| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39541 | WordPress Hydra Booking plugin <= 1.1.38 - Cross Site Scripting (XSS) vulnerability | Themefic | Hydra Booking | - | - | 2026-04-08 08:30:17 | Deep Dive |
| CVE-2026-33504 | Ory Hydra has a SQL injection via forged pagination tokens | ory | hydra | High | 7.2 | 2026-03-26 17:38:11 | Deep Dive |
| CVE-2025-68027 | WordPress Hydra Booking plugin <= 1.1.32 - Privilege Escalation vulnerability | Themefic | Hydra Booking | - | - | 2026-01-22 16:52:05 | Deep Dive |
| CVE-2025-68055 | WordPress Hydra Booking plugin <= 1.1.32 - SQL Injection vulnerability | Themefic | Hydra Booking | High | 8.5 | 2025-12-16 08:13:00 | Deep Dive |
| CVE-2025-12788 | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Missing Payment Verification to Unauthenticated Payment Bypass | themefic | Hydra Booking — Appointment Scheduling & Booking Calendar | Medium | 5.3 | 2025-11-11 11:03:46 | Deep Dive |
| CVE-2025-12787 | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation | themefic | Hydra Booking — Appointment Scheduling & Booking Calendar | Medium | 5.3 | 2025-11-11 11:03:45 | Deep Dive |
| CVE-2025-12055 | Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System | MPDV Mikrolab GmbH | MIP 2 | - | - | 2025-10-27 06:36:37 | Deep Dive |
| CVE-2025-49378 | WordPress Hydra Booking plugin <= 1.1.10 - SQL Injection vulnerability | Themefic | Hydra Booking | High | 8.5 | 2025-10-22 14:32:09 | Deep Dive |
| CVE-2025-49377 | WordPress Hydra Booking plugin <= 1.1.9 - Broken Access Control vulnerability | Themefic | Hydra Booking | Medium | 6.3 | 2025-10-22 14:32:09 | Deep Dive |
| CVE-2025-54864 | Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins | NixOS | hydra | - | - | 2025-08-12 15:48:54 | Deep Dive |
| CVE-2025-54800 | Hydra persistent XSS in build metrics | NixOS | hydra | - | - | 2025-08-12 15:47:11 | Deep Dive |
| CVE-2025-7689 | Hydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_password_callback Function | themefic | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings | High | 8.8 | 2025-07-29 09:23:46 | Deep Dive |
| CVE-2025-48886 | hydra-node dangerously assumes L1 event finality and does not consider failed transactions | cardano-scaling | hydra | Medium | 4.8 | 2025-06-19 14:24:58 | Deep Dive |
| CVE-2025-49323 | WordPress Hydra Booking plugin <= 1.1.10 - SQL Injection Vulnerability | Themefic | Hydra Booking | High | 8.5 | 2025-06-06 12:53:55 | Deep Dive |
| CVE-2025-32435 | Hydra no restricted eval after nix-eval-jobs migration | NixOS | hydra | Low | 2.6 | 2025-04-15 22:19:47 | Deep Dive |
| CVE-2024-45049 | Nix Hydra Missing authentication when triggering evaluations | NixOS | hydra | High | 7.5 | 2024-08-27 20:33:01 | Deep Dive |
| CVE-2024-32657 | Hydra has persistent XSS vulnerability serving HTML build outputs | NixOS | hydra | Medium | 4.6 | 2024-04-22 22:24:07 | Deep Dive |
| CVE-2023-42449 | Malicious head initialiser can extract PTs from control of Hydra scripts, leading to locked participant commits or spoofed commits | input-output-hk | hydra | High | 8.1 | 2023-10-04 19:06:50 | Deep Dive |
| CVE-2023-42448 | Hydra's contestation period in head datum can be modified during Close transaction, allowing malicious participant to freely modify the contestation deadline | input-output-hk | hydra | High | 8.1 | 2023-10-04 18:57:53 | Deep Dive |
| CVE-2023-38701 | Hydra's committed UTxOs at Commit validator and UTxOs at Initial validator can be spent arbitrarily by anyone | input-output-hk | hydra | Critical | 9.1 | 2023-10-04 18:48:53 | Deep Dive |