THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — February 18, 2026

242 CVEs tracked today. 19 Critical, 75 High, 119 Medium, 17 Low.

CVE-2026-27180 CRITICAL CVSS 9.8
MajorDoMo home automation platform is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method without authentication due to improper use of gr() (which reads from $_REQUEST), allowing attackers to redirect update URLs and push malicious code packages.

PHP Tls RCE Majordomo
CVE-2026-27175 CRITICAL CVSS 9.8
Unauthenticated OS command injection in MajorDoMo via rc/index.php. EPSS 41.7% — the $param variable is passed unsanitized to shell commands. PoC available.

PHP RCE Command Injection Race Condition Majordomo
CVE-2026-27174 CRITICAL CVSS 9.8
MajorDoMo home automation platform allows unauthenticated remote code execution through the admin panel's PHP console. An include order bug in panel.class.php causes execution to continue past a redirect() call that lacks an exit statement, allowing unauthenticated requests to reach the PHP code execution functionality in inc_panel_ajax.php.

PHP RCE Majordomo
CVE-2026-25548 CRITICAL CVSS 9.1
Remote Code Execution in InvoicePlane self-hosted invoicing application through code injection. PoC and patch available.

PHP RCE Lfi Invoiceplane
CVE-2026-2329 CRITICAL CVSS 9.8
Unauthenticated stack-based buffer overflow in /cgi-bin/api.values.get HTTP API endpoint. EPSS 41.1% indicates very high exploitation probability. Patch available.

RCE Buffer Overflow Stack Overflow Gxp1628 Firmware Gxp1630 Firmware
CVE-2026-1435 CRITICAL CVSS 9.8
Improper session invalidation in Graylog Web Interface 2.2.3 allows attackers to maintain access through expired sessions, potentially enabling persistent unauthorized access to log management systems.

Authentication Bypass Graylog
CVE-2026-0573 CRITICAL CVSS 9.0
URL redirection vulnerability in GitHub Enterprise Server allows attacker-controlled redirects through crafted URLs, potentially enabling credential theft via phishing.

Github RCE Enterprise Server
CVE-2025-70998 CRITICAL CVSS 9.8
Insecure default telnet credentials in UTT HiPER 810 router firmware v1.5.0. Default credentials are publicly known, enabling unauthenticated access to the router management. PoC available.

Information Disclosure 810 Firmware
CVE-2025-70152 CRITICAL CVSS 9.8
SQL injection in code-projects Community Project Scholars Tracking System 1.0 admin user management. Allows database compromise via admin panel. PoC available.

PHP SQLi Scholars Tracking System
CVE-2025-70150 CRITICAL CVSS 9.8
Missing authentication in CodeAstro Membership Management System 1.0 delete_members.php allows unauthenticated deletion of member records. PoC available.

PHP Membership Management System
CVE-2025-70149 CRITICAL CVSS 9.8
SQL injection in CodeAstro Membership Management System 1.0 via ID parameter in print_membership_card.php enables unauthenticated database access. PoC available.

PHP SQLi Membership Management System
CVE-2025-70146 CRITICAL CVSS 9.1
Missing authentication on multiple admin action scripts in ProjectWorlds Online Time Table Generator allows unauthenticated users to perform administrative operations. PoC available.

Authentication Bypass Online Time Table Generator
CVE-2025-70141 CRITICAL CVSS 9.4
Incorrect access control in SourceCodester Customer Support System 1.0 allows unauthenticated access to AJAX dispatcher, enabling full system compromise. PoC available.

PHP Customer Support System
CVE-2025-65791 CRITICAL CVSS 9.8
Command injection in ZoneMinder v1.36.34 video surveillance system via web/views/image.php. Unsanitized user input enables unauthenticated remote code execution. PoC available.

PHP Command Injection Zoneminder
CVE-2025-14009 CRITICAL CVSS 10.0
Critical code execution vulnerability in NLTK (Natural Language Toolkit) downloader component. The _unzip_iter function can be exploited to achieve arbitrary code execution through crafted downloads. CVSS 10.0, EPSS 0.57%. PoC available.

Python RCE AI / ML Nltk Redhat
CVE-2019-25365 CRITICAL CVSS 9.8
Buffer overflow in ChaosPro 2.0 fractal generator via configuration file path handling allows code execution through crafted configuration files. PoC available.

Windows RCE Buffer Overflow
CVE-2019-25364 CRITICAL CVSS 9.8
Buffer overflow in MailCarrier 2.51 POP3 server via USER command allows remote attackers to execute arbitrary code. Network-exploitable without authentication. PoC available.

Buffer Overflow Mailcarrier
CVE-2019-25362 CRITICAL CVSS 9.8
Buffer overflow in WMV to AVI MPEG DVD Convertor 4.6.1217 allows code execution via crafted media files. PoC available.

Dns Buffer Overflow Stack Overflow Wmv To Avi Mpeg Dvd Wmv Convertor
CVE-2019-25361 CRITICAL CVSS 9.8
Buffer overflow in Ayukov NFTP client 1.71 in SYST command handling allows remote FTP servers to execute arbitrary code on connecting clients. PoC available.

Dns Buffer Overflow
CVE-2026-27182 HIGH CVSS 8.4
Saturn Remote Mouse Server on local networks is vulnerable to unauthenticated command injection through specially crafted UDP JSON packets sent to port 27000, enabling attackers to execute arbitrary code with service account privileges. Affected systems lack input validation on command parameters, allowing network-adjacent threat actors to achieve remote code execution without authentication. No patch is currently available for this high-severity vulnerability.

RCE Command Injection
CVE-2026-27181 HIGH CVSS 7.5
Unauthenticated module deletion in Majordomo's market module allows remote attackers to completely disable installations through a series of GET requests. The vulnerability stems from improper authentication checks that expose the uninstall functionality without requiring credentials, enabling attackers to iteratively remove all modules and associated files. Public exploit code exists for this high-severity flaw, and no patch is currently available.

Authentication Bypass Majordomo
CVE-2026-27179 HIGH CVSS 8.2
Unauthenticated SQL injection in MajorDoMo's commands module allows remote attackers to extract database contents including unsalted MD5 password hashes without authentication, enabling credential compromise and admin panel access. The vulnerability stems from unsanitized $_GET parameters in SQL queries accessible via the /objects/?module=commands endpoint, and public exploit code is available. Affected versions lack a patch and impact both MajorDoMo and PHP installations running this software.

PHP SQLi Majordomo
CVE-2026-27178 HIGH CVSS 7.2
MajorDomo's shoutbox feature is vulnerable to stored XSS due to unsanitized user input in the /objects/?method= endpoint, allowing unauthenticated attackers to inject malicious scripts that persist in the database. When administrators access the auto-refreshing dashboard, the stored payload executes automatically, enabling session hijacking and cookie theft. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP XSS Majordomo
CVE-2026-27177 HIGH CVSS 7.2
MajorDoMo's unauthenticated /objects/?op=set endpoint fails to sanitize property values, allowing remote attackers to inject stored XSS payloads that execute when administrators access the property editor, with public exploit code available. The vulnerability is compounded by session cookies lacking HttpOnly protection, enabling attackers to enumerate properties via the /api.php/data/ endpoint and hijack admin sessions through JavaScript exfiltration.

PHP IoT XSS Majordomo
CVE-2026-27099 HIGH CVSS 8.0
Jenkins versions 2.483-2.550 and LTS 2.492.1-2.541.1 contain a stored XSS vulnerability in the agent offline cause description field that fails to properly sanitize user input. Attackers with Agent/Configure or Agent/Disconnect permissions can inject malicious scripts that execute in the browsers of other users viewing the affected agent configuration. No patch is currently available for this vulnerability.

Jenkins XSS Redhat
CVE-2026-24708 HIGH CVSS 8.2
OpenStack Nova compute nodes using the Flat image backend can have their host data destroyed when an authenticated user crafts a malicious QCOW header on a disk image and triggers a resize operation, causing qemu-img to execute without format restrictions. Affected versions include Nova before 30.2.2, 31.x before 31.2.1, and 32.x before 32.1.1, with no patch currently available. This vulnerability requires low privileges and user interaction but impacts the integrity and availability of the host system across trust boundaries.

Information Disclosure Redhat
CVE-2026-23599 HIGH CVSS 7.8
HPE Aruba Networking ClearPass OnGuard Software for Linux contains a local privilege escalation vulnerability that allows authenticated users to execute arbitrary code with root privileges. The flaw requires local access and no user interaction, making it exploitable by any local account on an affected system. No patch is currently available to remediate this issue.

