Skip to main content
CVE-2026-21622 CRITICAL Act Now

Insufficient session expiration in hexpm. Password reset tokens never expire, enabling persistent account takeover.

Information Disclosure Hexpm
NVD GitHub VulDB
CVSS 4.0
9.5
EPSS
0.1%
CVE-2026-28474 CRITICAL PATCH Act Now

Authentication bypass in OpenClaw's Nextcloud Talk plugin versions ≤2026.2.2 allows remote unauthenticated attackers to bypass DM and room allowlists by spoofing display names. Attackers can change their Nextcloud display name to match an allowlisted user ID, gaining unauthorized access to restricted conversations without authentication. EPSS score is low (0.05%, 16th percentile), indicating low observed exploitation probability. No active exploitation confirmed; vulnerability was responsibly disclosed by AISLE Research Team and patched in version 2026.2.6.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-30797 CRITICAL Act Now

Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.

Google Apple Information Disclosure Microsoft Android +2
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-28115 CRITICAL Act Now

SQL injection in WP Attractive Donations System WordPress plugin.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-69338 CRITICAL Act Now

Blind SQL injection in Riode Core (riode-core) WordPress theme/plugin core allows data extraction from the database.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-70948 CRITICAL Act Now

Host header injection in @perfood/couch-auth v0.26.0 for password reset token theft.

Code Injection
NVD GitHub
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-30793 CRITICAL Act Now

Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.

CSRF Privilege Escalation Authentication Bypass Google Apple +4
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-28470 CRITICAL PATCH Act Now

Exec allowlist bypass in OpenClaw before 2026.2.2 via argument injection. Patch available.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-24457 CRITICAL Act Now

Arbitrary file read in OpenMQ via configuration parsing. Can lead to full exploitation.

Path Traversal Open Message Queue
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-2418 CRITICAL Act Now

Auth bypass in Login with Salesforce WordPress plugin through 1.0.2.

WordPress Information Disclosure
NVD WPScan
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-2835 CRITICAL PATCH Act Now

HTTP request smuggling in Pingora HTTP/1.0 Transfer-Encoding handling.

Code Injection Pingora Cloudflare
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-2833 CRITICAL PATCH Act Now

HTTP request smuggling in Cloudflare Pingora HTTP/1.1 upgrade handling.

Code Injection Pingora Cloudflare
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-28114 CRITICAL Act Now

Deserialization of untrusted data in WooCommerce License Manager (fs-license-manager) WordPress theme allows PHP Object Injection, potentially enabling remote code execution through POP chains.

WordPress File Upload
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-23802 CRITICAL Act Now

Arbitrary file upload in AI Engine WordPress plugin.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-40931 CRITICAL Act Now

Insecure session ID generation in Apache::Session::Generate::MD5 through 1.94 for Perl.

Apache Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-30794 CRITICAL Act Now

Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.

Apple Information Disclosure Microsoft Google Rustdesk
NVD GitHub VulDB
CVSS 4.0
9.1
EPSS
0.0%
CVE-2024-57854 CRITICAL PATCH Act Now

Weak PRNG in Net::NSCA::Client through 0.009002 for Perl. Patch available.

Information Disclosure Net
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-27384 CRITICAL Act Now

Input quantity validation bypass in W3 Total Cache WordPress plugin.

Information Disclosure
NVD
CVSS 3.1
9.0
EPSS
0.1%
CVE-2025-55208 CRITICAL Act Now

Stored XSS in Chamilo LMS before 1.11.34 via file uploads in Social Networks. Leads to account takeover.

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-27984 CRITICAL Act Now

Code injection in Widget Options WordPress plugin.

Code Injection RCE
NVD
CVSS 3.1
9.0
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy