Recent
Published 2026-05-13 by jpcert
Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component
Published 2026-05-13 by HITVAN
Improper Authorization in Gerrit allowing Code Review Bypass via "Submitted Together"
Published 2026-05-13 by Google
Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter
Published 2026-05-13 by Wordfence
ilGhera Support System for WooCommerce <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure
Published 2026-05-13 by Wordfence
JoomSport <= 5.7.7 - Unauthenticated SQL Injection via 'sortf' Parameter
Published 2026-05-13 by Wordfence
Published 2026-05-13 by jpcert
Published 2026-05-13 by SamsungMobile
Published 2026-05-13 by SamsungMobile
Published 2026-05-13 by SamsungMobile
Published 2026-05-13 by SamsungMobile
Published 2026-05-13 by SamsungMobile
Published 2026-05-13 by SamsungMobile
Published 2026-05-13 by SamsungMobile
Published 2026-05-13 by SamsungMobile
Broadstreet <= 1.53.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Published 2026-05-13 by Wordfence
Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records via 'postId' Parameter
Published 2026-05-13 by Wordfence
Fluent Forms <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'permission_message' Shortcode Attribute
Published 2026-05-13 by Wordfence
Broadstreet <= 1.53.1 - Authenticated (Subscriber+) Information Disclosure
Published 2026-05-13 by Wordfence
Cost of Goods: Product Cost & Profit Calculator for WooCommerce <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published 2026-05-13 by Wordfence
Charitable <= 1.8.10.4 - Authenticated (Custom+) SQL Injection via 's' Search Parameter
Published 2026-05-13 by Wordfence
coreActivity: Activity Logging for WordPress <= 3.0 - Unauthenticated PHP Object Injection via 'user_agent' Log Meta Field
Published 2026-05-13 by Wordfence
Broadstreet <= 1.53.1 - Missing Authorization to Authenticated (Subscriber+) Advertiser Creation
Published 2026-05-13 by Wordfence
Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference
Published 2026-05-13 by Wordfence
SQL Injection Vulnerability
Published 2026-05-13 by CSA
Published 2026-05-13 by AMD
Published 2026-05-13 by AMD
Published 2026-05-13 by AMD
Published 2026-05-13 by AMD
Published 2026-05-13 by AMD
Published 2026-05-13 by AMD
Post-authentication CPU utilization DoS via $trim/$ltrim/$rtrim operators
Published 2026-05-13 by mongodb
Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands
Published 2026-05-13 by mongodb
Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields
Published 2026-05-13 by mongodb
Schema validation log messages may not redact user data
Published 2026-05-13 by mongodb
Post-auth memory exhaustion via bitwise match expressions
Published 2026-05-13 by mongodb
FlatBSON Duplicate Field Index Drift
Published 2026-05-12 by mongodb
Flowsint: Broken Access Control allows modification of investigation metadata from any user
Published 2026-05-12 by GitHub_M
Flowsint: Cypher query injection in node type on node creation
Published 2026-05-12 by GitHub_M
Flowsint: Stored XSS on map node marker in map page
Published 2026-05-12 by GitHub_M
Flowsint: Broken Access Control allows reading of sketch logs from any user
Published 2026-05-12 by GitHub_M
Kyverno: [policy-reporter-ui] XSS via Stored Property Values in PropertyCard Component
Published 2026-05-12 by GitHub_M
Warpgate: SSO CSRF -- State Token Not Validated on Return
Published 2026-05-12 by GitHub_M
GoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval Endpoint
Published 2026-05-12 by GitHub_M
Thymeleaf: Improper recognition of unauthorized syntax patterns in sandboxed Thymeleaf expressions
Published 2026-05-12 by GitHub_M
ChurchCRM: CSRF via legacy GET-delete pages (FundRaiserDelete.php, PropertyTypeDelete.php, NoteDelete.php)
Published 2026-05-12 by GitHub_M
ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2
Published 2026-05-12 by GitHub_M
Fuji Electric Tellus Exposed Dangerous Method or Function
Published 2026-05-12 by icscert
ChurchCRM: Incomplete fix for CVE-2026-39337: Unauthenticated RCE in Setup Wizard via unsanitized DB_PASSWORD
Published 2026-05-12 by GitHub_M
Published 2026-05-12 by apple
Published 2026-05-12 by apple
Advanced Custom Fields: Extended <= 0.9.2.3 - Unauthenticated Arbitrary Shortcode Execution
Published 2026-05-12 by Wordfence
Court Reservation – Manage Your Court Bookings Online <= 1.10.11 - Unauthenticated SQL Injection
Published 2026-05-12 by Wordfence
MonsterInsights <= 10.1.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure And Plugin Integration Reset
Published 2026-05-12 by Wordfence
ChurchCRM: Cross-Site Request Forgery (CSRF) Leading to Admin Privilege Escalation
Published 2026-05-12 by GitHub_M
PhpSpreadsheet: CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader
Published 2026-05-12 by GitHub_M
PhpSpreadsheet: CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions
Published 2026-05-12 by GitHub_M
arduino-esp32: Stack buffer overflow in WebServer multipart boundary parsing leads to remote crash potential RCE
Published 2026-05-12 by GitHub_M
arduino-esp32: Digest authentication URI mismatch bypass in WebServer allows cross-resource replay attack
Published 2026-05-12 by GitHub_M
Mako: Path traversal via backslash URI on Windows in TemplateLookup
Published 2026-05-12 by GitHub_M
Granian: DoS via WSGI response header panic
Published 2026-05-12 by GitHub_M
Granian: Unauthenticated DoS via WebSocket subprotocol header panic
Published 2026-05-12 by GitHub_M
Grav: Low-privileged API users can create super-admin accounts via blueprint-upload
Published 2026-05-12 by GitHub_M
ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators
Published 2026-05-12 by GitHub_M
Hugo: Node tool execution allows file system access outside the project directory
Published 2026-05-12 by GitHub_M
Linux ksmbd Remote Memory Corruption via ACL Inheritance
Published 2026-05-12 by VulnCheck
Snappier: Infinite loop in SnappyStream decompression on malformed framed input
Published 2026-05-12 by GitHub_M
Statamic: Email enumeration via forgot password endpoint
Published 2026-05-12 by GitHub_M
Lemur: LDAP TLS certificate verification globally disabled enables credential interception
Published 2026-05-12 by GitHub_M
Lemur: LDAP Filter Injection enables post-authentication privilege escalation
Published 2026-05-12 by GitHub_M
mosparo: Rule package source URL stored SSRF enables internal HTTP probing
Published 2026-05-12 by GitHub_M
Micronaut Framework: Unbounded formattersCache in TimeConverterRegistrar Allows Memory Exhaustion via Accept-Language Header
Published 2026-05-12 by GitHub_M
Heym < 0.0.21 Sandbox Escape via Python Introspection
Published 2026-05-12 by VulnCheck
Micronaut Framework: Unbounded bundleCache in ResourceBundleMessageSource Allows Memory Exhaustion via Accept-Language Header
Published 2026-05-12 by GitHub_M
Heym < 0.0.21 Authorization Bypass in Workflow Execution
Published 2026-05-12 by VulnCheck
efw4.X: readonly Flag Not Enforced Server-Side
Published 2026-05-12 by GitHub_M
Heym < 0.0.21 Path Traversal File Upload via upload_file()
Published 2026-05-12 by VulnCheck
efw4.X: Stored XSS via previewServlet
Published 2026-05-12 by GitHub_M
efw4.X: RCE via zipslip
Published 2026-05-12 by GitHub_M
Authenticated Command Injection Vulnerabilities in Command Line Interface (CLI) Service Accessed by PAPI Protocol of AOS-8 and AOS-10 Operating Systems
Published 2026-05-12 by hpe
efw4.X: Path Traversal via Unchecked dst Parameter leads to Remote Code Execution
Published 2026-05-12 by GitHub_M
Subnet Solutions PowerSYSTEM Center Incorrect Authorization
Published 2026-05-12 by icscert
Subnet Solutions PowerSYSTEM Center Incorrect Authorization
Published 2026-05-12 by icscert
django-s3file: Relative path traversal
Published 2026-05-12 by GitHub_M
Scramble: Remote code execution via evaluation of user-controlled input in validation rules
Published 2026-05-12 by GitHub_M
Deskflow: TLS multiplexer DoS on failed `SSL_accept`
Published 2026-05-12 by GitHub_M
Nginx UI: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware Allows Access to Internal Services
Published 2026-05-12 by GitHub_M
Subnet Solutions PowerSYSTEM Center Incorrect Authorization
Published 2026-05-12 by icscert
wger: cross-tenant password reset and plaintext disclosure via gym=None bypass
Published 2026-05-12 by GitHub_M
Wing FTP Server 8.1.2 Authenticated Remote Code Execution via Session Serialization
Published 2026-05-12 by VulnCheck
nnU-Net: Agentic workflow injection in `.github/workflows/issue-triage.yml` of `MIC-DKFZ/nnUNet`
Published 2026-05-12 by GitHub_M
basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering
Published 2026-05-12 by GitHub_M
Wiki.js: Privilege Escalation via Missing Group Validation in users.update
Published 2026-05-12 by GitHub_M
dssrf: every IPv6 category bypasses is_url_safe
Published 2026-05-12 by GitHub_M
Out-of-bounds read in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
Published 2026-05-12 by icscert
Out-of-bounds read in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
Published 2026-05-12 by icscert
Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior
Published 2026-05-12 by GitHub_M
Out-of-bounds write in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
Published 2026-05-12 by icscert
Subnet Solutions PowerSYSTEM Center CRLF injection
Published 2026-05-12 by icscert
Craft CMS: Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure
Published 2026-05-12 by GitHub_M
Craft CMS: Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure
Published 2026-05-12 by GitHub_M
CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)
Published 2026-05-12 by adobe
CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)
Published 2026-05-12 by adobe
CAI Content Credentials | Improper Input Validation (CWE-20)
Published 2026-05-12 by adobe
CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
Published 2026-05-12 by adobe
CAI Content Credentials | Improper Input Validation (CWE-20)
Published 2026-05-12 by adobe
CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)
Published 2026-05-12 by adobe
CAI Content Credentials | Improper Input Validation (CWE-20)
Published 2026-05-12 by adobe
CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
Published 2026-05-12 by adobe
CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)
Published 2026-05-12 by adobe
CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
Published 2026-05-12 by adobe
CAI Content Credentials | Improper Input Validation (CWE-20)
Published 2026-05-12 by adobe
CAI Content Credentials | Improper Input Validation (CWE-20)
Published 2026-05-12 by adobe
CAI Content Credentials | Improper Input Validation (CWE-20)
Published 2026-05-12 by adobe
CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
Published 2026-05-12 by adobe
Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files
Published 2026-05-12 by GitHub_M
vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters
Published 2026-05-12 by GitHub_M
vLLM: Remote DoS via Special-Token Placeholders
Published 2026-05-12 by GitHub_M
ArcadeDB: Cross-database authorization bypass and unsecured newly-created databases
Published 2026-05-12 by GitHub_M
sse-channel: SSE Injection via unsanitized event fields
Published 2026-05-12 by GitHub_M
Adobe Commerce | Improper Authorization (CWE-285)
Published 2026-05-12 by adobe
Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
Published 2026-05-12 by adobe
Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)
Published 2026-05-12 by adobe
Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
Published 2026-05-12 by adobe
Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)
Published 2026-05-12 by adobe
Adobe Commerce | Improper Input Validation (CWE-20)
Published 2026-05-12 by adobe
Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Published 2026-05-12 by adobe
Adobe Commerce | Dependency on Vulnerable Third-Party Component (CWE-1395)
Published 2026-05-12 by adobe
Adobe Commerce | Incorrect Authorization (CWE-863)
Published 2026-05-12 by adobe
Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)
Published 2026-05-12 by adobe
Load more ↓