CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2021-47923 OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie 10.05.2026 9.3
CVE-2021-47932 WordPress TheCartPress 1.5.3.6 Privilege Escalation Unauthenticated 10.05.2026 9.3
CVE-2021-47933 WordPress MStore API 2.0.6 Arbitrary File Upload 10.05.2026 9.3
CVE-2021-47936 OpenCATS 0.9.4 Remote Code Execution via Resume Upload 10.05.2026 9.3
CVE-2021-47940 WordPress Download From Files 1.48 Arbitrary File Upload 10.05.2026 9.3
CVE-2026-6722 Use-After-Free in SOAP using Apache map 10.05.2026 9.5
CVE-2026-42569 phpvms: /importer authorization bypass causing full database wipe 09.05.2026 9.4
CVE-2026-42571 Privilege Escalation Attack affecting Pelican Web UI 09.05.2026 9
CVE-2026-42601 ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView 09.05.2026 9.3
CVE-2026-42560 auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation 09.05.2026 9.1
CVE-2026-44313 LinkWarden: Server-Side Request Forgery (SSRF) in Link Creation via fetchTitleAndHeaders Function 08.05.2026 9.1
CVE-2026-42354 Sentry: Improper authentication on SAML SSO process allows user identity linking 08.05.2026 9.1
CVE-2026-42454 Termix: OS Command Injection in Docker Container Management Endpoints 08.05.2026 9.9
CVE-2026-42298 Postiz: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev 08.05.2026 10
CVE-2026-42302 FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox 08.05.2026 9.8
CVE-2026-42287 Emlog: SQL Injection Vulnerability in log_model.php within addLog() and updateLog() Functions 08.05.2026 10
CVE-2026-42193 Plunk: SNS webhook forgery 08.05.2026 9.1
CVE-2026-42160 Data Space Portal: Incorrect Authorization and Client-Side Enforcement of Server-Side Security in ghcr.io/sovity/ds-portal-ce-backend 08.05.2026 10
CVE-2026-8178 Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver 08.05.2026 9.2
CVE-2026-42072 Nornicdb: Improper Network Binding in NornicDB Bolt Server allows unauthorized remote access 08.05.2026 9.8
CVE-2026-41070 openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access 08.05.2026 10
CVE-2026-41574 Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass 08.05.2026 9.3
CVE-2026-41583 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling 08.05.2026 9.3
CVE-2026-41584 ZEBRA: rk Identity Point Panic in Transaction Verification 08.05.2026 9.2
CVE-2026-41588 RELATE: Timing Attack Vulnerability in course/auth.py — check_sign_in_key() 08.05.2026 9
CVE-2026-44497 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer 08.05.2026 9.3
CVE-2026-44498 ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops 08.05.2026 9.2
CVE-2026-43376 ksmbd: fix use-after-free by using call_rcu() for oplock_info 11.05.2026 9.8
CVE-2026-43379 ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() 11.05.2026 9.8
CVE-2026-43383 net/tcp-md5: Fix MAC comparison to be constant-time 11.05.2026 9.4
CVE-2026-43384 net/tcp-ao: Fix MAC comparison to be constant-time 11.05.2026 9.8
CVE-2026-43402 kthread: consolidate kthread exit paths to prevent use-after-free 11.05.2026 9.8
CVE-2026-43406 libceph: prevent potential out-of-bounds reads in process_message_header() 11.05.2026 9.1
CVE-2026-43407 libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() 11.05.2026 9.1
CVE-2026-43414 scsi: qla2xxx: Completely fix fcport double free 11.05.2026 9.8
CVE-2026-43465 net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ 11.05.2026 9.8
CVE-2026-41497 Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI 08.05.2026 9.8
CVE-2026-41507 Remote Code Execution (RCE) via String Literal Injection into math-codegen 08.05.2026 9.8
CVE-2026-41512 Remote code execution via JavaScript injection in `BrowserAutomation::PlaywrightService` 08.05.2026 9.9
CVE-2026-43341 net/ipv6: ioam6: prevent schema length wraparound in trace fill 11.05.2026 9.8
CVE-2026-44126 Insecure deserialization 08.05.2026 9.2
CVE-2026-44336 PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection 08.05.2026 9.4
CVE-2026-43304 libceph: define and enforce CEPH_MAX_KEY_LEN 11.05.2026 9.8
CVE-2026-44125 Missing Authorization in GINAv2 08.05.2026 9.3
CVE-2026-44128 Unauthenticated Remote Code Execution 08.05.2026 9.3
CVE-2022-50994 DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi 08.05.2026 9.2
CVE-2026-8076 Weak credentials vulnerability in the CashDro 3 web administration panel 08.05.2026 9.3
CVE-2026-8153 Command injection in Dashboard Server interface 08.05.2026 9.8
CVE-2026-6213 Remote Spark SparkView RCE 08.05.2026 10
CVE-2026-41500 electerm has Command Injection Vulnerability via runMac function 08.05.2026 9.8
CVE-2026-41501 electerm has Command Injection Vulnerability via runLinux function 08.05.2026 9.8
CVE-2026-42208 LiteLLM: SQL injection in Proxy API key verification 09.05.2026 9.3
CVE-2026-43941 Unvalidated shell.openExternal in electerm allows arbitrary protocol execution via terminal link click 08.05.2026 9.6
CVE-2026-43944 electerm: dangerous code can be run through links or command line 08.05.2026 9.4
CVE-2026-42880 ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction 08.05.2026 9.6
CVE-2026-33109 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability 09.05.2026 9.9
CVE-2026-33823 Microsoft Team Events Portal Information Disclosure Vulnerability 08.05.2026 9.6
CVE-2026-33844 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability 09.05.2026 9
CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability 09.05.2026 9.6
CVE-2026-42826 Azure DevOps Information Disclosure Vulnerability 09.05.2026 10
CVE-2026-7891 08.05.2026 9.3
CVE-2026-41902 FreeScout's user invitation hash never expires: permanent unauthenticated account takeover if invite link leaks 08.05.2026 9.1
CVE-2026-7414 Hardcoded credentials in Yarbo robot firmware 07.05.2026 9.8
CVE-2026-7415 Open MQTT orchestration without read/write ACLs in Yarbo robot firmware 07.05.2026 9.8
CVE-2026-41589 Wish has SCP Path Traversal that allows arbitrary file read/write 07.05.2026 9.6
CVE-2026-6795 Open Redirect in DivvyDrive Information Technologies' DivvyDrive 07.05.2026 9.6
CVE-2026-6508 RCE in TUBITAK BILGEM's Liderahenk 07.05.2026 9.8
CVE-2026-33587 Remote Code Execution (RCE) via Server-Side Template Injection (SSTI) 07.05.2026 9.2
CVE-2026-41586 ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE 07.05.2026 9.3
CVE-2026-40982 10.05.2026 9.1
CVE-2026-41201 CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2 07.05.2026 9.1
CVE-2026-41202 ci4ms Backup::restore is vulnerable to Zip Slip leading to RCE 07.05.2026 9.4
CVE-2026-41203 ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE 07.05.2026 9.4
CVE-2026-40281 Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values 07.05.2026 10
CVE-2026-43575 OpenClaw 2026.2.21 < 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route 07.05.2026 9.2
CVE-2026-43578 OpenClaw 2026.3.31 < 2026.4.10 - Privilege Escalation via Missed Async Exec Completion Events in Heartbeat Owner Downgrade 07.05.2026 9.1
CVE-2026-43581 OpenClaw < 2026.4.10 - Chrome DevTools Protocol Exposure via Overly Broad CDP Relay Binding 07.05.2026 9
CVE-2026-43585 OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution 07.05.2026 9.2
CVE-2026-44109 OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation 07.05.2026 9.2
CVE-2026-40076 OpenMRS Core arbitrary file write and code execution via Zip Slip in module upload 07.05.2026 9.4
CVE-2026-41930 Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin 08.05.2026 9.2
CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database 06.05.2026 9
CVE-2026-29080 Rucio SQL Injection in FilterEngine Oracle JSON Path via DID Search API 06.05.2026 9.4
CVE-2026-7875 NanoClaw Host/Container Filesystem Boundary Vulnerability via Outbound Attachment Handling 07.05.2026 9.3
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree 08.05.2026 9.8
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation() 08.05.2026 9.8
CVE-2026-43186 ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() 08.05.2026 9.8
CVE-2026-43197 netconsole: avoid OOB reads, msg is not nul-terminated 08.05.2026 9.1
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock() 08.05.2026 9.8
CVE-2026-43208 net: do not pass flow_id to set_rps_cpu() 08.05.2026 9.8
CVE-2026-43083 net: ioam6: fix OOB and missing lock 08.05.2026 9.1
CVE-2026-43114 netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry 08.05.2026 9.4
CVE-2026-43117 btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() 08.05.2026 9.1
CVE-2026-34458 Sandboxie-Plus privilege escalation via INI CRLF injection bypassing EditAdminOnly 07.05.2026 9.3
CVE-2026-40329 SQL Injection vulnerability via sortBy in beanFeed 06.05.2026 9.3
CVE-2026-40330 Masa CMS SQL injection via sortDirection parameter in beanFeed 06.05.2026 9.3
CVE-2026-40331 Masa CMS unauthenticated SQL injection via altTable parameter in JSON API 06.05.2026 9.3
CVE-2026-33324 SQLBot prompt injection allows arbitrary SQL execution and remote code execution 05.05.2026 9.4
CVE-2026-34084 PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::load 05.05.2026 9.2
CVE-2026-27960 OpenCTI privilege escalation and unauthenticated access via default admin account 06.05.2026 9.8
CVE-2026-7854 D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow 06.05.2026 9.3
CVE-2026-7853 D-Link DI-8100 HTTP auto_reboot.asp sprintf buffer overflow 05.05.2026 9.3
CVE-2026-43067 ext4: handle wraparound when searching for blocks for indirect mapped blocks 08.05.2026 9.8
CVE-2026-43071 dcache: Limit the minimal number of bucket to two 08.05.2026 9.1
CVE-2026-7411 06.05.2026 10
CVE-2026-7834 EFM ipTIME NAS1dual misc_main.cgi get_csrf_whites stack-based overflow 05.05.2026 9.3
CVE-2023-54342 Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution 05.05.2026 9.3
CVE-2023-54344 Eclipse Equinox OSGi 3.7.2 Remote Code Execution via Console 05.05.2026 9.3
CVE-2026-43534 OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events 06.05.2026 9.3
CVE-2026-43566 OpenClaw 2026.4.7 < 2026.4.14 - Privilege Escalation via Untrusted Webhook Wake Events 05.05.2026 9.1
CVE-2026-40797 WordPress WebinarIgnition plugin <= 4.08.253 - SQL Injection vulnerability 05.05.2026 9.3
CVE-2026-7823 Totolink A8000RU cstecgi.cgi setAppFilterCfg os command injection 05.05.2026 9.3
CVE-2026-5294 GeekyBot <= 1.2.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation via 'geekybot_frontendajax' AJAX Action 06.05.2026 9.8
CVE-2025-13618 Mentoring <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration 05.05.2026 9.8
CVE-2026-5722 MoreConvert Pro <= 1.9.14 - Authentication Bypass via Waitlist Guest Verification Token Reuse 05.05.2026 9.8
CVE-2026-42238 Unauthenticated Remote Code Execution via Backup Restore in nginx-ui 05.05.2026 9
CVE-2026-41922 WDR201A WiFi Extender OS Command Injection via wireless.cgi 08.05.2026 9.3
CVE-2026-41923 WDR201A WiFi Extender OS Command Injection via internet.cgi 08.05.2026 9.3
CVE-2026-41924 WDR201A WiFi Extender OS Command Injection via makeRequest.cgi 08.05.2026 9.3
CVE-2026-41925 WDR201A WiFi Extender OS Command Injection via adm.cgi (reboot_time) 08.05.2026 9.3
CVE-2026-41926 WDR201A WiFi Extender OS Command Injection via firewall.cgi 08.05.2026 9.3
CVE-2026-42231 n8n: Prototype Pollution in XML Webhook Body Parser Leads to RCE 05.05.2026 9.4
CVE-2026-42232 n8n: XML Node Prototype Pollution to RCE 05.05.2026 9.4
CVE-2026-41571 Note Mark: OIDC-registered users authenticated by submitting password "null" 04.05.2026 9.4
CVE-2026-42087 OpenC3 COSMOS: SQL Injection in QuestDB Time-Series Data Base 05.05.2026 9.6
CVE-2026-42088 OpenC3 COSMOS: Administrative Actions via the Script Runner Tool 04.05.2026 9.6
CVE-2026-42796 Arelle < 2.39.10 Unauthenticated RCE via /rest/configure 04.05.2026 9.2
CVE-2026-24118 VM2 Sandbox Breakout Through __lookupGetter__ 04.05.2026 9.8
CVE-2026-24120 vm2: Sandbox Breakout Through Promise Species 05.05.2026 9.8
CVE-2026-24781 vm2: Sandbox Breakout Through Inspect 04.05.2026 9.8
CVE-2026-25293 Incorrect authorization in PLC FW 05.05.2026 9.6
CVE-2026-26332 vm2: Sandbox Escape 04.05.2026 9.8
CVE-2026-26956 vm2: WASM Sandbox Escape (Node 25 only) 05.05.2026 9.8
CVE-2026-42076 Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution 05.05.2026 9.8
CVE-2026-42090 Notesnook: RCE via stored XSS in note export rendering 05.05.2026 9.6
CVE-2026-42810 Apache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table names 04.05.2026 9.4
CVE-2026-42811 Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions 04.05.2026 9.4
CVE-2026-42373 D-Link DIR-605L B2 Hardcoded Telnet Backdoor Credentials 05.05.2026 9.8
CVE-2026-42374 D-Link DIR-600L B1 Hardcoded Telnet Backdoor Credentials 05.05.2026 9.8
CVE-2026-42375 D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials 05.05.2026 9.8
CVE-2026-42376 D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials 04.05.2026 9.8
CVE-2026-42809 Apache Polaris: staged table creation could vend storage credentials for unvalidated locations 04.05.2026 9.4
CVE-2026-42812 Apache Polaris: No protection on `write.metadata.path` 04.05.2026 9.4
CVE-2025-13605 Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway 04.05.2026 9.3

Latest Updates

CVE Title Updated Score
CVE-2026-43500 rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present 11.05.2026
CVE-2026-5084 WebDyne::Session versions through 2.075 for Perl generates the session id insecurely 11.05.2026
CVE-2026-1677 net: TLS 1.2 connections allowed on TLS 1.3 sockets 11.05.2026 5.3
CVE-2026-6433 Custom CSS JS PHP <= 2.0.7 - Unauthenticated SQL Injection to RCE 11.05.2026
CVE-2026-8275 bettercap zerogod IPP Service zerogod_ipp_primitives.go ippReadChunkedBody integer coercion 11.05.2026
CVE-2026-8276 bettercap MySQL Server mysql_server.go integer coercion 11.05.2026
CVE-2026-8269 Open5GS SMF smf_nsmf_handle_create_sm_context denial of service 11.05.2026
CVE-2026-8270 Open5GS SMF ogs_nas_parse_qos_rules denial of service 11.05.2026
CVE-2026-8271 D-Link DNS-320 network_mgr.cgi cgi_upnp_edit os command injection 11.05.2026
CVE-2026-8272 D-Link DNS-320 webfile_mgr.cgi chown os command injection 11.05.2026
CVE-2026-8273 D-Link DNS-320 system_mgr.cgi cgi_merge_user os command injection 11.05.2026
