Skip to main content
CVE-2026-1231 MEDIUM This Month

Stored cross-site scripting in Beaver Builder Page Builder plugin for WordPress through version 2.10.0.5 allows authenticated users with Custom-level access or higher to inject malicious scripts into global settings that execute for all site visitors. The vulnerability stems from missing capability checks and insufficient input sanitization in the save_global_settings() function. Attackers can exploit this to deface pages, steal credentials, or perform actions on behalf of other users viewing affected content.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1827 MEDIUM This Month

The Flask Micro code-editor plugin for WordPress through version 1.0.0 contains a stored cross-site scripting vulnerability in its codeflask shortcode due to inadequate input validation and output encoding. Authenticated users with contributor-level permissions or higher can inject malicious scripts that execute for all visitors accessing affected pages. No patch is currently available.

WordPress Flask XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1809 MEDIUM This Month

Stored cross-site scripting in the HTML Tag Shortcodes WordPress plugin through version 1.1 allows authenticated contributors and above to execute arbitrary scripts on site pages through inadequately sanitized shortcode attributes. Affected users will run attacker-injected code whenever they visit compromised pages, potentially leading to session hijacking or malicious content injection.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1885 MEDIUM This Month

Stored XSS in WordPress Slideshow WP plugin through version 1.1 allows authenticated users with contributor-level access to inject malicious scripts via the 'sswpid' shortcode attribute due to insufficient input sanitization. The injected scripts execute in the browsers of any user viewing the affected pages, enabling attackers to steal session data or perform unauthorized actions. No patch is currently available for this vulnerability.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1853 MEDIUM This Month

Stored XSS in BuddyHolis ListSearch plugin for WordPress through version 1.1 allows authenticated contributors and above to inject malicious scripts into pages via inadequately sanitized shortcode attributes. When site visitors access compromised pages, the injected scripts execute in their browsers, potentially enabling account hijacking, session theft, or malicious redirects. No patch is currently available for this vulnerability.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1826 MEDIUM This Month

Stored XSS in OpenPOS Lite for WooCommerce plugin (versions up to 3.0) allows authenticated contributors and above to inject malicious scripts via the order_qrcode shortcode's width parameter, which execute when other users view affected pages. The vulnerability stems from inadequate input sanitization and output escaping, enabling attackers to compromise page content without user interaction. No patch is currently available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1821 MEDIUM This Month

Stored cross-site scripting in the WordPress Microtango plugin through version 0.9.29 allows authenticated contributors and higher-privileged users to inject malicious scripts via the 'restkey' parameter that execute when other users view affected pages. The vulnerability stems from inadequate input sanitization and output escaping in the mt_reservation shortcode. No patch is currently available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1804 MEDIUM This Month

Stored XSS in the WDES Responsive Popup WordPress plugin through version 1.3.6 allows authenticated contributors and higher-privileged users to inject malicious scripts via the 'wdes-popup-title' shortcode due to inadequate input sanitization. When victims visit affected pages containing the injected payload, the scripts execute in their browsers, potentially compromising site integrity and user data. No patch is currently available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1893 MEDIUM This Month

Orbisius Random Name Generator (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-13650 MEDIUM This Month

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Create Account’ operation at the URL:  https://zeus.microcom.es:4040/index.html?zeus6=true .

XSS Zeusweb
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-13649 MEDIUM This Month

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the ‘Recover password’ section at the URL: https://zeus.microcom.es:4040/index.html?zeus6=true .

XSS Zeusweb
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-13648 MEDIUM This Month

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the URL: https://zeus.microcom.es:4040/administracion-estaciones.html  resulting in a stored XSS.

XSS Zeusweb
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-1571 MEDIUM This Month

Reflected cross-site scripting in TP-Link Archer C60 v3 firmware permits arbitrary JavaScript execution through malicious URLs, enabling attackers to steal credentials or hijack sessions when targeted at privileged users. The vulnerability requires user interaction to trigger but has network-accessible attack vectors with no authentication needed. No patch is currently available.

