Recent
Published 2026-05-13 by jpcert
Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component
Published 2026-05-13 by HITVAN
Improper Authorization in Gerrit allowing Code Review Bypass via "Submitted Together"
Published 2026-05-13 by Google
Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter
Published 2026-05-13 by Wordfence
ilGhera Support System for WooCommerce <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure
Published 2026-05-13 by Wordfence
JoomSport <= 5.7.7 - Unauthenticated SQL Injection via 'sortf' Parameter
Published 2026-05-13 by Wordfence
Published 2026-05-13 by jpcert
Published 2026-05-13 by SamsungMobile
Published 2026-05-13 by SamsungMobile
Published 2026-05-13 by SamsungMobile
Published 2026-05-13 by SamsungMobile
Published 2026-05-13 by SamsungMobile
Published 2026-05-13 by SamsungMobile
Published 2026-05-13 by SamsungMobile
Published 2026-05-13 by SamsungMobile
Broadstreet <= 1.53.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Published 2026-05-13 by Wordfence
Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records via 'postId' Parameter
Published 2026-05-13 by Wordfence
Fluent Forms <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'permission_message' Shortcode Attribute
Published 2026-05-13 by Wordfence
Broadstreet <= 1.53.1 - Authenticated (Subscriber+) Information Disclosure
Published 2026-05-13 by Wordfence
Cost of Goods: Product Cost & Profit Calculator for WooCommerce <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published 2026-05-13 by Wordfence
Charitable <= 1.8.10.4 - Authenticated (Custom+) SQL Injection via 's' Search Parameter
Published 2026-05-13 by Wordfence
coreActivity: Activity Logging for WordPress <= 3.0 - Unauthenticated PHP Object Injection via 'user_agent' Log Meta Field
Published 2026-05-13 by Wordfence
Broadstreet <= 1.53.1 - Missing Authorization to Authenticated (Subscriber+) Advertiser Creation
Published 2026-05-13 by Wordfence
Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference
Published 2026-05-13 by Wordfence
SQL Injection Vulnerability
Published 2026-05-13 by CSA
Published 2026-05-13 by AMD
Published 2026-05-13 by AMD
Published 2026-05-13 by AMD
Published 2026-05-13 by AMD
Published 2026-05-13 by AMD
Published 2026-05-13 by AMD
Post-authentication CPU utilization DoS via $trim/$ltrim/$rtrim operators
Published 2026-05-13 by mongodb
Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands
Published 2026-05-13 by mongodb
Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields
Published 2026-05-13 by mongodb
Schema validation log messages may not redact user data
Published 2026-05-13 by mongodb
Post-auth memory exhaustion via bitwise match expressions
Published 2026-05-13 by mongodb
FlatBSON Duplicate Field Index Drift
Published 2026-05-12 by mongodb
Flowsint: Broken Access Control allows modification of investigation metadata from any user
Published 2026-05-12 by GitHub_M
Flowsint: Cypher query injection in node type on node creation
Published 2026-05-12 by GitHub_M
Flowsint: Stored XSS on map node marker in map page
Published 2026-05-12 by GitHub_M
Flowsint: Broken Access Control allows reading of sketch logs from any user
Published 2026-05-12 by GitHub_M
Kyverno: [policy-reporter-ui] XSS via Stored Property Values in PropertyCard Component
Published 2026-05-12 by GitHub_M
Warpgate: SSO CSRF -- State Token Not Validated on Return
Published 2026-05-12 by GitHub_M
GoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval Endpoint
Published 2026-05-12 by GitHub_M
Thymeleaf: Improper recognition of unauthorized syntax patterns in sandboxed Thymeleaf expressions
Published 2026-05-12 by GitHub_M
ChurchCRM: CSRF via legacy GET-delete pages (FundRaiserDelete.php, PropertyTypeDelete.php, NoteDelete.php)
Published 2026-05-12 by GitHub_M
ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2
Published 2026-05-12 by GitHub_M
Fuji Electric Tellus Exposed Dangerous Method or Function
Published 2026-05-12 by icscert
ChurchCRM: Incomplete fix for CVE-2026-39337: Unauthenticated RCE in Setup Wizard via unsanitized DB_PASSWORD
Published 2026-05-12 by GitHub_M
Published 2026-05-12 by apple
Published 2026-05-12 by apple
Advanced Custom Fields: Extended <= 0.9.2.3 - Unauthenticated Arbitrary Shortcode Execution
Published 2026-05-12 by Wordfence
Court Reservation – Manage Your Court Bookings Online <= 1.10.11 - Unauthenticated SQL Injection
Published 2026-05-12 by Wordfence
MonsterInsights <= 10.1.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure And Plugin Integration Reset
Published 2026-05-12 by Wordfence
ChurchCRM: Cross-Site Request Forgery (CSRF) Leading to Admin Privilege Escalation
Published 2026-05-12 by GitHub_M
PhpSpreadsheet: CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader
Published 2026-05-12 by GitHub_M
PhpSpreadsheet: CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions
Published 2026-05-12 by GitHub_M
arduino-esp32: Stack buffer overflow in WebServer multipart boundary parsing leads to remote crash potential RCE
Published 2026-05-12 by GitHub_M
arduino-esp32: Digest authentication URI mismatch bypass in WebServer allows cross-resource replay attack
Published 2026-05-12 by GitHub_M
Mako: Path traversal via backslash URI on Windows in TemplateLookup
Published 2026-05-12 by GitHub_M
Load more ↓