Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Vulnerability List - Page 23

CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-5428 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field wproyalRoyal Addons for Elementor – Addons and Templates Kit for Elementor Medium 6.4 2026-04-24 05:29:39 Deep Dive
CVE-2026-6810 Booking Calendar Contact Form <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover codepeopleBooking Calendar Contact Form Medium 5.3 2026-04-24 05:29:38 Deep Dive
CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter mhmrajibWP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes Medium 5.3 2026-04-24 05:29:38 Deep Dive
CVE-2026-5364 Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass addonsorgDrag and Drop File Upload for Contact Form 7 High 8.1 2026-04-24 05:29:37 Deep Dive
CVE-2026-6947 D-Link|DWM-222W USB Wi-Fi Adapter - Brute-Force Protection Bypass D-LinkDWM-222W High 7.5 2026-04-24 03:46:15 Deep Dive
CVE-2026-41324 basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list() patrickjuchlibasic-ftp High 7.5 2026-04-24 03:28:49 Deep Dive
CVE-2026-41485 Kyverno Controller Denial of Service via forEach Mutation Panic kyvernokyverno High 7.7 2026-04-24 03:27:09 Deep Dive
CVE-2026-2028 Maxi Blocks <= 2.1.8 - Missing Authorization to Authenticated (Author+) Media File Deletion via 'old_media_src' Parameter ckp267MaxiBlocks Builder | 17,000+ Design Assets, Patterns, Icons & Starter Sites Medium 5.3 2026-04-24 03:27:07 Deep Dive
CVE-2026-6393 BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage wpdevteamBetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor Medium 4.3 2026-04-24 03:27:06 Deep Dive
CVE-2026-5488 ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token' smubExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) Medium 5.3 2026-04-24 03:27:06 Deep Dive
CVE-2026-41323 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL kyvernokyverno High 8.1 2026-04-24 03:21:36 Deep Dive
CVE-2026-41068 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix) kyvernokyverno High 7.7 2026-04-24 03:14:28 Deep Dive
CVE-2026-41319 MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade jstedfastMailKit Medium 6.5 2026-04-24 03:07:24 Deep Dive
CVE-2026-41318 AnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable component Mintplex-Labsanything-llm Medium 5.4 2026-04-24 02:57:16 Deep Dive
CVE-2026-41430 Press vulnerable to reflected XSS on login redirection frappepress--2026-04-24 02:42:30 Deep Dive
CVE-2026-41317 Frappe Press has an unsafe HTTP method / CSRF-adjacent issue on API secret generation frappepress--2026-04-24 02:40:17 Deep Dive
CVE-2026-41316 ERB has an @_init deserialization guard bypass via def_module / def_method / def_class rubyerb High 8.1 2026-04-24 02:35:41 Deep Dive
CVE-2026-41309 Open Source Social Network (OSSN) Vulnerable to Resource Exhaustion via Malicious Image Processing opensource-socialnetworkopensource-socialnetwork High 8.2 2026-04-24 02:31:53 Deep Dive
CVE-2026-41305 PostCSS has XSS via Unescaped </style> in its CSS Stringify Output postcsspostcss Medium 6.1 2026-04-24 02:27:48 Deep Dive
CVE-2026-40254 FreeRDP: contains_dotdot() off-by-one allows drive channel path traversal via terminal .. FreeRDPFreeRDP Medium 4.2 2026-04-24 02:24:51 Deep Dive