TP-Link Archer C60 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-48508 MEDIUM This Month

Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or reset resulting in denial of service. [CVSS 6.0 MEDIUM]

Denial Of Service
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-46310 MEDIUM This Month

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. [CVSS 6.0 MEDIUM]

Apple Privilege Escalation
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-26014 MEDIUM PATCH This Month

Pion DTLS is a Go implementation of Datagram Transport Layer Security. [CVSS 5.9 MEDIUM]

Golang Dtls Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-13391 MEDIUM This Month

The Product Options and Price Calculation Formulas for WooCommerce - Uni CPO (Premium) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'uni_cpo_remove_file' function in all versions up to, and including, 4.9.60. [CVSS 5.8 MEDIUM]

WordPress Authentication Bypass
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-46305 MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-46304 MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Denial Of Service
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-46303 MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-46302 MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-46301 MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-46300 MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-20627 MEDIUM This Month

Insufficient validation of environment variables in Apple's macOS, iOS, iPadOS, and visionOS allows local applications to read sensitive user data without user interaction. An attacker with the ability to run code on the affected device could exploit this to access confidential information through improperly sanitized environment variable handling. A patch is not currently available for this medium-severity vulnerability.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43537 MEDIUM This Month

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5. [CVSS 5.5 MEDIUM]

Apple Path Traversal
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20669 MEDIUM This Month

macOS path validation bypass allows local authenticated users to read sensitive user data through improper directory path parsing. The vulnerability requires local access and valid credentials, limiting the attack surface to users already on the affected system. No patch is currently available for this medium-severity issue affecting macOS Tahoe 26.3 and earlier versions.

Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20653 MEDIUM This Month

Improper path validation in Apple's macOS, iOS, and visionOS allows local attackers to bypass directory access restrictions and read sensitive user data through crafted file paths. An authenticated user with local access can exploit this parsing weakness without user interaction to access confidential information. No patch is currently available for this vulnerability.

Apple Path Traversal
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20648 MEDIUM This Month

Malicious applications on macOS can intercept and read notifications synced from other iCloud-connected devices due to improper access controls on notification data. This local privilege escalation affects macOS versions prior to Tahoe 26.3 and requires user interaction to execute the malicious app. An attacker with local access could gain unauthorized visibility into private notifications and communications across a user's device ecosystem.

Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20647 MEDIUM This Month

This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.3. [CVSS 5.5 MEDIUM]

Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20638 MEDIUM This Month

A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. [CVSS 5.5 MEDIUM]

Apple iOS Iphone Os Ipados
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20623 MEDIUM This Month

macOS applications can bypass permission restrictions to access sensitive user data due to a permissions validation flaw affecting macOS versions prior to Tahoe 26.3. An attacker would need local access and user interaction to exploit this vulnerability, resulting in unauthorized disclosure of protected information without affecting system integrity or availability. This issue has been patched in macOS Tahoe 26.3.

Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20618 MEDIUM This Month

macOS Tahoe versions prior to 26.3 contain an improper temporary file handling vulnerability that allows local authenticated applications to read sensitive user data. The vulnerability requires local access and valid user privileges but poses no risk to system integrity or availability. No patch is currently available for affected systems.

Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43417 MEDIUM This Month

A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. [CVSS 5.5 MEDIUM]

Apple Path Traversal Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-36316 MEDIUM This Month

The integer overflow vulnerability within AMD Graphics driver could allow an attacker to bypass size checks potentially resulting in a denial of service [CVSS 5.5 MEDIUM]

Industrial Integer Overflow Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56807 MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data. [CVSS 5.5 MEDIUM]

Buffer Overflow Information Disclosure Media Streaming Add On
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20675 MEDIUM This Month

Information disclosure in Apple's image processing across iOS, iPadOS, macOS, tvOS, and visionOS allows local attackers to extract sensitive user data by supplying a specially crafted image file. The vulnerability requires user interaction to trigger the malicious image processing and affects multiple OS versions prior to their patched releases. No patch is currently available for affected users.

Apple Command Injection
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20666 MEDIUM This Month

Unauthorized access to sensitive user data in macOS can be achieved by local applications due to improper authorization state management affecting macOS Tahoe 26.2 and earlier. An attacker with local access and basic user privileges can exploit this flaw to read confidential information without user interaction. No patch is currently available for this vulnerability.

Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20629 MEDIUM This Month

Improper temporary file handling in macOS allows local applications to read sensitive user data without user interaction. An attacker with local access and app execution privileges can bypass privacy controls to access confidential information. This vulnerability affects macOS Tahoe 26.3 and earlier, with no patch currently available.

Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20608 MEDIUM PATCH This Month

Denial of service in Apple macOS, iOS, and iPadOS results from improper state management when processing malicious web content, causing unexpected process crashes. Local attackers with user interaction can trigger this vulnerability to disrupt system availability. No patch is currently available.

Apple Denial Of Service Ipados Iphone Os Visionos
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-54151 MEDIUM This Month

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 5.5 MEDIUM]

Denial Of Service Qsync Central
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-54150 MEDIUM This Month

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 5.5 MEDIUM]

Denial Of Service Qsync Central
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-54149 MEDIUM This Month

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 5.5 MEDIUM]

Denial Of Service Qsync Central
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20654 MEDIUM This Month

A local privilege escalation vulnerability in Apple's operating systems (macOS, iOS, visionOS, and iPadOS) allows authenticated users to trigger a buffer overflow condition resulting in denial of service through application crashes. The vulnerability stems from improper memory handling and affects multiple Apple platforms including watchOS and tvOS. Currently, no patch is available, though the vendor has indicated fixes will be included in upcoming OS updates.

Apple Buffer Overflow
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20634 MEDIUM This Month

Memory disclosure in Apple's image processing across macOS, iOS, iPadOS, tvOS, and visionOS allows local attackers with user interaction to leak sensitive process memory by submitting a specially crafted image file. The vulnerability requires no elevated privileges and affects multiple Apple operating system versions, with fixes available in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, and corresponding iOS/iPadOS updates. An attacker could exploit this to extract confidential data from running processes on the targeted device.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20621 MEDIUM This Month

Improper memory handling in Apple operating systems (macOS, iOS, iPadOS, visionOS) allows local attackers with user-level privileges to trigger kernel memory corruption or unexpected system crashes without user interaction. The vulnerability affects multiple macOS versions (Tahoe 26.3, Sonoma 14.8.4, Sequoia 15.7.4) and iOS/iPadOS 18.7.5 and later. No patch is currently available for this medium-severity flaw.

Apple Buffer Overflow
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20602 MEDIUM This Month

macOS cache handling vulnerability CVE-2026-20602 allows local users with standard privileges to trigger a denial-of-service condition on affected systems running macOS Sonoma 14.8.4 and earlier, macOS Sequoia 15.7.4 and earlier, or macOS Tahoe 26.3 and earlier. No patch is currently available for this issue.

Apple Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20678 MEDIUM This Month

Unauthorized access to sensitive user data in iOS and iPadOS results from improper state management in authorization checks, allowing local applications to bypass access restrictions. This medium-severity vulnerability affects Apple iOS/iPadOS users running versions prior to 18.7.5 and 26.3, with no patch currently available. A malicious app with user permissions could extract confidential information without additional user interaction.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20630 MEDIUM This Month

macOS systems running versions prior to Tahoe 26.3 contain an improper permissions restriction that allows local applications to read sensitive user data without authorization. A threat actor with local access could exploit this vulnerability to exfiltrate protected information. A patch is currently unavailable for affected systems.

Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20624 MEDIUM This Month

Improper input validation in macOS Sequoia, Tahoe, and Sonoma allows local applications to access sensitive user data through an injection attack that requires user interaction. An attacker with a malicious app could exploit this vulnerability to read confidential information on affected systems. No patch is currently available for this medium-severity issue.

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20619 MEDIUM This Month

macOS applications can access sensitive user data through insufficient log data redaction in Sequoia 15.7.3 and earlier, and Tahoe 26.2 and earlier. A local attacker with user interaction can exploit this information disclosure vulnerability to read confidential information that should be protected. No patch is currently available for this vulnerability.

Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 5 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy