cve.li

Recent

CVE-2026-31845CWE-79

Published 2026-04-11 by TuranSec

CVE-2026-32146CWE-22

Improper Path Validation in Git Dependency Handling Allows Arbitrary File System Modification

Published 2026-04-11 by EEF

CVE-2026-23900CWE-79

Extension - phoca.cz - Stored XSS vectors in Phoca Maps component 5.0.0 - 6.0.2 for Joomla

Published 2026-04-11 by Joomla

CVE-2026-5809CWE-73

wpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter

Published 2026-04-11 by Wordfence

CVE-2026-34621CWE-1321

Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)

Published 2026-04-11 by adobe

CVE-2026-3371CWE-639

Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification

Published 2026-04-11 by Wordfence

CVE-2026-4979CWE-918

UsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter

Published 2026-04-11 by Wordfence

CVE-2026-5144CWE-269

BuddyPress Groupblog <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR

Published 2026-04-11 by Wordfence

CVE-2026-3498CWE-79

BlockArt Blocks <= 2.2.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'clientId' Block Attribute

Published 2026-04-11 by Wordfence

CVE-2026-4895CWE-79

Greenshift <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute

Published 2026-04-11 by Wordfence

Load more ↓