| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33436 | Stirling-PDF: Reflected XSS through crafted filename in file upload functionality | Stirling-Tools | Stirling-PDF | Low | 3.1 | 2026-04-17 20:29:43 | Deep Dive |
| CVE-2026-5711 | Post Blocks & Tools <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'sliderStyle' Block Attribute | pubudu-malalasekara | Post Blocks & Tools | Medium | 6.4 | 2026-04-08 21:25:27 | Deep Dive |
| CVE-2018-25256 | IP TOOLS 2.50 Local Buffer Overflow Denial of Service | Ks-Soft | IP TOOLS | Medium | 5.5 | 2026-04-05 20:45:11 | Deep Dive |
| CVE-2026-4267 | Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI | johnbillion | Query Monitor | High | 7.2 | 2026-03-31 11:29:49 | Deep Dive |
| CVE-2026-34071 | Stirling-PDF has Stored Cross Site Scripting (XSS) via EML-to-HTML Export | Stirling-Tools | Stirling-PDF | Medium | 5.4 | 2026-03-26 17:00:09 | Deep Dive |
| CVE-2026-33438 | Stirling-PDF vulnerable to DoS via add-watermark | Stirling-Tools | Stirling-PDF | Medium | 6.5 | 2026-03-26 16:58:07 | Deep Dive |
| CVE-2026-22500 | WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability | axiomthemes | m2 | Construction and Tools Store | Critical | 9.8 | 2026-03-25 16:14:24 | Deep Dive |
| CVE-2026-4283 | WP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users | legalweb | WP DSGVO Tools (GDPR) | Critical | 9.1 | 2026-03-24 04:27:50 | Deep Dive |
| CVE-2026-27625 | Stirling-PDF Zip Slip: Arbitrary File Write via Path Traversal in Markdown-to-PDF ZIP Extraction | Stirling-Tools | Stirling-PDF | High | 8.1 | 2026-03-20 08:44:25 | Deep Dive |
| CVE-2026-2879 | GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/Deletion | roxnor | GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools | Medium | 5.4 | 2026-03-13 08:25:17 | Deep Dive |
| CVE-2026-2257 | GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Stored Cross-Site Scripting via REST API | roxnor | GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools | Medium | 6.4 | 2026-03-13 08:25:16 | Deep Dive |
| CVE-2026-26118 | Azure MCP Server Tools Elevation of Privilege Vulnerability | Microsoft | Azure MCP Server Tools 1.0.0 (npm) | High | 8.8 | 2026-03-10 17:05:21 | Deep Dive |
| CVE-2025-2399 | Denial of Service (DoS) Vulnerability in Mitsubishi Electric CNC Series | Mitsubishi Electric Corporation | Mitsubishi Electric CNC M800V Series M800VW | Medium | 5.9 | 2026-03-10 04:40:01 | Deep Dive |
| CVE-2026-24313 | Missing Authorization check in SAP Solution Tools Plug-In (ST-PI) | SAP_SE | SAP Solution Tools Plug-In (ST-PI) | Medium | 5.0 | 2026-03-10 00:17:40 | Deep Dive |
| CVE-2026-27809 | psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps | psd-tools | psd-tools | - | - | 2026-02-25 23:57:01 | Deep Dive |
| CVE-2026-1912 | Citations tools <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute | ulaulaman | Citations tools | Medium | 6.4 | 2026-02-14 04:35:43 | Deep Dive |
| CVE-2025-13681 | BFG Tools – Extension Zipper <= 1.0.7 - Authenticated (Administrator+) Path Traversal via 'first_file' Parameter | thebaldfatguy | BFG Tools – Extension Zipper | Medium | 4.9 | 2026-02-14 03:25:27 | Deep Dive |
| CVE-2026-24044 | ESS Community Helm Chart has a weak server key generation method | element-hq | ess-helm | - | - | 2026-02-12 19:06:13 | Deep Dive |
| CVE-2025-15577 | Valmet DNA Web server arbitrary file read access | Valmet | Valmet DNA Web Tools | - | - | 2026-02-12 06:04:57 | Deep Dive |
| CVE-2026-24322 | Missing Authorization check in SAP Solution Tools Plug-In (ST-PI) | SAP_SE | SAP Solution Tools Plug-In (ST-PI) | High | 7.7 | 2026-02-10 03:04:02 | Deep Dive |