Skip to main content
CVE-2026-32774 MEDIUM PATCH This Month

A cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts (CVSS 6.4) that allows attackers. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

XSS Vulnogram
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4179 MEDIUM This Month

The STM32 USB device driver in Zephyr contains a logic error that can trigger an infinite loop, allowing a local attacker with user-level privileges to cause a denial of service by halting system responsiveness. No patch is currently available for this medium-severity defect that affects the USB subsystem's operational stability.

Denial Of Service Zephyr
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-1870 MEDIUM This Month

The Thim Kit for Elementor plugin for WordPress versions up to 1.3.7 allows unauthenticated attackers to access private and draft LearnPress course content through an improperly secured REST API endpoint that accepts arbitrary post status parameters. The vulnerability stems from missing input validation on the 'thim-ekit/archive-course/get-courses' endpoint, enabling information disclosure to any remote attacker without authentication or user interaction. No patch is currently available for this medium-severity flaw affecting WordPress installations using the vulnerable plugin.

WordPress Authentication Bypass Elementor
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-1948 MEDIUM This Month

The NEX-Forms Ultimate Forms Plugin for WordPress contains a missing capability check vulnerability in the deactivate_license() function, allowing authenticated attackers with Subscriber-level privileges to deactivate the plugin license without proper authorization. This authorization bypass affects all versions up to and including 9.1.9 and has a CVSS score of 4.3 (Low severity), indicating limited direct impact but meaningful privilege escalation concerns for multi-user WordPress installations.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy