to add/delete a sub IB device through netlink") grabs a reference using ib_device_get_by_index() before calling ib_del_sub_device_and_put(), we need to drop that reference before returning -EOPNOTSUPP error. [CVSS 7.8 HIGH]

Linux Linux Kernel Redhat Suse
CVE-2025-71156 HIGH CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automatically enabled immediately upon request. [CVSS 7.8 HIGH]

Linux Linux Kernel Redhat Suse
CVE-2025-71155 HIGH CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmap_helper_zap_one_page() again A few checks were missing in gmap_helper_zap_one_page(), which can lead to memory corruption in the guest under specific circumstances. Add the missing checks. [CVSS 7.8 HIGH]

Linux Memory Corruption Linux Kernel Redhat Suse
CVE-2025-71152 HIGH CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense. [CVSS 7.8 HIGH]

Linux Information Disclosure Linux Kernel Redhat Suse
CVE-2025-71145 HIGH CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change fixing a device reference leak in a UDC driver introduced a potential use-after-free in the non-OF case as the isp1301_get_client() helper only increases the reference count for the returned I2C device in the OF case. [CVSS 7.8 HIGH]

Linux Use After Free Linux Kernel Redhat Suse
CVE-2025-70986 HIGH CVSS 7.5
Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data. [CVSS 7.5 HIGH]

Authentication Bypass Ruoyi
CVE-2025-69908 HIGH CVSS 7.5
An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly accessible client-side JavaScript resource. [CVSS 7.5 HIGH]

Information Disclosure Omniapp
CVE-2025-69907 HIGH CVSS 7.5
An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. [CVSS 7.5 HIGH]

Information Disclosure
CVE-2025-67847 HIGH CVSS 8.8
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. [CVSS 8.8 HIGH]

Moodle
CVE-2025-67264 HIGH CVSS 7.8
An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710 [CVSS 7.8 HIGH]

Command Injection Note59 Pro Firmware Note59 Firmware
CVE-2025-67230 HIGH CVSS 7.1
Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation. [CVSS 7.1 HIGH]

Privilege Escalation Builder
CVE-2025-66720 HIGH CVSS 7.5
Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId. [CVSS 7.5 HIGH]

Golang Null Pointer Dereference Pcf
CVE-2025-52026 HIGH CVSS 7.5
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. [CVSS 7.5 HIGH]

Information Disclosure Gemscms Backend
CVE-2025-15351 HIGH CVSS 7.8
Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. [CVSS 7.8 HIGH]

RCE Deserialization Vectorstar
CVE-2025-15350 HIGH CVSS 7.8
Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. [CVSS 7.8 HIGH]

RCE Deserialization Vectorstar
CVE-2025-15349 HIGH CVSS 7.5
Anritsu ShockLine SCPI Race Condition Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Anritsu ShockLine. [CVSS 7.5 HIGH]

RCE Race Condition Shockline
CVE-2025-15348 HIGH CVSS 7.8
Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. [CVSS 7.8 HIGH]

RCE Deserialization Shockline
CVE-2025-15062 HIGH CVSS 7.8
Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations ...

RCE Use After Free
CVE-2025-15059 HIGH CVSS 7.8
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. [CVSS 7.8 HIGH]

RCE Buffer Overflow Heap Overflow Gimp Redhat
CVE-2025-14866 HIGH CVSS 8.8
Melapress Role Editor (WordPress plugin) versions up to 1.1.1. is affected by incorrect authorization (CVSS 8.8).

WordPress Privilege Escalation PHP
CVE-2025-11002 HIGH CVSS 7.8
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. [CVSS 7.8 HIGH]

RCE Path Traversal 7 Zip Suse
CVE-2025-3839 HIGH CVSS 8.0
A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. [CVSS 8.0 HIGH]

RCE Suse
CVE-2024-11976 HIGH CVSS 7.3
The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 14.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. [CVSS 7.3 HIGH]

WordPress
CVE-2021-47904 HIGH CVSS 8.8
PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server. [CVSS 8.8 HIGH]

PHP RCE
CVE-2021-47903 HIGH CVSS 8.8
LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. [CVSS 8.8 HIGH]

RCE Path Traversal Command Injection
CVE-2021-47898 HIGH CVSS 7.8
Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access. [CVSS 7.8 HIGH]

Information Disclosure
CVE-2021-47897 HIGH CVSS 7.2
address parameter of the change_params.php script. Attackers can inject malicious JavaScript payloads is affected by cross-site scripting (xss) (CVSS 7.2).

PHP XSS
CVE-2021-47896 HIGH CVSS 7.8
pdfcDispatcher service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
CVE-2021-47895 HIGH CVSS 7.5
Nsauditor versions up to 3.2.2.0 is affected by allocation of resources without limits or throttling (CVSS 7.5).

Denial Of Service Nsauditor
CVE-2021-47894 HIGH CVSS 7.5
Managed Switch Port Mapping Tool 2.85.2 contains a denial of service vulnerability that allows attackers to crash the application by creating an oversized buffer. [CVSS 7.5 HIGH]

Snmp Denial Of Service
CVE-2021-47893 HIGH CVSS 7.5
AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. [CVSS 7.5 HIGH]

Denial Of Service
CVE-2021-47892 HIGH CVSS 7.2
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution. [CVSS 7.2 HIGH]

XSS
CVE-2021-47890 HIGH CVSS 7.8
LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to place malicious executables in intermediate directories, potentially gaining elevated system access during service startup. [CVSS 7.8 HIGH]

Information Disclosure
CVE-2021-47889 HIGH CVSS 7.8
SoftrosSpellChecker service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
CVE-2021-47888 HIGH CVSS 8.8
Textpattern versions up to 4.8.3 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

PHP RCE
CVE-2021-47881 HIGH CVSS 8.4
dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. [CVSS 8.4 HIGH]

Windows Industrial Buffer Overflow
CVE-2026-24636 MEDIUM CVSS 4.3
Improper access control in Sugar Calendar (Lite) through version 3.10.1 enables authenticated users to access calendar data and functionality beyond their authorized permission level. An attacker with valid login credentials can exploit misconfigured access controls to view sensitive information from other users' calendars. No patch is currently available for this vulnerability.

Authentication Bypass
CVE-2026-24634 MEDIUM CVSS 5.3
Rustaurius Ultimate Reviews ultimate-reviews is affected by authorization bypass through user-controlled key (CVSS 5.3).

Authentication Bypass
CVE-2026-24633 MEDIUM CVSS 5.3
The Add Expires Headers & Optimized Minify plugin through version 3.1.0 contains a missing authorization flaw that permits unauthenticated attackers to bypass access control restrictions and read sensitive information. This vulnerability affects all installations of the plugin up to the patched version and could allow attackers to view confidential data through network access without authentication. No patch is currently available for this vulnerability.

Authentication Bypass
CVE-2026-24632 MEDIUM CVSS 5.9
DOM-based cross-site scripting (XSS) in the Delay Redirects browser extension through version 1.0.0 enables attackers to inject malicious scripts that execute in users' browsers. An attacker can exploit this vulnerability to steal sensitive data, session cookies, or perform actions on behalf of affected users. No patch is currently available for this vulnerability.

XSS
CVE-2026-24631 MEDIUM CVSS 5.4
Mikado-Themes Rosebud rosebud is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
CVE-2026-24630 MEDIUM CVSS 6.5
Design Stylish Cost Calculator stylish-cost-calculator is affected by cross-site scripting (xss) (CVSS 6.5).

XSS
CVE-2026-24629 MEDIUM CVSS 5.9
Stored cross-site scripting in Ability Inc's Web Accessibility with Max Access toolbar (versions through 2.1.0) enables authenticated users with high privileges to inject malicious scripts that execute in other users' browsers. An attacker with administrative access could manipulate the toolbar to store XSS payloads that compromise confidentiality, integrity, and availability of the affected web application. No patch is currently available for this vulnerability.

XSS
CVE-2026-24627 MEDIUM CVSS 4.3
The Trusona WordPress plugin version 2.0.0 and earlier contains an authorization bypass that allows authenticated attackers to exploit misconfigured access controls and gain unauthorized information disclosure. An attacker with valid WordPress credentials could leverage this vulnerability to access sensitive data they should not have permission to view. No patch is currently available for this vulnerability.

WordPress
CVE-2026-24626 MEDIUM CVSS 5.9
Stored cross-site scripting in LogicHunt Logo Slider WordPress plugin versions up to 4.9.0 enables authenticated attackers with high privileges to inject malicious scripts that execute in other users' browsers. An attacker could leverage this to steal session tokens, deface content, or perform actions on behalf of affected users. No patch is currently available.

Golang XSS
CVE-2026-24625 MEDIUM CVSS 5.3
Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads is affected by missing authorization (CVSS 5.3).

WordPress
CVE-2026-24623 MEDIUM CVSS 6.5
Reflected cross-site scripting (XSS) in Neoforum version 1.0 and earlier allows authenticated attackers to inject malicious scripts that execute in users' browsers when they interact with crafted links, potentially leading to session hijacking or credential theft. The vulnerability requires user interaction and authenticated access, limiting its immediate impact but still posing a risk in multi-user forum environments. No patch is currently available.

XSS
CVE-2026-24622 MEDIUM CVSS 5.4
Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit is affected by missing authorization (CVSS 5.4).

Authentication Bypass
CVE-2026-24621 MEDIUM CVSS 4.8
Vladimir Statsenko Terms descriptions terms-descriptions is affected by cross-site scripting (xss) (CVSS 4.8).

XSS
CVE-2026-24620 MEDIUM CVSS 5.9
PluginOps Landing Page Builder page-builder-add is affected by cross-site scripting (xss) (CVSS 5.9).

XSS
CVE-2026-24619 MEDIUM CVSS 5.3
PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool is affected by missing authorization (CVSS 5.3).

Dotnet
CVE-2026-24617 MEDIUM CVSS 6.5
Stored XSS in Easy Modal WordPress plugin through version 2.1.0 enables authenticated attackers to inject malicious scripts that execute in the browsers of other users. An attacker with login credentials can store arbitrary JavaScript through improper input validation, affecting all visitors who view the compromised content. No patch is currently available to remediate this vulnerability.

XSS
CVE-2026-24616 MEDIUM CVSS 6.5
Damian WP Popups plugin for WordPress versions up to 2.2.0.3 contains an authorization bypass that allows authenticated users to access sensitive information through improperly configured access controls. An attacker with low-privilege WordPress credentials could exploit this to read confidential data without proper authorization. No patch is currently available for this vulnerability.

Authentication Bypass
CVE-2026-24615 MEDIUM CVSS 5.3
Cream Magazine versions up to 2.1.10 contain an authorization bypass vulnerability that allows unauthenticated remote attackers to access restricted functionality through misconfigured access control settings. The vulnerability exposes sensitive information with no authentication or user interaction required, affecting all installations running the vulnerable versions. No patch is currently available for this issue.

Authentication Bypass
CVE-2026-24614 MEDIUM CVSS 5.9
Devsbrain Flex QR Code Generator flex-qr-code-generator is affected by cross-site scripting (xss) (CVSS 5.9).

