Skip to main content
CVE-2026-24596 MEDIUM This Month

marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails is affected by cross-site request forgery (csrf) (CVSS 4.7).

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24549 MEDIUM This Month

GeoDirectory versions before 2.8.150 are vulnerable to cross-site request forgery attacks that could allow an attacker to perform unauthorized actions on behalf of authenticated users. The vulnerability requires user interaction to exploit and can result in integrity violations, though no patch is currently available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24542 MEDIUM This Month

John James Jacoby WP Term Order wp-term-order is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22978 LOW PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iw_point struct iw_point has a 32bit hole on 64bit arches. [CVSS 3.3 LOW]

Linux Linux Kernel
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-71148 LOW PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshake_req_submit() replaces sk->sk_destruct but never restores it when submission fails before the request is hashed. [CVSS 3.3 LOW]

Linux Linux Kernel
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-24515 LOW CISA Monitor

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. [CVSS 2.9 LOW]

Denial Of Service Null Pointer Dereference Libexpat
NVD GitHub VulDB
CVSS 3.1
2.9
EPSS
0.0%
CVE-2026-1299 PATCH Monitor

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

Code Injection
NVD GitHub VulDB
EPSS
0.0%
CVE-2025-12780 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
Prev Page 6 of 6

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy