| CVE-2026-43869 |
Apache Thrift: TSSLTransportFactory.java hostname verification |
05.05.2026 |
|
| CVE-2026-2729 |
Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass via 'paymentid' Parameter |
05.05.2026 |
5.3 |
| CVE-2026-3454 |
GenerateBlocks <= 2.2.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Dynamic Tag Replacements |
05.05.2026 |
6.5 |
| CVE-2026-40797 |
WordPress WebinarIgnition plugin <= 4.08.253 - SQL Injection vulnerability |
05.05.2026 |
9.3 |
| CVE-2026-5192 |
Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.52.1 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]' |
05.05.2026 |
7.5 |
| CVE-2026-6180 |
PaperCut MF: Card truncation on HP readers |
05.05.2026 |
|
| CVE-2026-6418 |
PaperCut NG/MF: Path Traversal in Shared Account Synchronization |
05.05.2026 |
|
| CVE-2026-7824 |
PaperCut Hive (Ricoh): Plain text password in logs |
05.05.2026 |
|
| CVE-2026-4362 |
ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite |
05.05.2026 |
6.5 |
| CVE-2026-7811 |
54yyyu code-mcp MCP File server.py is_safe_path path traversal |
05.05.2026 |
|
| CVE-2026-7812 |
54yyyu code-mcp MCP Tool server.py git_operation command injection |
05.05.2026 |
|
| CVE-2026-7822 |
itsourcecode Courier Management System print_pdets.php sql injection |
05.05.2026 |
|
| CVE-2026-7823 |
Totolink A8000RU cstecgi.cgi setAppFilterCfg os command injection |
05.05.2026 |
|
| CVE-2026-2948 |
Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Server-Side Request Forgery via 'imageUrl' |
05.05.2026 |
6.4 |
| CVE-2026-35228 |
|
05.05.2026 |
8.7 |
| CVE-2026-3456 |
GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.2.0 - Unauthenticated SQL Injection via 'attributekey' |
05.05.2026 |
7.5 |
| CVE-2026-4665 |
WP Carousel Free <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-caption' Attribute |
05.05.2026 |
6.4 |
| CVE-2026-4803 |
Royal Addons for Elementor <= 1.7.1056 - Unauthenticated Stored Cross-Site Scripting via 'status' Parameter in wpr_update_form_action_meta |
05.05.2026 |
7.2 |
| CVE-2026-5159 |
Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Follow Button Text' Parameter |
05.05.2026 |
6.4 |
| CVE-2026-5294 |
GeekyBot <= 1.2.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation via 'geekybot_frontendajax' AJAX Action |
05.05.2026 |
9.8 |
| CVE-2026-5957 |
EmailKit <= 1.6.5 - Authenticated (Author+) Arbitrary File Read via 'emailkit-editor-template' REST Parameter |
05.05.2026 |
6.5 |
| CVE-2026-7810 |
UsamaK98 python-notebook-mcp server.py add_cell path traversal |
05.05.2026 |
|
| CVE-2025-13618 |
Mentoring <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration |
05.05.2026 |
9.8 |
| CVE-2026-1921 |
Loco Translate <= 2.8.2 - Authenticated (Translator+) Path Traversal to Limited File Read via 'ref' Parameter |
05.05.2026 |
4.9 |
| CVE-2026-2868 |
Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'separatorIconSVG' |
05.05.2026 |
6.4 |
| CVE-2026-4409 |
Subscribe To Comments Reloaded <= 240119 - Improper Authorization to Unauthenticated Arbitrary Subscription Management |
05.05.2026 |
6.5 |
| CVE-2026-4730 |
Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'chartid' Shortcode Attribute |
05.05.2026 |
6.4 |
| CVE-2026-5100 |
AWP Classifieds <= 4.4.5 - Unauthenticated SQL Injection via 'regions' |
05.05.2026 |
7.5 |
| CVE-2026-5247 |
Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'wrapper' Shortcode Attribute |
05.05.2026 |
5.5 |
| CVE-2026-5505 |
WP-Clippy <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes |
05.05.2026 |
6.4 |
| CVE-2026-6255 |
Simple Owl Shortcodes <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'num' Shortcode Attribute |
05.05.2026 |
6.4 |
| CVE-2026-6696 |
Zingaya Click-to-Call <= 1.0 - Reflected Cross-Site Scripting via 'email' Parameter |
05.05.2026 |
6.1 |
| CVE-2026-6700 |
DX Sources <= 2.0.1 - Cross-Site Request Forgery to Settings Update |
05.05.2026 |
4.3 |
| CVE-2026-6701 |
addfreespace <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page |
05.05.2026 |
4.3 |
| CVE-2026-6702 |
Publish 2 Ping.fm <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpPingPingKey' Parameter |
05.05.2026 |
6.1 |
| CVE-2026-6704 |
Blog Settings <= 1.0 - Reflected Cross-Site Scripting via 'page' Parameter |
05.05.2026 |
6.1 |
| CVE-2026-5722 |
MoreConvert Pro <= 1.9.14 - Authentication Bypass via Waitlist Guest Verification Token Reuse |
05.05.2026 |
9.8 |
| CVE-2026-44028 |
|
05.05.2026 |
7.5 |
| CVE-2026-44029 |
|
05.05.2026 |
5.3 |
| CVE-2026-7785 |
A-G-U-P-T-A wireshark-mcp pyshark_mcp.py quick_capture os command injection |
04.05.2026 |
|
| CVE-2026-7788 |
Axle-Bucamp MCP-Docusaurus document.py get_content path traversal |
05.05.2026 |
|
| CVE-2026-7784 |
RTGS2017 NagaAgent Skills Endpoint extensions.py path traversal |
04.05.2026 |
|
| CVE-2026-7783 |
CodeCanyon Perfex CRM Admin Kanban Endpoint AbstractKanban.php applySortQuery sql injection |
04.05.2026 |
|
| CVE-2026-7781 |
Open5GS amf-3gpp-access Endpoint nudm-handler.c udm_nudm_uecm_handle_amf_registration_update denial of service |
04.05.2026 |
|
| CVE-2026-7782 |
CodeCanyon Perfex CRM Tenant Clients.php project authorization |
04.05.2026 |
|
| CVE-2026-7780 |
Open5GS smf-registrations Endpoint udm-sm.c udm_state_operational denial of service |
04.05.2026 |
|
| CVE-2026-7791 |
|
04.05.2026 |
7.8 |
| CVE-2026-7776 |
Boundary Workers Vulnerable to Denial of Service During TLS Handshake |
04.05.2026 |
7.5 |
| CVE-2026-7779 |
Open5GS authentication-subscription Endpoint nudr-handler.c udm_nudr_dr_handle_subscription_authentication denial of service |
04.05.2026 |
|
| CVE-2026-42220 |
nginx-ui: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback |
04.05.2026 |
6.5 |
| CVE-2026-42221 |
nginx-ui: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim |
04.05.2026 |
8.1 |
| CVE-2026-42222 |
nginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover |
04.05.2026 |
8.1 |
| CVE-2026-42223 |
nginx-ui: Settings API Exposes Protected Secrets |
04.05.2026 |
6.5 |
| CVE-2026-42238 |
Unauthenticated Remote Code Execution via Backup Restore in nginx-ui |
04.05.2026 |
|
| CVE-2026-34882 |
|
04.05.2026 |
|
| CVE-2026-41927 |
WDR201A WiFi Extender Stack-Based Buffer Overflow via firewall.cgi |
04.05.2026 |
|
| CVE-2026-6321 |
fast-uri vulnerable to path traversal via percent-encoded dot segments |