Linux
CVE-2026-23491 HIGH CVSS 7.5
Unauthenticated attackers can read arbitrary files from InvoicePlane servers through path traversal in the Guest controller's file retrieval function, potentially exposing database credentials and other sensitive configuration data. This vulnerability affects InvoicePlane versions up to 1.6.3 and has public exploit code available. Version 1.6.4 resolves the issue.

Path Traversal Invoiceplane
CVE-2026-23230 HIGH CVSS 8.8
Linux kernel SMB client denial of service vulnerability caused by concurrent bitfield updates in the cached_fid structure that can corrupt flag states through read-modify-write races. A local attacker with standard privileges can trigger this race condition to cause availability disruptions by forcing inconsistent flag states in cached file handle management. No patch is currently available for this medium-severity issue.

Linux Information Disclosure Redhat Suse
CVE-2026-23227 HIGH CVSS 7.8
The Exynos Virtual Display driver in the Linux kernel lacks proper synchronization when allocating and freeing memory structures, enabling use-after-free conditions through race conditions between concurrent operations. A local attacker with unprivileged access can exploit this vulnerability to cause memory corruption or achieve information disclosure by manipulating display connector operations. No patch is currently available for this high-severity vulnerability affecting Linux systems with Samsung Exynos graphics hardware.

Linux Use After Free Information Disclosure Samsung Memory Corruption
CVE-2026-23226 HIGH CVSS 8.8
The Linux kernel ksmbd subsystem contains a use-after-free vulnerability in multi-channel session handling due to missing synchronization on the ksmbd_chann_list xarray, allowing a local attacker with user privileges to cause memory corruption and potentially execute arbitrary code. The vulnerability affects the channel lookup and deletion operations between multiple concurrent sessions. A patch is available to add proper locking mechanisms to protect xarray access.

Linux Use After Free Memory Corruption Information Disclosure Redhat
CVE-2026-23225 HIGH CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF, which is actually an out of bounds access in the MMCID management code.

Linux Information Disclosure Redhat Suse
CVE-2026-23224 HIGH CVSS 7.8
The Linux kernel erofs file system contains a use-after-free vulnerability in direct I/O file-backed mount operations that allows local attackers with user privileges to cause memory corruption and potentially achieve code execution or denial of service. The vulnerability occurs when accessing files through the directio option, where freed memory is subsequently accessed during I/O operations. A patch is not currently available, making this a critical concern for systems running affected Linux kernel versions.

Linux Information Disclosure Memory Corruption Use After Free Redhat
CVE-2026-23223 HIGH CVSS 7.8
Use-after-free vulnerability in Linux kernel XFS subsystem allows local attackers with unprivileged access to cause memory corruption and potential privilege escalation through improper pointer dereferencing in the btree block owner checking function. The flaw stems from attempting to access freed memory due to incorrect temporal ordering of operations when determining cursor aliases. This vulnerability affects all Linux systems using XFS and currently lacks a patch.

Linux Information Disclosure Memory Corruption Use After Free Linux Kernel
CVE-2026-23222 HIGH CVSS 7.8
Memory allocation errors in the Linux kernel's OMAP crypto driver cause scatterlist objects to be undersized by 4x, enabling local authenticated attackers to trigger denial of service conditions through memory corruption. An attacker with local access and user-level privileges can exploit this miscalculation to crash the system or cause unpredictable kernel behavior. No patch is currently available for this vulnerability.

Linux Information Disclosure Redhat Suse
CVE-2026-23221 HIGH CVSS 7.8
The Linux kernel's fsl-mc bus driver contains a use-after-free vulnerability in the driver_override_show() function that reads device configuration without proper locking, allowing a local privileged user to trigger memory corruption by concurrently modifying the same data. This vulnerability affects Linux systems running vulnerable kernel versions and could enable local denial of service or potential privilege escalation through heap memory manipulation. No patch is currently available for this issue.

Linux Use After Free Information Disclosure Memory Corruption Linux Kernel
CVE-2026-23216 HIGH CVSS 7.8
A use-after-free vulnerability in the Linux kernel's iSCSI target implementation allows local attackers with low privileges to cause memory corruption and potential denial of service by exploiting a race condition in the connection usage counting mechanism. The flaw occurs when a spinlock is released after calling complete(), allowing a waiting thread to free the connection structure before the current thread finishes its unlock operation. No patch is currently available for this vulnerability.

Linux Use After Free Memory Corruption Information Disclosure Linux Kernel
CVE-2026-22860 HIGH CVSS 7.5
Directory traversal in Rack versions prior to 2.2.22, 3.1.20, and 3.2.5 allows unauthenticated remote attackers to list directories outside the configured root by exploiting a string prefix matching flaw in path validation. An attacker can craft requests with path traversal sequences to enumerate sensitive directories if the target path shares a common prefix with the configured root directory. Public exploit code exists for this vulnerability.

Ruby Rack Redhat Suse
CVE-2026-22048 HIGH CVSS 7.1
Configuration deletion and resource denial in StorageGRID versions before 11.9.0.12 and 12.0.0.4 stems from an SSRF flaw in Microsoft Entra ID SSO integration, allowing authenticated attackers to manipulate backend requests. Successful exploitation enables deletion of configuration data or denial of access to storage resources despite requiring valid credentials to initiate the attack.

Azure SSRF
CVE-2026-2670 HIGH CVSS 7.2
Unauthenticated remote attackers can achieve OS command injection through the delete_file parameter in Advantech WISE-6610's OpenVPN management interface (/cgi-bin/luci/admin/openvpn_apply), enabling arbitrary command execution with high privileges. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. The attack requires high-level privileges but involves minimal complexity and poses significant risks to confidentiality, integrity, and availability.

Openvpn Command Injection
CVE-2026-2668 HIGH CVSS 7.3
Visual Integrated Command And Dispatch Platform versions up to 20260206. contains a security vulnerability (CVSS 7.3).

Information Disclosure Visual Integrated Command And Dispatch Platform
CVE-2026-2650 HIGH CVSS 8.8
Google Chrome versions before 145.0.7632.109 contain a heap buffer overflow in the Media component that can be triggered by a remote attacker through a specially crafted HTML page, potentially leading to heap corruption and arbitrary code execution. The vulnerability requires user interaction to exploit and affects all Chrome users who encounter a malicious webpage. No patch is currently available for this high-severity issue.

Google Buffer Overflow Chrome Redhat Suse
CVE-2026-2649 HIGH CVSS 8.8
Heap corruption in Google Chrome's V8 engine prior to version 145.0.7632.109 can be triggered through integer overflow vulnerabilities when processing malicious HTML pages. An unauthenticated attacker can exploit this by tricking users into visiting a crafted webpage, potentially achieving arbitrary code execution with high impact to confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Google Integer Overflow Chrome Redhat Suse
CVE-2026-2648 HIGH CVSS 8.8
Google Chrome's PDFium library contains a heap buffer overflow vulnerability that enables remote attackers to execute arbitrary code or corrupt memory by opening specially crafted PDF files, affecting all users without requiring authentication or special user interaction. The vulnerability impacts Chrome versions prior to 145.0.7632.109 with a high CVSS score of 8.8, though no patch is currently available. An attacker can exploit this to achieve complete compromise of the affected system including confidentiality, integrity, and availability of data.

Buffer Overflow Chrome Google Redhat Suse
CVE-2026-2576 HIGH CVSS 7.5
Unauthenticated attackers can exploit time-based SQL injection in the Business Directory Plugin for WordPress (versions up to 6.4.2) through an unescaped 'payment' parameter to extract sensitive database information. The vulnerability stems from insufficient input validation and improper query preparation, allowing attackers to append arbitrary SQL commands to existing queries without authentication. No patch is currently available.

WordPress SQLi
CVE-2026-2507 HIGH CVSS 7.5
When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. [CVSS 7.5 HIGH]

Denial Of Service
CVE-2026-2495 HIGH CVSS 7.5
Unauthenticated attackers can exploit SQL injection in the WPNakama WordPress plugin (versions up to 0.6.5) through the 'order' parameter in the REST API /wp-json/WPNakama/v1/boards endpoint due to insufficient input escaping. This allows unauthorized extraction of sensitive database information from any WordPress installation running the vulnerable plugin. No patch is currently available.

WordPress SQLi
CVE-2026-2296 HIGH CVSS 7.2
Arbitrary PHP code execution in Product Addons for WooCommerce plugin (versions up to 3.1.0) through unsafe use of eval() on unsanitized conditional logic operators allows Shop Manager-level and higher-privileged WordPress users to execute malicious code on affected servers. The vulnerability stems from insufficient input validation in the evalConditions() function where user-supplied operator parameters are passed directly to PHP's eval() without sanitization. No patch is currently available.

