Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Vulnerability List - Page 21

CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-41043 Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues Apache Software FoundationApache ActiveMQ--2026-04-24 10:16:24 Deep Dive
CVE-2026-40466 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI Apache Software FoundationApache ActiveMQ Broker--2026-04-24 10:15:44 Deep Dive
CVE-2026-6272 kuksa.val.v2任意读JWT可伪造信号数据漏洞 Eclipse FoundationEclipse KUKSA - Databroker--2026-04-24 08:28:18 Deep Dive
CVE-2026-21728 Tempo query limit results in unbounded memory allocation GrafanaTempo High 7.5 2026-04-24 08:00:47 Deep Dive
CVE-2026-3569 Liaison Site Prober <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint liaisonLiaison Site Prober Medium 5.3 2026-04-24 07:45:09 Deep Dive
CVE-2026-3565 Taqnix <= 1.0.3 - Cross-Site Request Forgery to Account Deletion via 'taqnix_delete_my_account' AJAX Action taqnixTaqnix Medium 4.3 2026-04-24 07:45:08 Deep Dive
CVE-2026-4078 ITERAS <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes iterasITERAS Medium 6.4 2026-04-24 07:45:08 Deep Dive
CVE-2025-11762 HubSpot All-In-One Marketing - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure hubspotdevHubSpot All-In-One Marketing – Forms, Popups, Live Chat Medium 4.3 2026-04-24 07:45:07 Deep Dive
CVE-2026-1951 No checking of the length of the buffer with the directory name in AS320T DeltaWWAS320T Critical 9.8 2026-04-24 06:13:36 Deep Dive
CVE-2026-1952 Denial of service via the undocumented subfunction in AS320T DeltaWWAS320T Critical 9.8 2026-04-24 06:08:59 Deep Dive
CVE-2026-1950 No checking of the length of the buffer with the file name in AS320T DeltaWWAS320T Critical 9.8 2026-04-24 05:56:52 Deep Dive
CVE-2026-1949 Incorrect calculation of buffer size on the stack in AS320T DeltaWWAS320T Critical 9.8 2026-04-24 05:50:48 Deep Dive
CVE-2026-5428 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field wproyalRoyal Addons for Elementor – Addons and Templates Kit for Elementor Medium 6.4 2026-04-24 05:29:39 Deep Dive
CVE-2026-6810 Booking Calendar Contact Form <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover codepeopleBooking Calendar Contact Form Medium 5.3 2026-04-24 05:29:38 Deep Dive
CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter mhmrajibWP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes Medium 5.3 2026-04-24 05:29:38 Deep Dive
CVE-2026-5364 Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass addonsorgDrag and Drop File Upload for Contact Form 7 High 8.1 2026-04-24 05:29:37 Deep Dive
CVE-2026-6947 D-Link|DWM-222W USB Wi-Fi Adapter - Brute-Force Protection Bypass D-LinkDWM-222W High 7.5 2026-04-24 03:46:15 Deep Dive
CVE-2026-41324 basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list() patrickjuchlibasic-ftp High 7.5 2026-04-24 03:28:49 Deep Dive
CVE-2026-41485 Kyverno Controller Denial of Service via forEach Mutation Panic kyvernokyverno High 7.7 2026-04-24 03:27:09 Deep Dive
CVE-2026-2028 Maxi Blocks <= 2.1.8 - Missing Authorization to Authenticated (Author+) Media File Deletion via 'old_media_src' Parameter ckp267MaxiBlocks Builder | 17,000+ Design Assets, Patterns, Icons & Starter Sites Medium 5.3 2026-04-24 03:27:07 Deep Dive