CVE-2026-39695 - Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allows Server Side Reque

CVE-2026-39694 - Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appoint

CVE-2026-39693 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39692 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39691 - Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto

CVE-2026-39690 - Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows E

CVE-2026-39689 - Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploitin

CVE-2026-39688 - Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exp

CVE-2026-39687 - Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-dat

CVE-2026-39686 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersk

CVE-2026-39685 - Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Inco

CVE-2026-39684 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39683 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39682 - Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploi

CVE-2026-39681 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39680 - Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculat

CVE-2026-39679 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39678 - Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Expl

CVE-2026-39677 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39676 - Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting

CVE-2026-39675 - Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiti

CVE-2026-39674 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39673 - Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorre

CVE-2026-39672 - Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discoun

CVE-2026-39671 - Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-co

CVE-2026-39670 - Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview a

CVE-2026-39669 - Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Con

CVE-2026-39668 - Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woo

CVE-2026-39667 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39666 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39665 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39664 - Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly C

CVE-2026-39663 - Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allo

CVE-2026-39662 - Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product

CVE-2026-39660 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-39659 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-39658 - Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-fi

CVE-2026-39657 - Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploitin

CVE-2026-39656 - Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploit

CVE-2026-39654 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39653 - Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-confere

CVE-2026-39652 - Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploitin

CVE-2026-39651 - Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting I

CVE-2026-39650 - Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allo

CVE-2026-39649 - Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrect

CVE-2026-39648 - Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly

CVE-2026-39647 - Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podca

CVE-2026-39646 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39645 - Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPayments WooCommerce globa

CVE-2026-39644 - Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploitin

CVE-2026-39643 - Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntp

CVE-2026-39641 - Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site

CVE-2026-39640 - Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Cod

CVE-2026-39639 - Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allow

CVE-2026-39638 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39637 - Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured A

CVE-2026-39636 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39635 - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cr

CVE-2026-39634 - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows

CVE-2026-39633 - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows

CVE-2026-39632 - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site

CVE-2026-39631 - Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiti

CVE-2026-39630 - Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Se

CVE-2026-39629 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutet

CVE-2026-39628 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutet

CVE-2026-39627 - Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Ac

CVE-2026-39626 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutet

CVE-2026-39625 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutet

CVE-2026-39624 - Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Conf

CVE-2026-39623 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39622 - Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting In

CVE-2026-39621 - Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a

CVE-2026-39620 - Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Up

CVE-2026-39619 - Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a

CVE-2026-39618 - Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site Requ

CVE-2026-39617 - Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cros

CVE-2026-39616 - Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments down

CVE-2026-39615 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39614 - Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exp

CVE-2026-39613 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39612 - Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Co

CVE-2026-39611 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39610 - Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorr

CVE-2026-39609 - Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrect

CVE-2026-39608 - Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exp

CVE-2026-39607 - Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly

CVE-2026-39606 - Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectl

CVE-2026-39605 - Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiti

CVE-2026-39604 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39603 - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography grandphotography all

CVE-2026-39602 - Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting In

CVE-2026-39592 - Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows

CVE-2026-39588 - Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-an

CVE-2026-39586 - Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer

CVE-2026-39585 - Missing Authorization vulnerability in Arraytics Booktics allows Exploiting Incorrectly Configured A

CVE-2026-39575 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39572 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeop

CVE-2026-39571 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic

CVE-2026-39570 - Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting Li

CVE-2026-39569 - Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allo

CVE-2026-39566 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designin

CVE-2026-39565 - Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploit

CVE-2026-39564 - Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo

CVE-2026-39563 - Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Inc

CVE-2026-39562 - Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices

CVE-2026-39561 - Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Co

CVE-2026-39544 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39543 - Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Config

CVE-2026-39542 - Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommer

CVE-2026-39541 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39538 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-39536 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill

CVE-2026-39535 - Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api

CVE-2026-39528 - Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting

CVE-2026-39526 - Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows

CVE-2026-39521 - Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allow

CVE-2026-39520 - Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured

CVE-2026-39517 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39516 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH

CVE-2026-39510 - Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final

CVE-2026-39509 - Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly C

CVE-2026-39508 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39506 - Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting In

CVE-2026-39505 - Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-pod

CVE-2026-39504 - Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Inc

CVE-2026-39501 - Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Exploitin

CVE-2026-39500 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39497 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39496 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39495 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39488 - Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Conf

CVE-2026-39487 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39486 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39485 - Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploi

CVE-2026-39484 - URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hi

CVE-2026-39483 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39482 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39479 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39477 - Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorr

CVE-2026-39476 - Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting

CVE-2026-39475 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39473 - Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History sim

CVE-2026-39469 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softacul

CVE-2026-39466 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39464 - Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction &

CVE-2026-33088 - Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an a

CVE-2026-25776 - Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an a

CVE-2026-1396 - The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-4655 - The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Script

CVE-2026-4654 - The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Inse

CVE-2026-4483 - An exposed IOCTL with an  insufficient access control vulnerability has been identified in the utili

CVE-2026-4330 - The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorizat

CVE-2026-5508 - The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wow

CVE-2026-5506 - The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wave` s

CVE-2026-5169 - The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-5167 - The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vul

CVE-2026-4871 - The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-4808 - The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads d

CVE-2026-4338 - The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowe

CVE-2026-4141 - The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi

CVE-2026-3781 - The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgr_off' para

CVE-2026-3618 - The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-3594 - The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in

CVE-2026-3535 - The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to m

CVE-2026-3480 - The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to an

CVE-2026-3477 - The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions

CVE-2026-3142 - The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vulnerable to Stored C

CVE-2026-2838 - The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scrip

CVE-2025-1794 - The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded S

CVE-2026-5083 - Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is gen

CVE-2026-5082 - Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure sessi

CVE-2026-3311 - The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCom

CVE-2026-33273 - Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If

CVE-2026-27787 - Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is

CVE-2026-24913 - SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exp

CVE-2026-4785 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2026-4341 - The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scri

CVE-2026-4333 - The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Script

CVE-2026-4299 - The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions

CVE-2026-4003 - The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User

CVE-2026-3646 - The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to Missing Authoriz

CVE-2026-3600 - The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-annou

CVE-2026-3513 - The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Si

CVE-2026-3239 - The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl

CVE-2026-4379 - The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `g

CVE-2026-2988 - The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'po

CVE-2026-5726 - ASDA-Soft Stack-based Buffer Overflow Vulnerability

CVE-2026-1163 - An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. Th

CVE-2026-3499 - The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPres

CVE-2026-3296 - The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to,

CVE-2026-33810 - When verifying a certificate chain containing excluded DNS constraints, these constraints are not co

CVE-2026-32289 - Context was not properly tracked across template branches for JS template literals, leading to possi

CVE-2026-32288 - tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive con

CVE-2026-32283 - If one side of the TLS connection sends multiple key update messages post-handshake in a single reco

CVE-2026-32282 - On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in pro

CVE-2026-32281 - Validating certificate chains which use policies is unexpectedly inefficient when certificates in th

CVE-2026-32280 - During chain building, the amount of work that is done is not correctly limited when a large number

CVE-2026-27144 - The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface

CVE-2026-27143 - Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. A

CVE-2026-27140 - SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrar

CVE-2025-14732 - The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to

CVE-2026-4788 - IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that co

CVE-2026-3357 - IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbit

CVE-2026-1346 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2026-1343 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2026-5747 - An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.

CVE-2026-4406 - The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `form

CVE-2026-4401 - The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the `action

CVE-2026-4394 - The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit C

CVE-2026-2263 - The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to

CVE-2026-1342 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2026-4656 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-39936 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2026-39935 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2025-20628 - An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Id

CVE-2026-4065 - The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of dat

CVE-2026-39937 - Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia

CVE-2026-39934 - Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Med

CVE-2026-39933 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2026-39847 - Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, th

CVE-2026-39846 - SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another

CVE-2026-35568 - MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0

CVE-2026-35406 - Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a t

CVE-2026-34781 - Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and C

CVE-2026-34765 - Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and C

CVE-2026-34582 - Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed App

CVE-2026-34580 - Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known ha

CVE-2026-34371 - LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name fie

CVE-2026-34079 - Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching f

CVE-2026-34078 - Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak p

CVE-2026-31790 - Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can

CVE-2026-31789 - Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a

CVE-2026-28390 - Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientIn

CVE-2026-28389 - Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a

CVE-2026-28388 - Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL po

CVE-2026-28387 - Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication

CVE-2026-28386 - Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VA

CVE-2026-39401 - Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.11

CVE-2026-39400 - Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.11

CVE-2026-39397 - @delmaredigital/payload-puck is a PayloadCMS plugin for integrating Puck visual page builder. Prior

CVE-2026-35533 - mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mis

CVE-2026-34080 - xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerabi

CVE-2026-34045 - Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an

CVE-2026-33439 - Open Access Management (OpenAM) is an access management solution. Prior to 16.0.6, OpenIdentityPlatf

CVE-2026-32712 - Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter

CVE-2026-29181 - OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value bagga

CVE-2026-27949 - Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified i

CVE-2026-5741 - A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is t

CVE-2026-5739 - A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the funct

CVE-2026-3566 - Rejected reason: After further discussion, the issue was determined to not meet the criteria for CVE