CVE-2026-8274 npitre cramfs-tools Directory cramfsck.c do_directory path traversal 11.05.2026
CVE-2026-8264 Tenda AC6 httpd WifiApScan formWifiApScan os command injection 11.05.2026
CVE-2026-8265 Tenda AC6 httpd getLogFile get_log_file os command injection 11.05.2026
CVE-2026-8266 Open5GS SMF gsm-build.c gsm_build_pdu_session_establishment_accept denial of service 11.05.2026
CVE-2026-8267 Open5GS SMF smf_nsmf_handle_created_data_in_vsmf denial of service 11.05.2026
CVE-2026-8268 Open5GS SMF OpenAPI_list_create denial of service 11.05.2026
CVE-2026-8261 Squirrel sqobject.cpp Load heap-based overflow 11.05.2026
CVE-2026-8262 Devs Palace ERP Online chart-save cross site scripting 11.05.2026
CVE-2026-8263 Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os command injection 11.05.2026
CVE-2026-8256 Devs Palace ERP Online mr-save cross site scripting 11.05.2026
CVE-2026-8257 WebAssembly Binaryen BrOn wasm-ir-builder.cpp makeBrOn assertion 11.05.2026
CVE-2026-8258 Squirrel sqstdstring.cpp validate_format stack-based overflow 11.05.2026
CVE-2026-8259 Tenda AC6 httpd telnet os command injection 11.05.2026
CVE-2026-8260 D-Link DCS-935L HNAP Service hnap_service SetDeviceSettings buffer overflow 11.05.2026
CVE-2026-8255 Devs Palace ERP Online add_new_customer cross site scripting 11.05.2026
CVE-2026-8254 Devs Palace ERP Online sales_save cross site scripting 10.05.2026
CVE-2026-8252 Open5GS SMF smf_nsmf_handle_create_data_in_hsmf null pointer dereference 10.05.2026
CVE-2026-8253 Devs Palace ERP Online purchase_save cross site scripting 10.05.2026
CVE-2026-8251 Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service 10.05.2026
CVE-2026-8249 Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service 10.05.2026
CVE-2026-8250 Open5GS SMF n4-build.c smf_n4_build_qos_flow_to_modify_list denial of service 10.05.2026
CVE-2026-8248 Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service 10.05.2026
CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences 11.05.2026
CVE-2026-45180 Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids 10.05.2026
CVE-2026-45190 Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass 10.05.2026
CVE-2026-45191 Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass 10.05.2026
CVE-2026-45179 Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses 10.05.2026
CVE-2021-47907 Rocket LMS 1.1 Persistent Cross-Site Scripting via Support Tickets 10.05.2026
CVE-2021-47910 WordPress Plugin AccessPress Social Icons 1.8.2 Stored XSS 10.05.2026
CVE-2021-47922 WordPress Plugin Slider by Soliloquy 2.6.2 Stored XSS 10.05.2026
CVE-2021-47923 OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie 10.05.2026
CVE-2021-47924 WordPress Plugin Ultimate Product Catalog 5.8.2 Stored XSS via price 10.05.2026
CVE-2021-47925 CMDBuild 3.3.2 Multiple Stored Cross-Site Scripting 10.05.2026
CVE-2021-47926 WordPress Contact Form to Email 1.3.24 Stored XSS 10.05.2026
CVE-2021-47927 WordPress Plugin WP Symposium Pro 2021.10 Stored XSS via wps_admin_forum_add_name 10.05.2026
CVE-2021-47928 Opencart TMD Vendor System 3.x Blind SQL Injection via product route 10.05.2026
CVE-2021-47929 WordPress Plugin Filterable Portfolio Gallery 1.0 Stored XSS 10.05.2026
CVE-2021-47930 Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthenticated 10.05.2026
CVE-2021-47931 Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication 10.05.2026
CVE-2021-47932 WordPress TheCartPress 1.5.3.6 Privilege Escalation Unauthenticated 10.05.2026
CVE-2021-47933 WordPress MStore API 2.0.6 Arbitrary File Upload 10.05.2026
CVE-2021-47935 Sentry 8.2.0 Remote Code Execution via Pickle Deserialization 10.05.2026
CVE-2021-47936 OpenCATS 0.9.4 Remote Code Execution via Resume Upload 10.05.2026
CVE-2021-47937 e107 CMS 2.3.0 Authenticated Remote Code Execution via Theme Upload 10.05.2026
CVE-2021-47938 ImpressCMS 1.4.2 Remote Code Execution via Autotasks 10.05.2026
CVE-2021-47939 Evolution CMS 3.1.6 Authenticated Remote Code Execution via Module Creation 10.05.2026
CVE-2021-47940 WordPress Download From Files 1.48 Arbitrary File Upload 10.05.2026
CVE-2021-47941 WordPress Plugin Survey & Poll 1.5.7.3 SQL Injection via sss_params 10.05.2026
CVE-2021-47943 TextPattern CMS 4.8.7 Remote Code Execution via File Upload 10.05.2026
CVE-2021-47944 memono Notepad 4.2 Denial of Service via Buffer Overflow 10.05.2026
CVE-2021-47945 Argus Surveillance DVR 4.0 Unquoted Service Path Privilege Escalation 10.05.2026
CVE-2021-47946 OpenCart 3.0.36 Account Takeover via Cross Site Request Forgery 10.05.2026
CVE-2021-47947 Projectsend r1295 Stored Cross-Site Scripting via files-edit.php 10.05.2026
CVE-2021-47948 WordPress GetPaid Plugin 2.4.6 HTML Injection via Help Text 10.05.2026
CVE-2021-47949 CyberPanel 2.1 Authenticated Remote Code Execution via Symlink Attack 10.05.2026
CVE-2021-47950 Advanced Guestbook 2.4.4 Persistent XSS via Smilies 10.05.2026
CVE-2021-47951 WordPress Picture Gallery 1.4.2 Stored XSS via Edit Content URL 10.05.2026
CVE-2021-47953 OpenCart 3.0.3.7 Cross-Site Request Forgery via account/password 10.05.2026
CVE-2022-50943 Moodle LMS 4.0 Cross-Site Scripting via course search.php 10.05.2026
CVE-2022-50944 Aero CMS 0.0.1 PHP Code Injection via posts.php 10.05.2026
CVE-2022-50945 WordPress 3dady Real-Time Web Stats 1.0 Stored XSS 10.05.2026
CVE-2022-50946 WordPress Plugin Netroics Blog Posts Grid 1.0 Stored XSS 10.05.2026
CVE-2022-50947 WordPress Plugin Testimonial Slider and Showcase 2.2.6 Stored XSS 10.05.2026
CVE-2022-50948 Motopress Hotel Booking Lite 4.2.4 Stored Cross-Site Scripting 10.05.2026
CVE-2022-50949 WordPress Plugin Videos sync PDF 1.7.4 Stored XSS 10.05.2026
CVE-2022-50954 WordPress Plugin cab-fare-calculator 1.0.3 Local File Inclusion 10.05.2026
CVE-2022-50955 WordPress Plugin Curtain 1.0.2 Cross-site Request Forgery 10.05.2026
CVE-2022-50956 WordPress Plugin amministrazione-aperta 3.7.3 Local File Read 10.05.2026
CVE-2022-50957 Drupal avatar_uploader 7.x-1.0-beta8 Reflected XSS 10.05.2026
CVE-2022-50958 WordPress Plugin Jetpack 9.1 Cross Site Scripting via grunion-form-view.php 10.05.2026
CVE-2022-50959 WordPress Contact Form Builder 1.6.1 Cross-Site Scripting via code_generator.php 10.05.2026
CVE-2022-50960 WordPress International Sms Contact Form 7 Integration 1.2 XSS 10.05.2026
CVE-2022-50961 WordPress Plugin IP2Location Country Blocker 2.26.7 Stored XSS 10.05.2026
CVE-2022-50962 uBidAuction 2.0.1 myOrders Reflected XSS 10.05.2026
CVE-2022-50963 uBidAuction 2.0.1 myAuctions active Reflected XSS 10.05.2026
CVE-2022-50964 uBidAuction 2.0.1 myAuctions loose Reflected XSS 10.05.2026
CVE-2022-50965 uBidAuction 2.0.1 posts manage Reflected XSS 10.05.2026
CVE-2022-50966 uBidAuction 2.0.1 news manage Reflected XSS 10.05.2026
CVE-2022-50967 uBidAuction 2.0.1 tickets manage Reflected XSS 10.05.2026
CVE-2022-50968 uBidAuction 2.0.1 auctions manage Reflected XSS 10.05.2026
CVE-2022-50969 uBidAuction 2.0.1 mailingLog manage Reflected XSS 10.05.2026
CVE-2022-50970 WordPress Plugin AAWP 3.16 Reflected XSS via tab Parameter 10.05.2026