04.05.2026 |
7.5 |
| CVE-2025-67796 |
|
04.05.2026 |
|
| CVE-2026-41922 |
WDR201A WiFi Extender OS Command Injection via wireless.cgi |
04.05.2026 |
|
| CVE-2026-41923 |
WDR201A WiFi Extender OS Command Injection via internet.cgi |
04.05.2026 |
|
| CVE-2026-41924 |
WDR201A WiFi Extender OS Command Injection via makeRequest.cgi |
04.05.2026 |
|
| CVE-2026-41925 |
WDR201A WiFi Extender OS Command Injection via adm.cgi (reboot_time) |
04.05.2026 |
|
| CVE-2026-41926 |
WDR201A WiFi Extender OS Command Injection via firewall.cgi |
04.05.2026 |
|
| CVE-2026-7768 |
@fastify/accepts-serializer vulnerable to Denial of Service via Unbounded Accept Header Cache Growth |
04.05.2026 |
7.5 |
| CVE-2026-25863 |
Conditional Fields for Contact Form 7 < 2.7.3 DoS via Uncontrolled Resource Consumption |
04.05.2026 |
|
| CVE-2026-38751 |
|
04.05.2026 |
|
| CVE-2026-41686 |
Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool |
04.05.2026 |
|
| CVE-2026-42151 |
Prometheus Azure AD remote write OAuth client secret exposed via config API |
04.05.2026 |
7.5 |
| CVE-2026-42154 |
Prometheus: remote read endpoint allows denial of service via crafted snappy payload |
04.05.2026 |
7.5 |
| CVE-2026-42226 |
n8n: Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay |
04.05.2026 |
|
| CVE-2026-42227 |
n8n: Public API Variables IDOR Allows Cross-Project Secret Disclosure |
04.05.2026 |
|
| CVE-2026-42228 |
n8n: Hijacking of Unauthenticated Chat Execution |
04.05.2026 |
|
| CVE-2026-42229 |
n8n: SQL Injection in SeaTable Node |
04.05.2026 |
|
| CVE-2026-42230 |
n8n: Open Redirect in MCP OAuth Consent Flow |
04.05.2026 |
|
| CVE-2026-42231 |
n8n: Prototype Pollution in XML Webhook Body Parser Leads to RCE |
05.05.2026 |
|
| CVE-2026-42232 |
n8n: XML Node Prototype Pollution to RCE |
05.05.2026 |
|
| CVE-2026-42233 |
n8n: SQL Injection in Oracle Database Node via Limit Field |
04.05.2026 |
|
| CVE-2026-42234 |
n8n: Python Task Runner Sandbox Escape |
05.05.2026 |
|
| CVE-2026-42235 |
n8n: XSS via MCP OAuth client |
04.05.2026 |
|
| CVE-2026-42236 |
n8n: Unauthenticated Denial of Service via MCP Client Registration |
04.05.2026 |
|
| CVE-2026-42237 |
n8n: SQL Injection in Snowflake and MySQL Nodes |
04.05.2026 |
|
| CVE-2026-43964 |
|
04.05.2026 |
3.7 |
| CVE-2026-0073 |
|
05.05.2026 |
|
| CVE-2026-29004 |
BusyBox DHCPv6 Client Heap Buffer Overflow via DNS_SERVERS |
04.05.2026 |
|
| CVE-2026-2828 |
|
04.05.2026 |
|
| CVE-2026-41571 |
Note Mark: OIDC-registered users authenticated by submitting password "null" |
04.05.2026 |
9.4 |
| CVE-2026-41572 |
Note Mark: Unauthenticated read of notes and assets in soft-deleted public books |
04.05.2026 |
5.3 |
| CVE-2026-42144 |
CImg Library: Integer overflow in PNM size check bypasses memory guard (_load_pnm) |
04.05.2026 |
6.1 |
| CVE-2026-42146 |
CImg Library: Uncontrolled memory allocation via nb_colors field in _load_bmp |
04.05.2026 |
5.5 |
| CVE-2026-32834 |
Easy PayPal Events & Tickets 1.3 Authentication Bypass via QR Code Scanning |
04.05.2026 |
|
| CVE-2026-37459 |
|
04.05.2026 |
|
| CVE-2026-41471 |
Easy PayPal Events & Tickets 1.3 Information Disclosure via QR Code Endpoint |
04.05.2026 |
|
| CVE-2026-42052 |
beets is Vulnerable to XSS |
04.05.2026 |
|
| CVE-2026-42084 |
OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence |
04.05.2026 |
8.1 |
| CVE-2026-42085 |
OpenC3 COSMOS: Arbitrary write to plugins directory via path-traversed config filenames |
04.05.2026 |
4.3 |
| CVE-2026-42086 |
OpenC3 COSMOS: Self-XSS in the Command Sender |
04.05.2026 |
4.6 |
| CVE-2026-42087 |
OpenC3 COSMOS: SQL Injection in QuestDB Time-Series Data Base |
04.05.2026 |
9.6 |
| CVE-2026-42088 |
OpenC3 COSMOS: Administrative Actions via the Script Runner Tool |
04.05.2026 |
9.6 |
| CVE-2026-42091 |
goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS |
04.05.2026 |
6.5 |
| CVE-2026-42092 |
Global Settings Publication Exposes Sensitive Configuration to Any Authenticated User in Titra |
04.05.2026 |
6.5 |
| CVE-2026-42138 |
Dify Vulnerable to Stored XSS via SVG-file upload |
04.05.2026 |
|
| CVE-2026-42140 |
Server-Side Request Forgery (SSRF) in PlantUML Macro via 'server' parameter |
04.05.2026 |
4.4 |
| CVE-2026-42796 |
Arelle < 2.39.10 Unauthenticated RCE via /rest/configure |
04.05.2026 |
|
| CVE-2026-43616 |
Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write |
04.05.2026 |
|
| CVE-2025-47401 |
Buffer Over-read in WLAN HAL |
04.05.2026 |
6.5 |
| CVE-2025-47403 |
Buffer Over-read in WLAN Firmware |
04.05.2026 |
6.5 |
| CVE-2025-47404 |
Buffer Copy Without Checking Size of Input in Automotive Audio |
04.05.2026 |
6.5 |
| CVE-2025-47405 |
Untrusted Pointer Dereference in Camera |
05.05.2026 |
7.8 |
| CVE-2025-47406 |
Buffer Over-read in DSP Service |
04.05.2026 |
6.1 |
| CVE-2025-47407 |
Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service |
05.05.2026 |
7.8 |
| CVE-2025-47408 |
Untrusted Pointer Dereference in Power Optimization Firmware |
05.05.2026 |
7.8 |
| CVE-2026-24082 |
Use After Free in Automotive GPU |
05.05.2026 |
7.8 |
| CVE-2026-24118 |
VM2 Sandbox Breakout Through __lookupGetter__ |
04.05.2026 |
9.8 |
| CVE-2026-24120 |
vm2: Sandbox Breakout Through Promise Species |
05.05.2026 |
9.8 |
| CVE-2026-24781 |
vm2: Sandbox Breakout Through Inspect |
04.05.2026 |
9.8 |
| CVE-2026-25266 |
Exposed dangerous function in windows host |
04.05.2026 |
5.5 |
| CVE-2026-25293 |
Incorrect authorization in PLC FW |
05.05.2026 |
9.6 |
| CVE-2026-26332 |
vm2: Sandbox Escape |
04.05.2026 |
9.8 |
| CVE-2026-26956 |
vm2: WASM Sandbox Escape (Node 25 only) |
04.05.2026 |
9.8 |
| CVE-2026-40682 |
Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor |
04.05.2026 |
|
| CVE-2026-42027 |
Apache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoader |
04.05.2026 |
|
| CVE-2026-42075 |
Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write |
04.05.2026 |
8.1 |
| CVE-2026-42076 |
Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution |
04.05.2026 |
9.8 |
| CVE-2026-42077 |
Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations |
04.05.2026 |
5.2 |
| CVE-2026-42078 |
PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image |
04.05.2026 |
4.6 |
| CVE-2026-42079 |
PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope |
04.05.2026 |
8.6 |
| CVE-2026-42080 |
PPTAgent: Arbitrary File Write via `save_generated_slides` |
04.05.2026 |
4.6 |
| CVE-2026-42090 |
Notesnook: RCE via stored XSS in note export rendering |
05.05.2026 |
9.6 |
| CVE-2026-42440 |
Apache OpenNLP: OOM DoS via Unbounded Array Allocation in AbstractModelReader |
04.05.2026 |
|
| CVE-2026-42810 |
Apache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table names |
04.05.2026 |
|
| CVE-2026-42811 |
Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions |
04.05.2026 |
|
| CVE-2026-29514 |
NetBox 4.3.5 - 4.5.4 RCE via RenderTemplateMixin |
04.05.2026 |
|
| CVE-2026-37461 |
|
04.05.2026 |
|
| CVE-2026-38669 |
|
04.05.2026 |
|
| CVE-2026-42372 |
D-Link DIR-605L A1 Hardcoded Telnet Backdoor Credentials |
05.05.2026 |
8.8 |
| CVE-2026-42373 |
D-Link DIR-605L B2 Hardcoded Telnet Backdoor Credentials |
05.05.2026 |
9.8 |
| CVE-2026-42374 |
D-Link DIR-600L B1 Hardcoded Telnet Backdoor Credentials |
05.05.2026 |
9.8 |
| CVE-2026-42375 |
D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials |
05.05.2026 |
9.8 |
| CVE-2026-42376 |
D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials |
04.05.2026 |
9.8 |
| CVE-2026-42809 |
Apache Polaris: staged table creation could vend storage credentials for unvalidated locations |
04.05.2026 |
|
| CVE-2026-42812 |
Apache Polaris: No protection on `write.metadata.path` |
04.05.2026 |
|
| CVE-2025-70071 |
|
04.05.2026 |
|
| CVE-2026-36365 |
|
04.05.2026 |
|
| CVE-2026-37458 |
|
04.05.2026 |
|
| CVE-2026-40563 |
Apache Atlas: Script injection allows access to unintended data |
04.05.2026 |
|
| CVE-2025-13605 |
Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway |
04.05.2026 |
|
| CVE-2025-70070 |
|
04.05.2026 |
|
| CVE-2025-70072 |
|
04.05.2026 |
|
| CVE-2026-23918 |
Apache HTTP Server: http2: double free and possible RCE on early reset |
05.05.2026 |
|
| CVE-2026-29169 |
Apache HTTP Server: mod_dav_lock indirect lock crash |
04.05.2026 |
|
| CVE-2026-33006 |
Apache HTTP Server: mod_auth_digest timing attack |
04.05.2026 |
|
| CVE-2026-33007 |
Apache HTTP Server: mod_authn_socache crash |
04.05.2026 |
|
| CVE-2026-33523 |
Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line |
04.05.2026 |
|
| CVE-2026-6500 |
|
04.05.2026 |
|
| CVE-2026-6501 |
|
04.05.2026 |
|
| CVE-2025-70067 |
|
04.05.2026 |
|
| CVE-2025-70069 |
|
04.05.2026 |
|
| CVE-2026-31205 |
|
04.05.2026 |
5.7 |
| CVE-2026-4928 |
|
04.05.2026 |
|
| CVE-2026-6266 |
Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking |
05.05.2026 |
|
| CVE-2026-6499 |
|
04.05.2026 |
|
| CVE-2025-58074 |
|
04.05.2026 |
8.8 |
| CVE-2026-33857 |
Apache HTTP Server: Off-by-one OOB reads in AJP getter functions |
04.05.2026 |
|
| CVE-2026-34032 |
Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string) |
04.05.2026 |
|
| CVE-2026-24072 |
Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr |
05.05.2026 |
|
| CVE-2026-34059 |
Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data() |
04.05.2026 |
|
| CVE-2026-7482 |
Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers |
04.05.2026 |
9.1 |
| CVE-2026-3120 |
RCE in Profelis Informatics' SambaBox |
04.05.2026 |
7.2 |