XSS
CVE-2026-24613 MEDIUM CVSS 5.3
Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart is affected by missing authorization (CVSS 5.3).

Authentication Bypass
CVE-2026-24612 MEDIUM CVSS 5.3
Orchid Store versions up to 1.5.15 contain an authorization bypass that allows unauthenticated remote attackers to access sensitive information due to improperly configured access controls. This vulnerability enables unauthorized users to read restricted data without requiring authentication or user interaction. No patch is currently available.

Authentication Bypass
CVE-2026-24607 MEDIUM CVSS 5.3
Unauthorized access in Travel Monster WordPress plugin versions up to 1.3.3 results from improper access control configuration, allowing unauthenticated attackers to gain limited information disclosure. The vulnerability affects all installations of the affected plugin versions and currently has no available patch.

Authentication Bypass
CVE-2026-24606 MEDIUM CVSS 5.3
The Bayarcash WooCommerce plugin for WordPress (versions up to 4.3.11) contains an authorization bypass that allows unauthenticated attackers to exploit misconfigured access controls and gain unauthorized information disclosure. An attacker can leverage this missing authorization check over the network without authentication to access sensitive data. This vulnerability affects WordPress installations using the vulnerable plugin versions and has a CVSS score of 5.3.

WordPress Authentication Bypass
CVE-2026-24605 MEDIUM CVSS 4.3
Inadequate access control in X Addons for Elementor up to version 1.0.23 permits authenticated users to bypass authorization checks and access restricted functionality. An attacker with valid credentials can exploit misconfigured security levels to gain unauthorized access to sensitive features or data. No patch is currently available for this vulnerability.

Authentication Bypass
CVE-2026-24604 MEDIUM CVSS 5.3
themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance is affected by missing authorization (CVSS 5.3).

Authentication Bypass
CVE-2026-24603 MEDIUM CVSS 5.3
themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager is affected by missing authorization (CVSS 5.3).
CVE-2026-24601 MEDIUM CVSS 5.4
Stored XSS in Penci Pay Writer versions up to 1.5 allows authenticated attackers to inject malicious scripts that execute in other users' browsers, potentially compromising sensitive data or session information. The vulnerability stems from insufficient input validation during web page generation and requires user interaction to trigger. No patch is currently available for this vulnerability.

XSS
CVE-2026-24600 MEDIUM CVSS 5.4
Stored cross-site scripting in PenciDesign Penci Review through version 3.5 enables authenticated attackers to inject malicious scripts that execute in other users' browsers, potentially compromising user sessions and data. The vulnerability requires user interaction to trigger and affects the web application's page generation functionality. No patch is currently available.

XSS
CVE-2026-24599 MEDIUM CVSS 5.3
XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite is affected by authorization bypass through user-controlled key (CVSS 5.3).

Authentication Bypass
CVE-2026-24598 MEDIUM CVSS 4.3
bestwebsoft Multilanguage by BestWebSoft multilanguage is affected by missing authorization (CVSS 4.3).

Authentication Bypass
CVE-2026-24596 MEDIUM CVSS 4.7
marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails is affected by cross-site request forgery (csrf) (CVSS 4.7).

WordPress CSRF
CVE-2026-24595 MEDIUM CVSS 5.4
Zoho CRM Lead Magnet versions up to 1.8.1.5 suffer from improper access control that allows authenticated users to perform unauthorized actions on resources they should not have access to. An attacker with valid credentials could exploit misconfigured security levels to read or modify sensitive lead data without proper authorization. No patch is currently available for this medium-severity vulnerability.

Authentication Bypass
CVE-2026-24594 MEDIUM CVSS 4.8
livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer is affected by cross-site scripting (xss) (CVSS 4.8).

XSS
CVE-2026-24593 MEDIUM CVSS 5.3
Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin contains a security vulnerability (CVSS 5.3).

WordPress
CVE-2026-24591 MEDIUM CVSS 5.4
yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion is affected by cross-site scripting (xss) (CVSS 5.4).

XSS
CVE-2026-24589 MEDIUM CVSS 5.3
Cargus eCommerce versions 1.5.8 and earlier expose sensitive data in outbound communications due to improper information handling, allowing remote unauthenticated attackers to retrieve embedded sensitive information. The vulnerability requires no user interaction and carries a CVSS score of 5.3, though no patch is currently available.

Information Disclosure
CVE-2026-24588 MEDIUM CVSS 4.3
Authenticated users can bypass access controls in topdevs Smart Product Viewer through version 1.5.4 to access resources they should not have permission to view. This missing authorization check allows low-privileged attackers to gain unauthorized read access to sensitive information without requiring any user interaction. No patch is currently available for this vulnerability.

Authentication Bypass
CVE-2026-24587 MEDIUM CVSS 5.4
The AJAX Hits Counter + Popular Posts Widget plugin through version 0.10.210305 contains an authorization bypass flaw that allows authenticated attackers to exploit misconfigured access controls and gain unauthorized access to sensitive functionality. An attacker with low-level credentials can perform actions beyond their assigned permissions without user interaction. No patch is currently available for this vulnerability.

Authentication Bypass
CVE-2026-24585 MEDIUM CVSS 6.5
Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration is affected by missing authorization (CVSS 6.5).

WordPress
CVE-2026-24584 MEDIUM CVSS 5.9
Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration is affected by cross-site scripting (xss) (CVSS 5.9).

XSS
CVE-2026-24583 MEDIUM CVSS 5.3
sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce is affected by missing authorization (CVSS 5.3).

WordPress
CVE-2026-24581 MEDIUM CVSS 5.4
WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce is affected by missing authorization (CVSS 5.4).