WordPress PHP Code Injection
CVE-2026-2019 HIGH CVSS 7.2
Cart All In One For WooCommerce (WordPress plugin) versions up to 1.1.21. contains a security vulnerability (CVSS 7.2).

WordPress PHP Code Injection
CVE-2026-1999 HIGH CVSS 7.1
GitHub Enterprise Server allows authenticated webhook administrators to bypass network restrictions through Server-Side Request Forgery, enabling access to internal services, job queues, and sensitive endpoints on loopback addresses. This affects all versions prior to 3.20 and requires valid credentials with webhook configuration privileges. No patch is currently available, and exploitation could lead to unauthorized data access or disruption of background job processing.

SSRF
CVE-2026-1937 HIGH CVSS 7.2
Unauthorized data modification in YayMail WooCommerce Email Customizer WordPress plugin allows unauthenticated attackers to modify email templates, potentially enabling phishing attacks against customers.

WordPress Privilege Escalation Authentication Bypass
CVE-2026-1931 HIGH CVSS 7.2
Stored cross-site scripting in the Rent Fetch WordPress plugin through version 0.32.4 allows unauthenticated attackers to inject malicious scripts via inadequately sanitized keyword parameters. When site visitors access pages containing the injected payload, the scripts execute in their browsers, potentially enabling session hijacking, credential theft, or malware distribution. No patch is currently available for this vulnerability.

WordPress XSS
CVE-2026-1714 HIGH CVSS 8.6
Unauthenticated attackers can abuse the ShopLentor plugin for WordPress (versions up to 3.3.2) to send arbitrary emails through affected websites due to insufficient input validation in an AJAX endpoint, allowing them to conduct spam and phishing campaigns with full control over recipient addresses, subject lines, and message content. The vulnerability requires no user interaction and affects all installations of the vulnerable plugin. No patch is currently available.

WordPress
CVE-2026-1426 HIGH CVSS 8.8
PHP Object Injection in the Advanced AJAX Product Filters plugin for WordPress (versions up to 3.1.9.6) allows authenticated authors and above to deserialize malicious objects through the Live Composer compatibility layer. While the plugin itself lacks a gadget chain for exploitation, the vulnerability can enable arbitrary file deletion, data theft, or remote code execution if a POP chain exists in installed themes or plugins. No patch is currently available, and exploitation requires valid WordPress user credentials.

WordPress PHP Deserialization
CVE-2026-1368 HIGH CVSS 7.5
Video Conferencing with Zoom WordPre versions up to 4.6.6 is affected by improper authentication (CVSS 7.5).

WordPress Zoom
CVE-2026-0875 HIGH CVSS 7.8
Out-of-bounds write in Autodesk shared components allows local attackers to execute arbitrary code, corrupt data, or crash the application by crafting a malicious MODEL file. The vulnerability requires user interaction to parse the malicious file and affects multiple Autodesk products with no patch currently available.

Denial Of Service Shared Components
CVE-2026-0874 HIGH CVSS 7.8
Out-of-bounds write in Autodesk products' CATPART file parser enables local attackers to achieve arbitrary code execution, crash the application, or corrupt data when a user opens a malicious file. The vulnerability requires user interaction and affects shared components across multiple Autodesk products. No patch is currently available.

Denial Of Service Shared Components
CVE-2025-71234 HIGH CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add The driver does not set hw->sta_data_size, which causes mac80211 to allocate insufficient space for driver private station data in __sta_info_alloc().

Linux Memory Corruption Buffer Overflow Linux Kernel Redhat
CVE-2025-71231 HIGH CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned.

Linux Information Disclosure Buffer Overflow Linux Kernel Redhat
CVE-2025-70151 HIGH CVSS 8.8
Scholars Tracking System versions up to 1.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

PHP RCE Scholars Tracking System
CVE-2025-70148 HIGH CVSS 7.5
Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR). [CVSS 7.5 HIGH]

PHP Membership Management System
CVE-2025-70147 HIGH CVSS 7.5
Online Time Table Generator versions up to 1.0 is affected by missing authentication for critical function (CVSS 7.5).

PHP Online Time Table Generator
CVE-2025-70064 HIGH CVSS 8.8
PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after authentication. [CVSS 8.8 HIGH]

Privilege Escalation Hospital Management System
CVE-2025-61982 HIGH CVSS 7.8
An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. [CVSS 7.8 HIGH]

RCE Code Injection
CVE-2025-60038 HIGH CVSS 7.8
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. [CVSS 7.8 HIGH]

RCE Deserialization Rexroth Indraworks
CVE-2025-60037 HIGH CVSS 7.8
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. [CVSS 7.8 HIGH]

RCE Deserialization Rexroth Indraworks
CVE-2025-60036 HIGH CVSS 7.8
A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. [CVSS 7.8 HIGH]

RCE Deserialization Rexroth Ua.Testclient Rexroth Indraworks
CVE-2025-60035 HIGH CVSS 7.8
A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. [CVSS 7.8 HIGH]

RCE Deserialization Rexroth Indraworks
CVE-2025-33253 HIGH CVSS 7.8
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Denial Of Service Information Disclosure AI / ML Nemo
CVE-2025-33252 HIGH CVSS 7.8
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Denial Of Service Information Disclosure AI / ML Nemo
CVE-2025-33251 HIGH CVSS 7.8
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Denial Of Service Information Disclosure AI / ML Nemo
CVE-2025-33250 HIGH CVSS 7.8
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Denial Of Service Information Disclosure AI / ML Nemo
CVE-2025-33249 HIGH CVSS 7.8
NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. [CVSS 7.8 HIGH]

Privilege Escalation Code Injection Information Disclosure AI / ML Nemo
CVE-2025-33246 HIGH CVSS 7.8
NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. [CVSS 7.8 HIGH]

Privilege Escalation Command Injection Information Disclosure AI / ML Nemo
CVE-2025-33245 HIGH CVSS 8.0
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 8.0 HIGH]

RCE Privilege Escalation Information Disclosure AI / ML Nemo
CVE-2025-33243 HIGH CVSS 7.8
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Privilege Escalation Information Disclosure AI / ML Nemo
CVE-2025-33241 HIGH CVSS 7.8
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Privilege Escalation Information Disclosure AI / ML Nemo
CVE-2025-33240 HIGH CVSS 7.8
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

Privilege Escalation Code Injection Information Disclosure AI / ML Megatron Bridge
CVE-2025-33239 HIGH CVSS 7.8
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

Privilege Escalation Code Injection Information Disclosure AI / ML Megatron Bridge
CVE-2025-33236 HIGH CVSS 7.8
NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

Privilege Escalation Code Injection Information Disclosure AI / ML Nemo
CVE-2025-1272 HIGH CVSS 7.7
The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. [CVSS 7.7 HIGH]

Linux Redhat Suse Linux Kernel
CVE-2019-25401 HIGH CVSS 7.5
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. [CVSS 7.5 HIGH]

Denial Of Service
CVE-2019-25363 HIGH CVSS 7.5
Wmv To Avi Mpeg Dvd Wmv Convertor versions up to 4.6.1217 is affected by stack-based buffer overflow (CVSS 7.5).

Buffer Overflow Denial Of Service Wmv To Avi Mpeg Dvd Wmv Convertor
CVE-2019-25360 HIGH CVSS 8.4
Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration that allows attackers to execute malicious code by crafting a specially designed payload. [CVSS 9.8 CRITICAL]

RCE Buffer Overflow Stack Overflow
CVE-2019-25359 HIGH CVSS 8.2
SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. [CVSS 8.2 HIGH]

Dotnet SQLi Information Disclosure
CVE-2019-25358 HIGH CVSS 7.5
FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. [CVSS 7.5 HIGH]

Denial Of Service
CVE-2019-25357 HIGH CVSS 8.4
Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). [CVSS 8.4 HIGH]

Windows Buffer Overflow Stack Overflow
CVE-2019-25355 HIGH CVSS 7.5
gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. [CVSS 7.5 HIGH]

Path Traversal Gsoap Suse
CVE-2019-25354 HIGH CVSS 7.5
iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices. [CVSS 7.5 HIGH]

Denial Of Service
CVE-2019-25353 HIGH CVSS 7.5
Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger an application crash during device login. [CVSS 7.5 HIGH]

Denial Of Service
CVE-2019-25352 HIGH CVSS 7.5
Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. [CVSS 7.5 HIGH]

Windows Path Traversal
CVE-2019-25351 HIGH CVSS 8.8
Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. [CVSS 8.8 HIGH]

Authentication Bypass
CVE-2019-25350 HIGH CVSS 7.5
XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3u file with an oversized buffer to trigger an application crash when the file is opened. [CVSS 7.5 HIGH]

Denial Of Service
CVE-2019-25349 HIGH CVSS 7.5
ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices. [CVSS 7.5 HIGH]

Scada Denial Of Service
CVE-2026-27176 MEDIUM CVSS 6.1
Reflected XSS in MajorDoMo's command.php allows remote attackers to inject arbitrary JavaScript through an unsanitized qry parameter, affecting users who click malicious links. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP XSS Majordomo
CVE-2026-27100 MEDIUM CVSS 4.3
Jenkins versions 2.550 and earlier fail to properly validate Run Parameter access controls, allowing authenticated users with Item/Build and Item/Configure permissions to enumerate sensitive information about jobs, builds, and their display names they should not have access to. This information disclosure vulnerability affects Jenkins LTS 2.541.1 and earlier, with no patch currently available. Attackers can exploit this to gather intelligence about build infrastructure by referencing builds outside their authorized scope.

Jenkins Redhat
CVE-2026-26281 MEDIUM CVSS 4.4
Stored XSS in InvoicePlane's Sumex invoice view enables authenticated users with invoice management privileges to inject malicious JavaScript that executes in other users' browsers, potentially compromising sessions and enabling data theft. Public exploit code exists for this vulnerability. Version 1.7.1 and later contain the fix.

XSS Invoiceplane
CVE-2026-26270 MEDIUM CVSS 5.4
InvoicePlane 1.7.0 and earlier contains a stored XSS vulnerability in the Invoice Groups "Identifier Format" field that authenticated users can exploit to inject malicious scripts executed when other users access the invoice list or dashboard. An attacker with invoice group management permissions can inject arbitrary JavaScript that runs in the context of other users' browsers, potentially leading to session hijacking or credential theft. A patch is available in version 1.7.1.

XSS Invoiceplane
CVE-2026-25596 MEDIUM CVSS 4.8
InvoicePlane 1.7.0 contains a stored XSS vulnerability in the Product Unit Name field that allows authenticated administrators to inject malicious scripts executed when other admins view affected invoices. Public exploit code exists for this vulnerability, though exploitation requires high-privilege administrator access and user interaction. Version 1.7.1 resolves the issue.

XSS Invoiceplane
CVE-2026-25595 MEDIUM CVSS 4.8
InvoicePlane 1.7.0 contains a stored XSS vulnerability in the Invoice Number field that allows authenticated administrators to inject malicious JavaScript executing in other administrators' browsers when viewing invoices or the dashboard. Public exploit code exists for this vulnerability, which has a CVSS score of 4.8 and can result in data theft or unauthorized actions within the application. A patch is available in version 1.7.1.

XSS Invoiceplane
CVE-2026-25594 MEDIUM CVSS 4.8
InvoicePlane 1.7.0 contains a stored XSS vulnerability in the Family Name field that executes malicious scripts in administrators' browsers when they access the product form. An authenticated administrator can inject payloads via the family dropdown to compromise other admin sessions. Public exploit code exists for this vulnerability, though a patch is available in version 1.7.1.

XSS Invoiceplane
CVE-2026-25500 MEDIUM CVSS 5.4
Rack's Directory module fails to sanitize filenames when generating HTML directory listings, allowing attackers to craft files with javascript: scheme names that execute arbitrary code when clicked. Authenticated users or those with access to directories containing maliciously named files can trigger stored XSS attacks affecting other users viewing the directory index. Public exploit code exists for versions prior to 2.2.22, 3.1.20, and 3.2.5.

Ruby Rack Redhat Suse
CVE-2026-24746 MEDIUM CVSS 5.7
Stored XSS in InvoicePlane 1.7.0's Edit Quotes function allows authenticated administrators to inject malicious scripts via the unvalidated quote_number parameter, enabling persistent code execution and data manipulation. Public exploit code exists for this vulnerability, which could lead to unauthorized modification of invoices, creation of backdoors, and complete compromise of application integrity. Version 1.7.1 addresses this flaw.

XSS Invoiceplane
CVE-2026-24745 MEDIUM CVSS 5.7
Stored XSS via SVG file upload in InvoicePlane 1.7.0 Login Logo functionality allows authenticated administrators to inject persistent malicious scripts, potentially compromising application integrity and enabling unauthorized data modification. Public exploit code exists for this vulnerability, which requires high-level privileges but can lead to persistent backdoors and full application compromise. InvoicePlane 1.7.1 addresses this issue.

Golang XSS Invoiceplane
CVE-2026-24744 MEDIUM CVSS 5.7
Stored XSS in InvoicePlane 1.7.0's invoice editing function fails to sanitize the invoice_number parameter, allowing authenticated administrators to inject malicious scripts that persist in the application. Public exploit code exists for this vulnerability, enabling attackers with admin access to modify data, create backdoors, and compromise application integrity. Version 1.7.1 addresses this issue.

XSS Invoiceplane
CVE-2026-24743 MEDIUM CVSS 5.7
Stored XSS in InvoicePlane 1.7.0 via malicious SVG file upload in the Invoice Logo function allows authenticated administrators to inject persistent malicious scripts and compromise application integrity. Public exploit code exists for this vulnerability. Version 1.7.1 contains the patch.

Golang XSS Invoiceplane
CVE-2026-23229 MEDIUM CVSS 5.5
The Linux kernel's virtio-crypto driver lacks proper synchronization when handling virtqueue notifications from multiple processes, causing data corruption and system hangs when processing cryptographic operations concurrently. Local attackers with user privileges can trigger denial of service by running parallel crypto workloads, as demonstrated through multi-process OpenSSL benchmarks that expose race conditions in the virtcrypto_done_task() handler. No patch is currently available for this medium-severity vulnerability affecting systems running virtio-crypto with builtin backends.

Linux OpenSSL Information Disclosure Linux Kernel Redhat
CVE-2026-23228 MEDIUM CVSS 5.5
The Linux kernel ksmbd server leaks the active_num_conn counter when kthread_run() fails during TCP connection initialization, allowing local authenticated users to exhaust connection tracking resources and cause a denial of service. The vulnerability stems from improper cleanup that fails to decrement the counter when freeing the transport structure. No patch is currently available for this medium-severity issue.

Linux Information Disclosure Linux Kernel Redhat Suse
CVE-2026-23220 MEDIUM CVSS 5.5
The Linux kernel's ksmbd SMB server implementation contains a denial-of-service vulnerability where failed signature verification on chained SMB2 requests causes an infinite loop due to improper state reset. A local or authenticated attacker can trigger this condition by sending a malformed signed request, causing the ksmbd process to hang and become unresponsive.

Linux Denial Of Service Linux Kernel Redhat Suse
CVE-2026-23219 MEDIUM CVSS 5.5
Memory allocation profiling in the Linux kernel fails to properly clear allocation tags during abort operations when CONFIG_MEM_ALLOC_PROFILING_DEBUG is enabled, allowing a local privileged user to trigger a denial of service through kernel warnings and potential system instability. The vulnerability affects the slab memory allocator's interaction with memcg abort handling and requires local access with elevated privileges to exploit. No patch is currently available for this medium-severity issue.

Linux Code Injection Linux Kernel Redhat Suse
CVE-2026-23218 MEDIUM CVSS 5.5
A null pointer dereference in the Linux kernel's loongson-64bit GPIO driver allows local attackers with user privileges to cause a denial of service through an incorrect NULL check that fails to validate chip->irq.parents after memory allocation. The vulnerability affects Linux systems with Loongson GPIO hardware and requires no user interaction to trigger. No patch is currently available.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Redhat
CVE-2026-23217 MEDIUM CVSS 5.5
A deadlock vulnerability in the Linux kernel's RISC-V tracing subsystem allows local users with tracing privileges to hang the system by enabling ftrace snapshots on __sbi_ecall functions, causing recursive IPI interrupts that trigger infinite snapshot loops. This issue is particularly easy to exploit on RISC-V systems lacking the SSTC extension, where timer events automatically invoke SBI ecalls. The vulnerability requires local access and is only exploitable if tracing is enabled, making it a denial of service vector for systems with active kernel tracing.

Linux Information Disclosure Linux Kernel Redhat Suse
CVE-2026-23215 MEDIUM CVSS 5.5
The Linux kernel's VMware hypercall implementation improperly handles register state during mouse events, allowing local attackers with user privileges to trigger a denial of service through a kernel panic via crafted input to the vmmouse driver. The vulnerability stems from incomplete register preservation when the QEMU VMware mouse emulation clears the upper 32 bits of CPU registers containing kernel pointers. No patch is currently available for this medium-severity issue affecting Linux systems running on VMware or QEMU with vmmouse support.

