| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41481 | LangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass | langchain-ai | langchain-text-splitters | Medium | 6.5 | 2026-04-24 20:54:28 | Deep Dive |
| CVE-2026-5748 | Text Snippets <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'w' Shortcode Attribute | snedled | Text Snippets | Medium | 6.4 | 2026-04-22 07:45:40 | Deep Dive |
| CVE-2026-4089 | Twittee Text Tweet <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute | johnnie2u | Twittee Text Tweet | Medium | 6.4 | 2026-04-22 07:45:35 | Deep Dive |
| CVE-2026-35487 | text-generation-webui has a Path Traversal in load_prompt() — .txt file read without authentication | oobabooga | text-generation-webui | Medium | 5.3 | 2026-04-07 14:50:25 | Deep Dive |
| CVE-2026-35486 | text-generation-webui has a SSRF in superbooga/superboogav2 extensions — no URL validation | oobabooga | text-generation-webui | High | 7.5 | 2026-04-07 14:49:38 | Deep Dive |
| CVE-2026-35485 | text-generation-webui has a Path Traversal in load_grammar() — arbitrary file read without authentication | oobabooga | text-generation-webui | High | 7.5 | 2026-04-07 14:47:38 | Deep Dive |
| CVE-2026-35484 | text-generation-webui has a Path Traversal in load_preset() — .yaml file read without authentication | oobabooga | text-generation-webui | Medium | 5.3 | 2026-04-07 14:46:42 | Deep Dive |
| CVE-2026-35483 | text-generation-webui has a Path Traversal in load_template() — .jinja/.yaml/.yml file read without authentication | oobabooga | text-generation-webui | Medium | 5.3 | 2026-04-07 14:45:07 | Deep Dive |
| CVE-2026-35050 | text-generation-webui affected by Remote Code Execution (RCE) through Path Traversal at "Session -> Save extention settings to user_data/settings.yaml". | oobabooga | text-generation-webui | Critical | 9.1 | 2026-04-06 17:30:21 | Deep Dive |
| CVE-2026-1233 | Text to Speech (TTS) by Mementor <= 1.9.8 - Use of Hardcoded Password to Unauthenticated Remote Database Access | mvirik | Text to Speech – TTSWP | High | 7.5 | 2026-04-04 11:16:16 | Deep Dive |
| CVE-2026-3997 | Text Toggle <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute | hoosierdragon | Text Toggle | Medium | 6.4 | 2026-03-21 03:27:09 | Deep Dive |
| CVE-2026-3350 | Image Alt Text Manager <= 1.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Title | wpsaad | Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI | Medium | 6.4 | 2026-03-20 23:25:14 | Deep Dive |
| CVE-2026-4120 | Info Cards <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes | bplugins | Info Cards – Add Text and Media in Card Layouts | Medium | 6.4 | 2026-03-19 06:46:14 | Deep Dive |
| CVE-2026-1820 | Media Library Alt Text Editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute | brainvireinfo | Media Library Alt Text Editor | Medium | 6.4 | 2026-03-07 07:22:06 | Deep Dive |
| CVE-2026-25348 | WordPress Download Alt Text AI plugin <= 1.10.15 - Broken Access Control vulnerability | alttextai | Download Alt Text AI | - | - | 2026-02-19 08:26:59 | Deep Dive |
| CVE-2026-0599 | Unbounded External Image Fetch in Validation Leads to Resource-Exhaustion DoS in huggingface/text-generation-inference | huggingface | huggingface/text-generation-inference | - | - | 2026-02-02 10:36:25 | Deep Dive |
| CVE-2026-24579 | WordPress Ai Image Alt Text Generator for WP plugin <= 1.1.9 - Broken Access Control vulnerability | WP Messiah | Ai Image Alt Text Generator for WP | Medium | 4.3 | 2026-01-23 14:28:59 | Deep Dive |
| CVE-2025-13854 | Curved Text <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | soniz | Curved Text | Medium | 6.4 | 2026-01-09 11:15:33 | Deep Dive |
| CVE-2025-15019 | BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with Yoast SEO + WooCommerce <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | pagup | Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) | Medium | 6.4 | 2026-01-09 06:34:52 | Deep Dive |
| CVE-2025-68868 | WordPress Wp Text Slider Widget plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | codeaffairs | Wp Text Slider Widget | Medium | 6.5 | 2025-12-29 16:12:33 | Deep Dive |