WordPress
CVE-2026-24580 MEDIUM CVSS 4.3
Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart is affected by missing authorization (CVSS 4.3).

Authentication Bypass
CVE-2026-24579 MEDIUM CVSS 4.3
WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp is affected by missing authorization (CVSS 4.3).

Authentication Bypass WordPress AI / ML
CVE-2026-24578 MEDIUM CVSS 4.3
Jahid Hasan Admin login URL Change admin-login-url-change is affected by missing authorization (CVSS 4.3).

Authentication Bypass
CVE-2026-24577 MEDIUM CVSS 5.3
Genetech Products Pie Register through version 3.8.4.7 contains an authorization bypass that allows unauthenticated remote attackers to access sensitive information due to improperly configured access controls. The vulnerability enables information disclosure without requiring user interaction or special network conditions. No patch is currently available for this medium-severity issue.

Authentication Bypass
CVE-2026-24576 MEDIUM CVSS 5.4
COP UX Flat through version 5.4.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into web pages, affecting all users who view the compromised content. An attacker with user-level access can craft malicious input that persists in the application and executes in victims' browsers, potentially leading to session hijacking, credential theft, or unauthorized actions. No patch is currently available for this vulnerability.

XSS
CVE-2026-24571 MEDIUM CVSS 4.3
Improper access control in BOX NOW Delivery versions up to 3.0.2 enables authenticated attackers to read sensitive information by bypassing authorization checks. An attacker with valid credentials could exploit misconfigured security levels to access data they are not authorized to view, resulting in confidential information disclosure.

Authentication Bypass
CVE-2026-24570 MEDIUM CVSS 5.4
Edwiser Bridge versions 4.3.2 and earlier contain an access control flaw that allows authenticated users to perform unauthorized actions due to improperly configured security levels. An attacker with valid credentials could exploit this vulnerability to gain unintended access to sensitive functions or data. No patch is currently available for this MEDIUM severity vulnerability.

Authentication Bypass
CVE-2026-24569 MEDIUM CVSS 4.3
Sully Media Library File Size media-library-file-size is affected by missing authorization (CVSS 4.3).

Authentication Bypass
CVE-2026-24568 MEDIUM CVSS 5.3
WP Travel plugin versions 11.0.0 and earlier contain an access control bypass that allows unauthenticated remote attackers to view sensitive information due to improperly configured authorization checks. An attacker can exploit this vulnerability to access restricted data without proper credentials. A patch is not currently available for affected WordPress installations.

Authentication Bypass
CVE-2026-24567 MEDIUM CVSS 4.3
briarinc Anything Order by Terms anything-order-by-terms is affected by missing authorization (CVSS 4.3).

Authentication Bypass
CVE-2026-24566 MEDIUM CVSS 6.5
iNET Webkit through version 1.2.4 contains a missing authorization control vulnerability that allows authenticated users to bypass access control restrictions and gain unauthorized read access to sensitive information. An attacker with valid credentials could exploit improperly configured security levels to access data they should not have permission to view. No patch is currently available for this vulnerability.
CVE-2026-24565 MEDIUM CVSS 6.5
The B Accordion WordPress plugin through version 2.0.0 exposes sensitive data in transmitted communications due to improper handling of embedded information. An authenticated attacker can intercept and retrieve this sensitive data, potentially compromising confidential information. No patch is currently available for this vulnerability.

Information Disclosure
CVE-2026-24564 MEDIUM CVSS 4.3
Improper HTML tag sanitization in Israpil Textmetrics webtexttool versions up to 3.6.3 enables stored XSS attacks that allow authenticated users with high privileges to inject malicious scripts and compromise data confidentiality and integrity. An attacker with administrative access could inject code through web forms that executes in other users' browsers, potentially leading to session hijacking or credential theft. No patch is currently available for affected industrial deployments.

XSS
CVE-2026-24563 MEDIUM CVSS 4.3
LifePress through version 2.1.3 contains an authorization bypass that allows authenticated users to access resources beyond their assigned permission levels. An attacker with valid credentials can exploit misconfigured access controls to read sensitive information they should not have access to. No patch is currently available for this vulnerability.

Authentication Bypass
CVE-2026-24562 MEDIUM CVSS 5.3
The Ryviu product reviews plugin for WordPress versions 3.1.26 and earlier contains an authorization bypass vulnerability that allows unauthenticated attackers to modify data due to improperly configured access controls. This could enable attackers to manipulate product reviews or other protected functionality without proper authentication. No patch is currently available for this vulnerability.

WordPress
CVE-2026-24561 MEDIUM CVSS 5.4
Improper access control in FluentBoards through version 1.91.1 allows authenticated users to bypass authorization checks and gain unauthorized access to restricted resources. An attacker with valid credentials could exploit misconfigured security levels to view or modify data they should not have permission to access. No patch is currently available for this vulnerability.

Authentication Bypass
CVE-2026-24560 MEDIUM CVSS 5.4
Cloudinary Cloudinary cloudinary-image-management-and-manipulation-in-the-cloud-cdn is affected by missing authorization (CVSS 5.4).

Authentication Bypass
CVE-2026-24559 MEDIUM CVSS 5.4
CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot contains a security vulnerability (CVSS 5.4).

Information Disclosure
CVE-2026-24558 MEDIUM CVSS 5.4
Stored XSS in ABG Rich Pins version 1.1 and earlier permits authenticated users to inject malicious scripts that execute in other users' browsers when viewing affected pages. An attacker with plugin access could deface content or steal session data from site visitors. No patch is currently available for this vulnerability.

XSS
CVE-2026-24557 MEDIUM CVSS 5.3
WEN Solutions Contact Form 7 GetResponse Extension contact-form-7-getresponse-extension contains a security vulnerability (CVSS 5.3).

Information Disclosure
CVE-2026-24556 MEDIUM CVSS 5.3
Missing authorization controls in ElementCamp plugin versions through 2.3.2 permit unauthenticated attackers to bypass access restrictions and gain unauthorized access to sensitive functionality. The improper access control implementation allows remote exploitation without authentication or user interaction, potentially exposing protected features and data to unauthorized users. No patch is currently available.

Authentication Bypass
CVE-2026-24555 MEDIUM CVSS 6.1
Stored cross-site scripting in ArtPlacer Widget versions 2.23.1 and earlier enables attackers to inject malicious scripts that execute in users' browsers when viewing affected web pages. An unauthenticated attacker can exploit improper input validation during web page generation to compromise user sessions and steal sensitive data. No patch is currently available for this vulnerability.

XSS
CVE-2026-24553 MEDIUM CVSS 4.3
Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers contains a security vulnerability (CVSS 4.3).

WordPress Information Disclosure
CVE-2026-24551 MEDIUM CVSS 5.4
The Monetag Official Plugin for WordPress versions up to 1.1.3 contains an authorization bypass that allows authenticated attackers to exploit misconfigured access controls and gain unauthorized access to sensitive functionality. An attacker with low-level user privileges can bypass permission checks to read or modify restricted data without proper authorization. No patch is currently available for this vulnerability.

Authentication Bypass
CVE-2026-24550 MEDIUM CVSS 5.4
Stored Cross-Site Scripting (XSS) in Kaira Blockons versions up to 1.2.15 enables authenticated attackers to inject malicious scripts that execute in other users' browsers, potentially compromising session tokens or performing actions on their behalf. The vulnerability requires user interaction to trigger and has limited scope, but impacts both confidentiality and integrity. No patch is currently available.

XSS
CVE-2026-24549 MEDIUM CVSS 4.3
GeoDirectory versions before 2.8.150 are vulnerable to cross-site request forgery attacks that could allow an attacker to perform unauthorized actions on behalf of authenticated users. The vulnerability requires user interaction to exploit and can result in integrity violations, though no patch is currently available.

CSRF
CVE-2026-24548 MEDIUM CVSS 5.3
Prince Radio Player versions 2.0.91 and earlier are vulnerable to Server-Side Request Forgery (SSRF), enabling unauthenticated remote attackers to make arbitrary requests from the affected server. This could allow attackers to access internal resources, scan internal networks, or interact with backend services that should not be directly accessible.

SSRF
CVE-2026-24544 MEDIUM CVSS 4.3
Harmonic Design HD Quiz versions up to 2.0.9 contain an access control vulnerability that allows authenticated users to read sensitive information by exploiting misconfigured security levels. An attacker with valid credentials can bypass authorization checks to access data they should not have permission to view. No patch is currently available for this issue.

Authentication Bypass
CVE-2026-24543 MEDIUM CVSS 4.3
Horea Radu Materialis Companion materialis-companion is affected by missing authorization (CVSS 4.3).

Authentication Bypass
CVE-2026-24542 MEDIUM CVSS 4.3
John James Jacoby WP Term Order wp-term-order is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF
CVE-2026-24541 MEDIUM CVSS 5.3
Download After Email versions 2.1.9 and earlier contain a missing authorization vulnerability that allows unauthenticated remote attackers to bypass access control restrictions and gain unauthorized access to sensitive functionality. The vulnerability stems from improper validation of user permissions, enabling attackers on the network to read restricted information without authentication. No patch is currently available for this issue.

Authentication Bypass
CVE-2026-24540 MEDIUM CVSS 5.4
Prince Integrate Google Drive integrate-google-drive is affected by missing authorization (CVSS 5.4).

Google Authentication Bypass
CVE-2026-24539 MEDIUM CVSS 5.3
ABCdatos Protección de datos – RGPD plugin version 0.68 and earlier contains a missing authorization vulnerability that allows unauthenticated remote attackers to bypass access controls and gain unauthorized information disclosure. The misconfigured access control security levels permit exploitation without authentication or user interaction, affecting all users of the vulnerable plugin versions. No patch is currently available for this vulnerability.

Authentication Bypass
CVE-2026-24535 MEDIUM CVSS 4.3
webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos is affected by missing authorization (CVSS 4.3).
CVE-2026-24530 MEDIUM CVSS 5.3
sheepfish WebP Conversion version 2.1 and earlier contains an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data through improperly configured access controls. The vulnerability affects the webp-conversion component and has a low exploitability score with no patch currently available.

Authentication Bypass
CVE-2026-24529 MEDIUM CVSS 5.3
Alejandro Quick Restaurant Reservations quick-restaurant-reservations is affected by missing authorization (CVSS 5.3).

Authentication Bypass
CVE-2026-24528 MEDIUM CVSS 6.5
DOM-based cross-site scripting in pixelgrade Nova Blocks through version 2.1.9 enables authenticated attackers to inject malicious scripts that execute in users' browsers with limited privileges. An attacker with valid credentials can craft requests to manipulate the page generation process, potentially compromising confidentiality, integrity, and availability across different security contexts. No patch is currently available for this vulnerability.

XSS
CVE-2026-24526 MEDIUM CVSS 6.5
The Email Inquiry & Cart Options for WooCommerce plugin through version 3.4.3 contains a DOM-based cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting improper input neutralization. An attacker with user-level access can craft requests that execute arbitrary JavaScript in victims' browsers, potentially compromising user sessions or stealing sensitive data. No patch is currently available for this vulnerability.

WordPress XSS
CVE-2026-24525 MEDIUM CVSS 5.3
CloudPanel CLP Varnish Cache versions 1.0.2 and earlier contain a missing authorization vulnerability that allows unauthenticated remote attackers to modify cache content through improperly configured access controls. This could enable cache poisoning attacks or manipulation of cached responses affecting all users accessing the affected service.

Authentication Bypass
CVE-2026-24522 MEDIUM CVSS 4.3
Insufficient access control in MyThemeShop WP Subscribe plugin through version 1.2.16 allows authenticated attackers to bypass authorization checks and gain unauthorized access to sensitive information. An attacker with a user account can exploit misconfigured security levels to view data they should not have permission to access. No patch is currently available.

WordPress
CVE-2026-24521 MEDIUM CVSS 4.3
Timur Kamaev Kama Thumbnail kama-thumbnail is affected by cross-site request forgery (csrf) (CVSS 4.3).

CSRF
CVE-2026-24137 MEDIUM CVSS 5.8
The Golang sigstore framework versions 1.10.3 and below fail to validate cache directory paths in the legacy TUF client, allowing a malicious TUF repository to overwrite arbitrary files on disk within the calling process's permission scope. This impacts direct users of the TUF client in sigstore/sigstore and older Cosign versions, though public Sigstore deployments are protected by metadata validation from trusted collaborators. No patch is currently available for this medium-severity path traversal vulnerability.

Golang Github Redhat Suse
CVE-2026-24127 MEDIUM CVSS 5.4
Reflected XSS in Typemill's login error page allows unauthenticated attackers to inject malicious scripts by crafting requests with specially formatted usernames, since the username parameter lacks proper encoding when displayed after failed authentication attempts. Typemill versions 2.19.1 and below are affected, and public exploit code exists for this vulnerability. Version 2.19.2 contains the fix.

XSS Typemill
CVE-2026-22994 MEDIUM CVSS 5.5
A reference count leak in the Linux kernel's bpf_prog_test_run_xdp() function allows local users to cause a denial of service by preventing network device cleanup and exhausting system resources. The vulnerability stems from a missing cleanup call in the error handling path that fails to release a reference obtained during XDP metadata conversion. A local attacker with user privileges can trigger this leak to hang network device unregistration operations.

Linux Linux Kernel Redhat Suse
CVE-2026-22993 MEDIUM CVSS 5.5
The Linux kernel's idpf driver contains a NULL pointer dereference in its RSS LUT handling that can be triggered when ethtool commands access the RSS lookup table immediately after a soft reset. Local users with standard privileges can crash the system by performing queue count changes followed by ethtool operations on the affected network interface. A patch is available to properly manage RSS LUT state during soft resets based on queue count changes.

Linux Null Pointer Dereference Denial Of Service Redhat Suse
CVE-2026-22992 MEDIUM CVSS 5.5
The Linux kernel's Ceph authentication handler fails to properly propagate errors from mon_handle_auth_done(), allowing the msgr2 protocol to proceed with session establishment even when authentication fails in secure mode. This can trigger a NULL pointer dereference in prepare_auth_signature(), causing a denial of service on systems using Ceph for storage or communication. Local attackers with privileges to interact with Ceph authentication can crash the kernel or cause system instability.

Linux React Null Pointer Dereference Linux Kernel Redhat
CVE-2026-22991 MEDIUM CVSS 5.5
A null pointer dereference vulnerability in the Linux kernel's libceph library occurs when free_choose_arg_map() is called after a partial memory allocation failure, allowing a local attacker with low privileges to cause a denial of service. The vulnerability exists because the function does not validate pointers before dereferencing them during cleanup operations. A patch is available to add proper pointer checks and make the cleanup routine resilient to incomplete allocations.

Linux Null Pointer Dereference Linux Kernel Redhat Suse
CVE-2026-22990 MEDIUM CVSS 5.5
A local privileged user can trigger a kernel panic in the Linux kernel's Ceph client by providing a maliciously corrupted incremental osdmap with an unexpected epoch value, causing a denial of service. The vulnerability stems from overzealous assertion logic that should instead gracefully reject invalid osdmap data. A patch is available to replace the fatal BUG_ON check with proper validation.

Linux Linux Kernel Redhat Suse
CVE-2026-22989 MEDIUM CVSS 5.5
The Linux kernel nfsd subsystem crashes when attempting to unlock a filesystem via administrative interface while the nfsd service is not running, as the unlock operation accesses freed state structures. A local user with administrative privileges can trigger a denial of service by attempting filesystem unlock operations against a stopped nfsd server.

Linux Denial Of Service Linux Kernel Redhat Suse
CVE-2026-22988 MEDIUM CVSS 5.5
Linux kernel ARP implementation incorrectly assumes that dev_hard_header() does not modify the SKB header structure, leading to potential denial of service when the function pointer is changed. A local user with standard privileges can trigger a system crash or hang by exploiting this unsafe memory assumption during ARP packet creation. A patch is available to properly reinitialize the ARP pointer after the dev_hard_header() call.

Linux Linux Kernel Redhat Suse
CVE-2026-22987 MEDIUM CVSS 5.5
A null pointer dereference in the Linux kernel's traffic control action module (act_api) causes a denial of service during network namespace teardown when invalid error pointers are dereferenced. A local attacker with low privileges can trigger this crash by manipulating tc actions during system shutdown or container termination. A patch is available to guard against ERR_PTR entries during action cleanup.