Linux VMware Information Disclosure Linux Kernel Redhat
CVE-2026-23214 MEDIUM CVSS 5.5
A denial of service vulnerability in the Linux kernel's btrfs filesystem allows local users with standard privileges to cause a system crash by triggering transaction aborts on read-only mounted filesystems. An attacker can exploit this by mounting a malformed btrfs filesystem with rescue options, causing the kernel to abort transactions with error handling failures during unmount. No patch is currently available for this medium-severity vulnerability.

Linux Information Disclosure Linux Kernel Redhat Suse
CVE-2026-23213 MEDIUM CVSS 5.5
AMD GPU drivers on Linux systems fail to prevent MMIO register access during SMU Mode 1 reset, allowing incomplete PCIe transactions that can trigger NMI panics or system hangs. A local attacker with driver interaction capabilities could exploit this to cause a denial of service by accessing registers while the device is offline. The vulnerability affects Linux kernel implementations with AMD PM functionality and currently lacks an available patch.

Linux Information Disclosure Amd Linux Kernel Redhat
CVE-2026-23212 MEDIUM CVSS 4.7
A data-race condition in the Linux kernel bonding driver's slave->last_rx field can be accessed without proper synchronization, potentially causing a denial of service on systems using bonded network interfaces. Local attackers with limited privileges can trigger the race condition to cause system instability or crashes. A patch is not currently available, and exploitation requires specific timing conditions.

Linux Information Disclosure Linux Kernel Redhat Suse
CVE-2026-23211 MEDIUM CVSS 5.5
Linux kernel swap handling can cause a kernel panic under heavy memory pressure when arch_prepare_to_swap fails due to read-only swap address space restrictions introduced in a prior commit. A local attacker with user privileges can trigger this denial of service condition during memory reclamation operations. No patch is currently available for this medium-severity vulnerability.

Linux Information Disclosure Linux Kernel Redhat Suse
CVE-2026-20144 MEDIUM CVSS 6.8
Splunk Enterprise and Splunk Cloud Platform deployments expose SAML authentication configurations in plaintext logs accessible to users with Search Head Cluster administrative roles and _internal index access, allowing credential and authentication extension disclosure. Affected versions include Splunk Enterprise below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, as well as Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Splunk Splunk Cloud Platform
CVE-2026-20142 MEDIUM CVSS 6.8
Splunk Enterprise versions before 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11 expose RSA access keys in plain text within the Authentication.conf file to users with access to the _internal index on Search Head Cluster deployments. A privileged user with appropriate role permissions could read these sensitive credentials, compromising authentication security. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Splunk
CVE-2026-20141 MEDIUM CVSS 4.3
Improper access control in Splunk Enterprise versions below 9.3.9, 9.4.8, and 10.0.2 allows low-privileged users without admin roles to access the Monitoring Console App endpoints, enabling unauthorized disclosure of sensitive information. The vulnerability affects only on-premises Splunk Enterprise deployments and does not impact Splunk Cloud Platform instances. No patch is currently available.

Information Disclosure Splunk
CVE-2026-20139 MEDIUM CVSS 4.3
Client-side denial-of-service in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to inject malicious payloads through user profile parameters in the authentication REST API endpoint, causing significant page load delays or temporary unresponsiveness of the Splunk Web interface. Affected versions include Splunk Enterprise below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121. No patch is currently available for this vulnerability.

Denial Of Service Splunk Cloud Platform Splunk
CVE-2026-20138 MEDIUM CVSS 6.8
Splunk Search Head Cluster deployments below versions 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11 expose Duo Two-Factor Authentication secrets (integrationKey, secretKey, appSecretKey) in plain text to users with access to the _internal index and appropriate roles. An authenticated attacker with these privileges could retrieve sensitive credentials and compromise Duo authentication controls for the Splunk environment. No patch is currently available for this vulnerability.

Information Disclosure Splunk
CVE-2026-2683 MEDIUM CVSS 4.3
Tsinghua Unigroup Electronic Archives System 3.2.210802 contains a path traversal vulnerability in the download functionality that allows authenticated remote attackers to read arbitrary files on the affected system. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires valid credentials but no user interaction, making it accessible to any authenticated user with network access.

Path Traversal Electronic Archives System
CVE-2026-2682 MEDIUM CVSS 6.3
SQL injection in Tsinghua Unigroup Electronic Archives System versions up to 3.2.210802 allows authenticated remote attackers to manipulate the comid parameter via the /mine/PublicReport/prinReport.html endpoint, potentially leading to unauthorized data access or modification. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early notification.

Java SQLi Electronic Archives System
CVE-2026-2676 MEDIUM CVSS 6.3
Improper authorization in GoogTech sms-ssm's LoginInterceptor API interface allows remote authenticated attackers to bypass access controls and manipulate protected functions. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring organizations to implement compensating controls or restrict access to the affected API endpoints.

Java
CVE-2026-2672 MEDIUM CVSS 4.3
Path traversal in Tsinghua Unigroup Electronic Archives System 3.2.210802 allows authenticated remote attackers to read arbitrary files through manipulation of the path parameter in the /Search/Subject/downLoad function. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires valid credentials but no user interaction, making it a practical risk for organizations using this system.

Path Traversal Electronic Archives System
CVE-2026-2669 MEDIUM CVSS 6.5
Visual Integrated Command And Dispatch Platform versions up to 20260206. contains a security vulnerability (CVSS 6.5).

Information Disclosure Visual Integrated Command And Dispatch Platform
CVE-2026-2667 MEDIUM CVSS 5.3
Visual Integrated Command And Dispatch Platform versions up to 20260206. contains a security vulnerability (CVSS 5.3).

Information Disclosure Visual Integrated Command And Dispatch Platform
CVE-2026-2666 MEDIUM CVSS 4.7
Unrestricted file upload in mingSoft MCMS 6.1.1's template archive handler allows authenticated attackers with high privileges to upload arbitrary files via manipulation of the File parameter in /ms/file/uploadTemplate.do. Public exploit code exists for this vulnerability and no patch is currently available. The attack requires network access and high-level authentication but could lead to remote code execution or system compromise.

File Upload Authentication Bypass Mcms
CVE-2026-2665 MEDIUM CVSS 6.3
Unrestricted file upload in huanzi-qch base-admin's JSP file upload function allows authenticated remote attackers to upload arbitrary files by manipulating the File parameter, potentially leading to code execution. The vulnerability affects the SysFileController component and has public exploit code available. No patch is currently available from the developers.

Java
CVE-2026-2663 MEDIUM CVSS 6.3
SQL injection in Alixhan xh-admin-backend versions up to 1.7.0 allows authenticated attackers to manipulate the prop parameter in the /frontend-api/system-service/api/system/role/query endpoint and execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or responded to disclosure efforts. Affected organizations running vulnerable versions should immediately restrict access to this endpoint or upgrade if available.

SQLi
CVE-2026-2658 MEDIUM CVSS 4.3
Cross-site request forgery (CSRF) in newbee-mall affects multiple endpoints, allowing unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users. Public exploit code exists for this vulnerability. No patch is currently available, and the project maintainers have not responded to the early disclosure notification.

CSRF
CVE-2026-2654 MEDIUM CVSS 6.3
Server-side request forgery in Hugging Face smolagents 1.24.0 allows authenticated attackers to manipulate the LocalPythonExecutor's requests.get/requests.post functions, enabling remote exploitation without user interaction. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

Python SSRF AI / ML Smolagents
CVE-2026-2653 MEDIUM CVSS 5.3
Admesh versions up to 0.98.5 contain a heap buffer overflow in the stl_check_normal_vector function that allows local attackers to corrupt memory with low integrity and confidentiality impact. Public exploit code exists for this vulnerability, and the product appears to be unmaintained with no patch available.

Buffer Overflow Heap Overflow Admesh
CVE-2026-2633 MEDIUM CVSS 4.3
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress fails to properly validate the upload_files capability in its AJAX image import function, allowing authenticated contributors to upload arbitrary images to the Media Library despite lacking file upload permissions. This authorization bypass affects all versions up to 3.6.1 and requires only basic user authentication with no user interaction. An attacker with contributor-level access can exploit this to upload malicious image files that could be leveraged for further attacks.

WordPress
CVE-2026-2426 MEDIUM CVSS 6.5
Arbitrary file deletion in WP-DownloadManager plugin versions up to 1.69 allows high-privileged WordPress administrators to bypass path validation and remove critical system files through directory traversal in the file deletion parameter. Deletion of essential files like wp-config.php can result in remote code execution or complete site compromise. No patch is currently available.

WordPress PHP RCE Path Traversal
CVE-2026-2386 MEDIUM CVSS 4.3
The Plus Addons for Elementor plugin for WordPress fails to validate post-type-specific permissions in its AJAX handler, allowing authenticated authors and above to create draft posts for restricted post types like pages and custom post types. An attacker with author-level access can bypass capability checks by directly specifying arbitrary post types, potentially enabling unauthorized content creation or manipulation of restricted content areas.

WordPress
CVE-2026-2281 MEDIUM CVSS 4.4
Stored XSS in WordPress Private Comment plugin up to version 0.0.4 allows authenticated administrators to inject malicious scripts via the label text setting due to inadequate input sanitization and output escaping. The injected scripts execute in the browsers of users viewing affected pages, impacting multi-site WordPress installations or those with unfiltered_html disabled. No patch is currently available.

WordPress XSS
CVE-2026-2230 MEDIUM CVSS 4.3
The Booking Calendar plugin for WordPress through version 10.14.14 contains an insecure direct object reference in the handle_ajax_save function that fails to validate user-controlled input, allowing authenticated subscribers and above with booking permissions to modify other users' plugin settings and disrupt their booking calendar functionality. This vulnerability requires valid WordPress credentials but poses a direct threat to multi-user WordPress installations where booking functionality is delegated across accounts.

WordPress
CVE-2026-2127 MEDIUM CVSS 5.4
Arbitrary shortcode execution in the SiteOrigin Widgets Bundle plugin for WordPress affects authenticated users with Subscriber access and above due to missing capability checks in an AJAX preview function. Attackers can exploit this vulnerability to execute arbitrary shortcodes when the Post Carousel widget is present, as the required nonce is publicly exposed in the page HTML. No patch is currently available.

WordPress
CVE-2026-2126 MEDIUM CVSS 5.3
Unauthenticated attackers can manipulate post category assignments in the WordPress User Submitted Posts plugin through missing authorization checks on user-supplied category IDs. This allows bypassing frontend category restrictions to assign posts to arbitrary or restricted categories via crafted POST requests. The vulnerability affects all versions up to 20260113 with no patch currently available.

WordPress
CVE-2026-2112 MEDIUM CVSS 4.3
Unauthenticated attackers can delete all pending comments in WordPress sites running the Dam Spam plugin up to version 1.0.8 by exploiting missing CSRF protections, requiring only that an administrator be tricked into clicking a malicious link. An attacker with this capability can disrupt comment moderation workflows and potentially suppress legitimate user feedback. No patch is currently available for this vulnerability.

WordPress CSRF
CVE-2026-2023 MEDIUM CVSS 4.3
The WP Plugin Info Card plugin for WordPress versions up to 6.2.0 contains a cross-site request forgery vulnerability in its AJAX handler due to disabled nonce validation, allowing unauthenticated attackers to create or modify custom plugin entries if a site administrator can be tricked into clicking a malicious link. An attacker could leverage this to inject arbitrary plugin configurations that could be used for further compromise of the WordPress installation. No patch is currently available.

WordPress CSRF
CVE-2026-1943 MEDIUM CVSS 4.4
Stored XSS in YayMail plugin for WordPress (versions up to 4.3.2) allows authenticated Shop Manager-level users to inject malicious scripts through inadequately sanitized settings, affecting multi-site installations or those with disabled unfiltered_html. Attackers can execute arbitrary JavaScript in pages viewed by other users, though exploitation requires elevated privileges and specific WordPress configurations. No patch is currently available.

WordPress XSS
CVE-2026-1942 MEDIUM CVSS 6.5
Unauthorized post modification in Blog2Social plugin for WordPress versions up to 8.7.4 allows authenticated subscribers and higher-privileged users to alter arbitrary post and page content due to missing post-level permission checks in the curation draft AJAX handler. An attacker can exploit this by providing a target post ID to overwrite titles and content across the site without proper authorization.

WordPress
CVE-2026-1941 MEDIUM CVSS 6.4
Stored cross-site scripting in WP Event Aggregator plugin through version 1.8.7 allows authenticated contributors and above to inject malicious scripts via the wp_events shortcode due to inadequate input sanitization. When site visitors access pages containing the injected payload, the scripts execute in their browsers, potentially compromising user sessions and data. No patch is currently available, leaving affected WordPress installations vulnerable.

WordPress XSS
CVE-2026-1938 MEDIUM CVSS 5.3
Unauthorized license key deletion in the YayMail WooCommerce Email Customizer plugin (versions up to 4.3.2) stems from missing authorization checks on a REST API endpoint, allowing authenticated Shop Manager-level users to remove the plugin license if they can obtain the REST API nonce. This integrity violation affects WordPress installations running the vulnerable plugin and could disrupt email customization functionality.

WordPress
CVE-2026-1925 MEDIUM CVSS 4.3
The EmailKit - Email Customizer for WooCommerce & WP plugin through version 1.6.2 fails to properly validate user permissions on the template update function, allowing any authenticated user with Subscriber-level access or higher to modify post titles across the WordPress site. This capability check bypass affects all post types including standard posts, pages, and custom post types, enabling unauthorized content manipulation by low-privileged attackers. No patch is currently available.

WordPress
CVE-2026-1906 MEDIUM CVSS 4.3
Authenticated attackers with Subscriber-level or higher access to WordPress sites running PDF Invoices & Packing Slips for WooCommerce through version 5.6.0 can modify Peppol/EDI endpoint identifiers for arbitrary orders due to missing authorization checks in the plugin's AJAX handler. This allows attackers to redirect invoices to different endpoints, potentially disrupting payment processing and exposing sensitive customer data. No patch is currently available.

WordPress
CVE-2026-1860 MEDIUM CVSS 4.3
The Kali Forms WordPress plugin through version 2.4.8 allows authenticated contributors and higher-privileged users to read sensitive form data of other users via insecure direct object reference on the REST API, exposing form configurations, reCAPTCHA keys, email templates, and server paths. The vulnerability stems from insufficient permission validation that only checks for the generic `edit_posts` capability rather than verifying ownership of specific form resources. Attackers can exploit this through form ID enumeration without requiring any interaction or elevated privileges beyond basic authenticated access.

WordPress
CVE-2026-1857 MEDIUM CVSS 4.3
Insufficient input validation in the Gutenberg Blocks with AI by Kadence WP plugin allows authenticated contributors and above to perform server-side request forgery against GetResponse API endpoints, potentially exposing sensitive data like contacts and campaigns stored on the site. The vulnerability stems from overly permissive access controls that grant the dangerous `endpoint` parameter manipulation to users with only Contributor-level privileges instead of requiring administrator access. Attackers can also extract the site's stored GetResponse API credentials from request headers during exploitation.

WordPress SSRF AI / ML
CVE-2026-1807 MEDIUM CVSS 6.4
InteractiveCalculator for WordPress (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS
CVE-2026-1666 MEDIUM CVSS 6.1
The Download Manager plugin for WordPress through version 3.3.46 contains a reflected XSS vulnerability in the 'redirect_to' parameter that allows unauthenticated attackers to inject malicious scripts. An attacker can exploit this by crafting a malicious link that, when clicked by a victim, executes arbitrary JavaScript in their browser session. No patch is currently available for this vulnerability.

WordPress XSS
CVE-2026-1656 MEDIUM CVSS 5.3
Business Directory (WordPress plugin) versions up to 6.4.20. is affected by missing authorization (CVSS 5.3).

WordPress
CVE-2026-1655 MEDIUM CVSS 4.3
Authenticated users can modify WordPress posts in the EventPrime plugin (versions up to 4.2.8.4) due to missing authorization validation in the event submission function, allowing customer-level attackers to alter administrator-created events by manipulating post identifiers if they possess a valid nonce. The vulnerability requires user authentication and does not enable unauthorized access but permits unauthorized modification of existing content.

WordPress
CVE-2026-1649 MEDIUM CVSS 4.4
Stored XSS in WordPress Community Events plugin through the 'ce_venue_name' parameter allows authenticated administrators to inject malicious scripts that execute for all users viewing affected pages. The vulnerability exists in versions up to 1.5.7 due to inadequate input sanitization and output escaping, with no patch currently available.

WordPress XSS
CVE-2026-1640 MEDIUM CVSS 4.3
The Taskbuilder WordPress plugin through version 5.0.2 fails to properly authorize AJAX comment submission functions, allowing authenticated subscribers to post comments on any project or task regardless of access permissions. Attackers can exploit this to comment on private projects they cannot view and inject malicious HTML/CSS through unsanitized input parameters.

WordPress
CVE-2026-1639 MEDIUM CVSS 6.5
SQL injection in the Taskbuilder WordPress plugin through unescaped 'order' and 'sort_by' parameters allows authenticated users with subscriber-level privileges to extract sensitive database information via time-based blind SQL injection attacks. The vulnerability affects all versions up to 5.0.2 and has no available patch. Attackers can craft malicious queries to systematically retrieve confidential data from the WordPress database.

WordPress SQLi
CVE-2026-1441 MEDIUM CVSS 6.1
Graylog Web Interface 2.2.3 contains a reflected XSS vulnerability in the /system/index_sets/ endpoint where unsanitized URL parameters are echoed into HTML responses, enabling attackers to execute arbitrary JavaScript in users' browsers. An attacker can craft a malicious URL to steal session cookies, hijack user sessions, or perform unauthorized actions within the victim's Graylog interface. No patch is currently available for this vulnerability.

XSS Graylog
CVE-2026-1440 MEDIUM CVSS 6.1
Reflected XSS in Graylog Web Interface version 2.2.3 fails to properly sanitize user-supplied input in the /system/pipelines/ endpoint, enabling attackers to inject malicious JavaScript through specially crafted URLs. An attacker can execute arbitrary scripts in a victim's browser and potentially hijack user sessions when the victim visits a malicious link. No patch is currently available for this vulnerability.

XSS Graylog
CVE-2026-1439 MEDIUM CVSS 6.1
Graylog Web Interface 2.2.3 contains a reflected XSS vulnerability in the /alerts/ endpoint where unencoded URL parameters are reflected in HTML responses, enabling attackers to execute arbitrary JavaScript in a victim's browser through malicious links. Successful exploitation allows session hijacking and limited account manipulation when users click crafted URLs. No patch is currently available for this vulnerability.

XSS Graylog
CVE-2026-1438 MEDIUM CVSS 6.1
Graylog Web Interface 2.2.3 contains a reflected XSS vulnerability in the /system/nodes/ endpoint where unescaped URL parameters are reflected in HTML responses, enabling attackers to execute arbitrary JavaScript in a victim's browser. An attacker can craft a malicious URL to steal session credentials or manipulate user actions within the affected Graylog instance when a user clicks the link. No patch is currently available for this vulnerability.

XSS Graylog
CVE-2026-1437 MEDIUM CVSS 6.1
Reflected XSS in Graylog 2.2.3's web interface allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting malicious URLs that bypass HTML output sanitization, particularly through the user edit endpoint. An attacker can exploit this to perform session hijacking or manipulate user context with no user interaction required beyond visiting a crafted link. No patch is currently available for this vulnerability.

XSS Graylog
CVE-2026-1436 MEDIUM CVSS 6.5
Graylog 2.2.3 contains an insecure direct object reference (IDOR) vulnerability in its user API endpoint that allows authenticated users to enumerate and access other users' profiles by manipulating user IDs in requests. An attacker with valid credentials can extract sensitive information including usernames, email addresses, internal identifiers, and last activity timestamps from arbitrary user accounts. No patch is currently available for this vulnerability.

Authentication Bypass Graylog
CVE-2026-1404 MEDIUM CVSS 6.1
The Ultimate Member WordPress plugin through version 2.11.1 contains a reflected XSS vulnerability in filter parameters that lack proper input sanitization and output escaping. Unauthenticated attackers can inject malicious scripts into pages by crafting malicious links and convincing users to click them. Successful exploitation results in arbitrary JavaScript execution in the context of the affected user's browser session.

WordPress XSS
CVE-2026-1355 MEDIUM CVSS 6.5
GitHub Enterprise Server versions before 3.20 contain an authorization bypass in the repository migration upload endpoint that permits authenticated attackers to inject malicious content into other users' migration exports. An attacker can overwrite a victim's migration archive and cause them to download compromised repository data during restoration or automated imports. No patch is currently available, affecting all versions prior to 3.20.

Github Enterprise Server
CVE-2026-1344 MEDIUM CVSS 6.5
Enforce Recovery Key Portal is affected by incorrect permission assignment for critical resource (CVSS 6.5).

Privilege Escalation Enforce Recovery Key Portal
CVE-2026-1317 MEDIUM CVSS 6.5
SQL injection in the WP Import - Ultimate CSV Importer plugin for WordPress (versions up to 7.37) allows authenticated subscribers and higher-privileged users to inject malicious SQL commands through specially crafted filenames during file uploads. When the Single Import/Export feature is enabled on PHP versions below 8.0, attackers can extract sensitive database information by exploiting insufficient input validation. The vulnerability requires valid WordPress credentials but poses a medium risk due to its direct access to database contents.

WordPress PHP SQLi
CVE-2026-1304 MEDIUM CVSS 4.4
Stored Cross-Site Scripting in the Membership Plugin for WordPress versions up to 3.2.18 allows authenticated administrators to inject malicious scripts into invoice settings fields due to inadequate input sanitization. When other users access pages containing the injected code, the scripts execute in their browsers, potentially compromising their sessions or stealing sensitive data. Exploitation requires administrator-level access and no patch is currently available.

WordPress XSS
CVE-2026-1296 MEDIUM CVSS 6.1
Frontend Post Submission Manager Lite (WordPress plugin) versions up to 1.2.7 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).

WordPress Open Redirect
CVE-2026-1277 MEDIUM CVSS 4.7
URL Shortify (WordPress plugin) versions up to 1.12.1 is affected by url redirection to untrusted site (open redirect) (CVSS 4.7).

WordPress Open Redirect
CVE-2026-1200 MEDIUM CVSS 6.3
Memory corruption in the rgaufman/live555 fork's `increaseBufferTo` function can be triggered by remote attackers with low privileges, causing segmentation faults and potential system instability. The vulnerability requires network access but no user interaction, affecting systems running vulnerable versions of the affected library. No patch is currently available for this issue.

Memory Corruption Redhat Suse
CVE-2026-1072 MEDIUM CVSS 4.3
Keybase.io Verification (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF
CVE-2026-0665 MEDIUM CVSS 6.5
QEMU's KVM Xen guest support contains an off-by-one error in the physdev hypercall interface that allows authenticated guest users to trigger out-of-bounds heap memory access within the hypervisor process. This vulnerability can lead to denial of service through memory corruption, potentially affecting virtualized environments running QEMU with Xen guest support enabled. No patch is currently available.

Memory Corruption Denial Of Service Redhat Suse
CVE-2025-71237 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential block overflow that cause system hang When a user executes the FITRIM command, an underflow can occur when calculating nblocks if end_block is too small.

Linux Buffer Overflow Linux Kernel Redhat Suse
CVE-2025-71236 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp before freeing associated memory System crash with the following signature [154563.214890] nvme nvme2: NVME-FC{1}: controller connect complete [154564.169363] qla2xxx [0000:b0:00.1]-3002:2: nvme: Sched: Set ZIO exchange threshold to 3.

Linux Null Pointer Dereference Denial Of Service Microsoft Linux Kernel
CVE-2025-71235 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop.

Linux Denial Of Service Linux Kernel Redhat Suse
CVE-2025-71233 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Redhat
CVE-2025-71232 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Free sp in error path to fix system crash System crash seen during load/unload test in a loop, [61110.449331] qla2xxx [0000:27:00.0]-0042:0: Disabled MSI-X.

Linux Denial Of Service Linux Kernel Redhat Suse
CVE-2025-71230 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb->s_fs_info is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb->s_fs_info.

Linux Information Disclosure Linux Kernel Redhat Suse
CVE-2025-71229 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() rtw_core_enable_beacon() reads 4 bytes from an address that is not a multiple of 4. This results in a crash on some systems.

Linux Denial Of Service Linux Kernel Redhat Suse
CVE-2025-71227 MEDIUM CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g.

Linux Information Disclosure Linux Kernel Redhat Suse
CVE-2025-71225 MEDIUM CVSS 5.3
In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raid_disks via sysfs In raid1_reshape(), freeze_array() is called before modifying the r1bio memory pool (conf->r1bio_pool) and conf->raid_disks, and unfreeze_array() is called after the update is completed.

Linux Information Disclosure Linux Kernel Redhat Suse
CVE-2025-70063 MEDIUM CVSS 6.5
Hospital Management System versions up to 4.0 is affected by authorization bypass through user-controlled key (CVSS 6.5).