Linux Denial Of Service Linux Kernel Redhat Suse
CVE-2026-22986 MEDIUM CVSS 4.7
A race condition in the Linux kernel's gpiolib subsystem allows local attackers with privileges to cause a kernel crash by exploiting unprotected access to uninitialized SRCU synchronization structures during concurrent gpiochip driver initialization. An attacker can trigger this vulnerability by causing multiple drivers to call gpiochip_add_data_with_key() simultaneously, resulting in a kernel page fault and denial of service.

Linux Denial Of Service Race Condition Linux Kernel Redhat
CVE-2026-22985 MEDIUM CVSS 5.5
The Linux kernel's idpf driver crashes with a NULL pointer dereference when ethtool RSS operations are performed before the network interface is brought up, affecting systems using this driver. A local attacker with unprivileged user access can trigger a denial of service by executing RSS configuration commands on a down interface. The vulnerability is resolved by initializing the RSS lookup table during vport creation rather than at interface startup.

Linux Null Pointer Dereference Denial Of Service Redhat Suse
CVE-2026-22983 MEDIUM CVSS 5.5
The Linux kernel's network stack contains a null pointer dereference vulnerability in message handling that could cause a denial of service when the msg_get_inq field is improperly written by the callee function. Local attackers with basic privileges can trigger this condition by reusing kernel-internal msghdr structures, resulting in system crashes or service interruption. A patch is available to prevent writes to this input field and eliminate the unsafe branching logic.

Linux Null Pointer Dereference Linux Kernel Redhat Suse
CVE-2026-22982 MEDIUM CVSS 5.5
The ocelot network driver in the Linux kernel is susceptible to a null pointer dereference crash when adding a network interface under a link aggregation group, affecting systems using the ocelot_vsc7514 frontend. A local attacker with unprivileged access can trigger this denial of service condition by performing specific network interface configuration operations. A patch is available that adds proper pointer validation before accessing port structures.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Redhat
CVE-2026-22981 MEDIUM CVSS 5.5
A null pointer dereference in the Linux kernel's idpf driver allows local attackers with user privileges to cause a denial of service by triggering improper netdevice state management during reset operations. The vulnerability occurs when the driver fails to properly detach and close network devices before deallocating vport resources, leaving pointers unprotected from concurrent callback access. A patch is available to resolve this issue by implementing proper device state synchronization during reset handling.

Linux Null Pointer Dereference Denial Of Service Redhat Suse
CVE-2026-22979 MEDIUM CVSS 5.5
A memory leak in the Linux kernel's skb_segment_list() function affects GRO packet processing and can cause denial of service through kernel memory exhaustion when processing forwarded packets. Local attackers with unprivileged access can trigger this vulnerability through crafted network traffic to exhaust available memory. A patch is available to resolve the improper memory accounting between parent and child socket buffers.

Linux Linux Kernel Redhat Suse
CVE-2026-22276 MEDIUM CVSS 5.5
Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext storage of sensitive information (CVSS 5.5).

Information Disclosure Objectscale Elastic Cloud Storage
CVE-2026-22275 MEDIUM CVSS 4.4
Elastic Cloud Storage versions up to 3.8.1.7 is affected by inclusion of sensitive information in source code (CVSS 4.4).

Information Disclosure Objectscale Elastic Cloud Storage
CVE-2026-22274 MEDIUM CVSS 6.5
Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext transmission of sensitive information (CVSS 6.5).

Information Disclosure Dell Objectscale Elastic Cloud Storage
CVE-2026-1386 MEDIUM CVSS 6.0
Firecracker contains a vulnerability that allows attackers to a local host user with write access to the pre-created jailer directories to ove (CVSS 6.0).

Linux Firecracker Redhat Suse
CVE-2026-0927 MEDIUM CVSS 5.3
Unauthenticated attackers can upload arbitrary files through the KiviCare plugin for WordPress versions up to 3.6.15 due to missing authorization checks in the file upload function. This allows adversaries to host malicious content, phishing pages, or other attack payloads on vulnerable sites without authentication. No patch is currently available for this medium-severity vulnerability.

WordPress
CVE-2026-0914 MEDIUM CVSS 6.4
Stored cross-site scripting in the WP DSGVO Tools WordPress plugin through version 3.1.36 allows authenticated contributors and higher-privileged users to inject malicious scripts into pages via the 'lw_content_block' shortcode due to improper input sanitization. When visitors access affected pages, the injected scripts execute in their browsers, potentially compromising user sessions or stealing sensitive data. No patch is currently available for this vulnerability.

WordPress XSS
CVE-2026-0788 MEDIUM CVSS 6.1
8180 Ip Audio Alerter Firmware versions up to 5.5 is affected by cross-site scripting (xss) (CVSS 6.1).

Golang XSS 8180 Ip Audio Alerter Firmware
CVE-2026-0767 MEDIUM CVSS 6.5
Open WebUI transmits authentication credentials in cleartext over the network, enabling adjacent attackers to intercept and obtain sensitive information without authentication. This information disclosure vulnerability can facilitate unauthorized access and further compromise of affected systems. No patch is currently available.

Information Disclosure Open Webui
CVE-2025-71177 MEDIUM CVSS 5.4
LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. [CVSS 5.4 MEDIUM]

XSS Lavalite
CVE-2025-71161 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. [CVSS 5.5 MEDIUM]

Linux Redhat Information Disclosure Linux Kernel Suse
CVE-2025-71160 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: avoid chain re-validation if possible Hamza Mahfooz reports cpu soft lock-ups in nft_chain_validate(): watchdog: BUG: soft lockup - CPU#1 stuck for 27s! [CVSS 5.5 MEDIUM]

Linux Linux Kernel Redhat Suse
CVE-2025-71158 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: ensure worker is torn down When an IRQ worker is running, unplugging the device would cause a crash. The sealevel hardware this driver was written for was not hotpluggable, so I never realized it. [CVSS 5.5 MEDIUM]

Linux Denial Of Service Linux Kernel Redhat Suse
CVE-2025-71154 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usb_submit_urb() failure In async_set_registers(), when usb_submit_urb() fails, the allocated async_req structure and URB are not freed, causing a memory leak. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Redhat Suse
CVE-2025-71153 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in get_file_all_info() In get_file_all_info(), if vfs_getattr() fails, the function returns immediately without freeing the allocated filename, leading to a memory leak. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Redhat Suse
CVE-2025-71151 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Redhat Suse
CVE-2025-71150 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2_SESSION_VALID, It indicates that no valid session was found, but it is missing to decrement the reference count acquired by the session lookup, which results in a reference count leak. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Redhat Suse
CVE-2025-71149 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: correctly handle io_poll_add() return value on update When the core of io_uring was updated to handle completions consistently and with fixed return codes, the POLL_REMOVE opcode with updates got slightly broken. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Redhat Suse
CVE-2025-71147 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2_load_cmd 'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Redhat Suse
CVE-2025-71146 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: fix leaked ct in error paths There are some situations where ct might be leaked as error paths are skipping the refcounted check and return immediately. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Redhat Suse
CVE-2025-70458 MEDIUM CVSS 5.4
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. [CVSS 5.4 MEDIUM]

XSS Domain Availability Checker
CVE-2025-67231 MEDIUM CVSS 5.9
A reflected cross-site scripting (XSS) vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload. [CVSS 5.9 MEDIUM]

XSS Builder
CVE-2025-67125 MEDIUM CVSS 4.4
A signed integer overflow in docopt.cpp v0.6.2 (LeafPattern::match in docopt_private.h) when merging occurrence counters (e.g., default LONG_MAX + first user "-v/--verbose") can cause counter wrap (negative/unbounded semantics) and lead to logic/policy bypass in applications that rely on occurrence-based limits, rate-gating, or safety toggles. [CVSS 4.4 MEDIUM]

Integer Overflow Docopt.Cpp
CVE-2025-67124 MEDIUM CVSS 6.8
Miniserve versions up to 0.32.0 is affected by improper link resolution before file access (CVSS 6.8).

Race Condition Miniserve
CVE-2025-52023 MEDIUM CVSS 5.3
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. [CVSS 5.3 MEDIUM]

PHP Information Disclosure Gemscms Backend
CVE-2025-52022 MEDIUM CVSS 5.3
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. [CVSS 5.3 MEDIUM]

PHP Information Disclosure Gemscms Backend
CVE-2025-46699 MEDIUM CVSS 4.3
Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. [CVSS 4.3 MEDIUM]

Information Disclosure Data Protection Advisor
CVE-2025-15522 MEDIUM CVSS 6.4
The Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automator_discord_user_mapping shortcode in all versions up to, and including, 6.10.0.2 due to insufficient input sanitization and output escaping on the verified_message parameter. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14947 MEDIUM CVSS 6.5
The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_callback_create_bunny_stream_video`, `ajax_callback_get_bunny_stream_video`, and `ajax_callback_delete_bunny_stream_video` functions in all versions up to, and including, 4.6.4. [CVSS 6.5 MEDIUM]

WordPress PHP
CVE-2025-14745 MEDIUM CVSS 6.4
The RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-14069 MEDIUM CVSS 6.4
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswp_custom_schema_field' profile field in all versions up to, and including, 1.54 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-13921 MEDIUM CVSS 4.3
The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocs_user_documentation_handling_capabilities' function in all versions up to, and including, 2.1.16. [CVSS 4.3 MEDIUM]

WordPress AI / ML PHP
CVE-2025-9290 MEDIUM CVSS 5.9
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values.

Information Disclosure Eap100 Bridge Kit Firmware Er605 Firmware Eap723 Firmware Eap215 Bridge Kit Firmware
CVE-2025-2204 MEDIUM CVSS 4.7
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting (XSS).This issue affects Tap&Sign: through 23012026. [CVSS 4.7 MEDIUM]

XSS
CVE-2021-47906 MEDIUM CVSS 6.4
BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. [CVSS 6.4 MEDIUM]

XSS
CVE-2021-47905 MEDIUM CVSS 5.1
account deletion reason input field. Attackers can inject malicious scripts is affected by cross-site scripting (xss) (CVSS 6.1).

XSS
CVE-2021-47899 MEDIUM CVSS 4.0
YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. [CVSS 4.0 MEDIUM]

SSRF
CVE-2018-25132 MEDIUM CVSS 5.1
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget. [CVSS 6.1 MEDIUM]

XSS
CVE-2018-25116 MEDIUM CVSS 5.1
custom text input field for thread redirects. Attackers can inject malicious SVG scripts is affected by cross-site scripting (xss) (CVSS 6.1).

XSS
CVE-2026-24515 LOW CVSS 2.9
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. [CVSS 2.9 LOW]

Denial Of Service
CVE-2026-22978 LOW CVSS 3.3
In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iw_point struct iw_point has a 32bit hole on 64bit arches. [CVSS 3.3 LOW]

Linux Linux Kernel
CVE-2026-1299 None
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

Code Injection
CVE-2025-71148 LOW CVSS 3.3
In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshake_req_submit() replaces sk->sk_destruct but never restores it when submission fails before the request is hashed. [CVSS 3.3 LOW]

Linux Linux Kernel
CVE-2025-12780 None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure

Today's Vulnerabilities Vulnerabilities