Authentication Bypass Hospital Management System
CVE-2025-70062 MEDIUM CVSS 6.5
Hospital Management System versions up to 4.0 is affected by cross-site request forgery (csrf) (CVSS 6.5).

PHP CSRF Hospital Management System
CVE-2025-69287 MEDIUM CVSS 5.4
BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. versions up to 2.0.0 contains a security vulnerability (CVSS 5.4).

Python Authentication Bypass
CVE-2025-65519 MEDIUM CVSS 6.5
mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. [CVSS 6.5 MEDIUM]

Denial Of Service Ezbookkeeping
CVE-2025-14876 MEDIUM CVSS 5.5
A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. [CVSS 5.5 MEDIUM]

Denial Of Service Redhat Suse
CVE-2025-14799 MEDIUM CVSS 6.5
The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison (==) instead of strict comparison (===) when validating the installation ID in the `/wp-json/mailin/v1/mailin_disconnect` REST API endpoint. This makes it possible for unauthenticated attackers to disconnect the Brevo integration, delete the API key, remove all subscription form...

WordPress PHP
CVE-2025-14444 MEDIUM CVSS 5.3
The RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process_paypal_sdk_payment' function in all versions up to, and including, 6.0.6.9. [CVSS 5.3 MEDIUM]

WordPress PHP
CVE-2025-13959 MEDIUM CVSS 6.4
The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-13727 MEDIUM CVSS 4.4
The Video Share VOD - Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]

WordPress XSS PHP
CVE-2025-12356 MEDIUM CVSS 4.3
The Tickera - Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_change_ticket_status' AJAX endpoint in all versions up to, and including, 3.5.6.4. [CVSS 4.3 MEDIUM]

WordPress PHP
CVE-2025-12122 MEDIUM CVSS 6.4
The Popup Box - Easily Create WordPress Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-12075 MEDIUM CVSS 4.3
The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wos_troubleshooting' AJAX endpoint in all versions up to, and including, 5.3.5. [CVSS 4.3 MEDIUM]

WordPress PHP
CVE-2025-12074 MEDIUM CVSS 5.3
The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'context_blog_modal_popup' due to insufficient restrictions on which posts can be included. [CVSS 5.3 MEDIUM]

WordPress Information Disclosure PHP
CVE-2025-12071 MEDIUM CVSS 4.3
Frontend User Notes (WordPress plugin) versions up to 2.1.0 is affected by authorization bypass through user-controlled key (CVSS 4.3).

WordPress PHP
CVE-2025-12037 MEDIUM CVSS 4.4
WP 404 Auto Redirect to Similar Post (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 4.4).

WordPress XSS PHP
CVE-2025-11737 MEDIUM CVSS 6.4
VK All in One Expansion Unit (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS PHP
CVE-2025-11185 MEDIUM CVSS 6.4
The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
CVE-2025-10256 MEDIUM CVSS 5.3
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. [CVSS 5.3 MEDIUM]

Null Pointer Dereference Denial Of Service Ffmpeg Redhat Suse
CVE-2025-8781 MEDIUM CVSS 4.9
The Bookster - WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘raw’ parameter in all versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 4.9 MEDIUM]

WordPress SQLi PHP
CVE-2025-8308 MEDIUM CVSS 6.3
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Key Software Solutions Inc. [CVSS 6.3 MEDIUM]

XSS
CVE-2025-7630 MEDIUM CVSS 5.3
Doruk Communication and Automation Industry and Trade Inc. Wispotter is affected by improper authentication (CVSS 5.3).

Authentication Bypass
CVE-2025-6460 MEDIUM CVSS 6.4
Display During Conditional Shortcode (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS PHP
CVE-2025-0577 MEDIUM CVSS 4.8
An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions. [CVSS 4.8 MEDIUM]

Information Disclosure Redhat Suse
CVE-2019-25400 MEDIUM CVSS 5.4
IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the fwhosts.cgi script that allow attackers to inject malicious scripts through multiple parameters including HOSTNAME, IP, SUBNET, NETREMARK, HOSTREMARK, newhost, grp_name, remark, SRV_NAME, SRV_PORT, SRVGRP_NAME, SRVGRP_REMARK, and updatesrvgrp. [CVSS 5.4 MEDIUM]

XSS Ipfire
CVE-2019-25399 MEDIUM CVSS 6.4
IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. [CVSS 6.4 MEDIUM]

XSS Ipfire
CVE-2019-25398 MEDIUM CVSS 6.1
IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. [CVSS 6.1 MEDIUM]

XSS Ipfire
CVE-2019-25397 MEDIUM CVSS 6.1
IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. [CVSS 6.1 MEDIUM]

XSS Ipfire
CVE-2019-25396 MEDIUM CVSS 6.1
IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. [CVSS 6.1 MEDIUM]

XSS Ipfire
CVE-2019-25356 MEDIUM CVSS 6.1
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. [CVSS 6.1 MEDIUM]

XSS
CVE-2019-25326 MEDIUM CVSS 6.2
ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte buffer of repeated 'A' characters to trigger an application crash when pasting the malicious content. [CVSS 6.2 MEDIUM]

Denial Of Service Ippulse
CVE-2026-27171 LOW CVSS 2.9
zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition. [CVSS 2.9 LOW]

Information Disclosure
CVE-2026-20137 LOW CVSS 3.5
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. [CVSS 3.5 LOW]

Path Traversal
CVE-2026-2662 LOW CVSS 3.3
A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. [CVSS 3.3 LOW]

Buffer Overflow
CVE-2026-2661 LOW CVSS 3.3
A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. [CVSS 3.3 LOW]

Buffer Overflow Heap Overflow
CVE-2026-2660 LOW CVSS 3.3
A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. [CVSS 3.3 LOW]

Use After Free
CVE-2026-2659 LOW CVSS 3.3
A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. [CVSS 3.3 LOW]

Buffer Overflow
CVE-2026-2657 LOW CVSS 3.3
A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. [CVSS 3.3 LOW]

Buffer Overflow Stack Overflow
CVE-2026-2656 LOW CVSS 2.5
A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::bare_equal of the file include/chaiscript/dispatchkit/type_info.hpp. [CVSS 2.5 LOW]

Use After Free
CVE-2026-2655 LOW CVSS 2.5
A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::str_less::operator of the file include/chaiscript/chaiscript_defines.hpp. [CVSS 2.5 LOW]

Use After Free
CVE-2026-2644 LOW CVSS 3.3
A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. [CVSS 3.3 LOW]

Buffer Overflow
CVE-2026-2642 LOW CVSS 3.3
A security vulnerability has been detected in ggreer the_silver_searcher versions up to 2.2.0. is affected by improper resource shutdown or release (CVSS 3.3).

Null Pointer Dereference
CVE-2026-2641 LOW CVSS 3.3
A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. The ...

Denial Of Service
CVE-2026-2464 None
Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service.

Windows Path Traversal
CVE-2026-2419 LOW CVSS 2.7
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. [CVSS 2.7 LOW]

WordPress Path Traversal
CVE-2026-1831 LOW CVSS 2.7
YayMail - WooCommerce Email Customizer (WordPress plugin) is affected by missing authorization (CVSS 2.7).

WordPress
CVE-2026-1582 LOW CVSS 3.7
The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison (==) instead of strict comparison (===). This makes it possible for unauthenticated attackers to bypass authentication using "magic hash" values when the expected MD5 hash prefix happens to be numeric-looking (matching pa...

WordPress PHP Authentication Bypass Information Disclosure
CVE-2025-71228 None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
CVE-2025-71226 None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
CVE-2025-59920 None
When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection.

SQLi
CVE-2025-15581 None
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.

Privilege Escalation
CVE-2025-15579 None
Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or privilege escalation.

RCE Denial Of Service Privilege Escalation Deserialization
CVE-2025-14340 None
Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.

XSS
CVE-2025-13965 None
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
CVE-2025-13933 None
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
CVE-2025-13602 None
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
CVE-2025-12812 None
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Delinea Inc. Cloud Suite and Privileged Access Service.

SQLi
CVE-2025-12811 None
Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and Privileged Access Service.

Code Injection
CVE-2025-12343 LOW CVSS 3.3
Ffmpeg contains a vulnerability that allows attackers to a double-free condition, potentially causing FFmpeg or any application using it (CVSS 3.3).

Denial Of Service RCE Tensorflow AI / ML
CVE-2025-8860 LOW CVSS 3.3
A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write callback `uefi_vars_write` is invoked. [CVSS 3.3 LOW]

Information Disclosure

Today's Vulnerabilities Vulnerabilities