CVE Vulnerabilities

Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config (admin.go), making it completely unauthenti...

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails to properly sanit...

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanit...

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentic...

In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service, if an attacker has physical access to the device, with User execution privi...

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before saving popup data, allowing unauthenticated attackers to perform Cross-Site...

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates.

The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for attackers to conduct SQL Injection attacks against th...

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $_GET with no URL validation or whitelis...

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide...

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39319. Reason: This candidate is a duplicate of CVE-2026-39319. Notes: All CVE users should reference CVE-2026-3931...

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39327. Reason: This candidate is a duplicate of CVE-2026-39327. Notes: All CVE users should reference CVE-2026-3932...

The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' f...

yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary s...

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMIN_ONLY_CORE_OPTIONS authorization set in set_config_value() uses incorrect option names ssl_cert an...

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin revokes a user's Share and Downl...

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in _ppdCreateFromIPP() (cups/ppd-c...

macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account pass...

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the root_api_key configura...

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the...

CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker (or a comprom...

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been p...

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 an...

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been pat...

A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argument c4_IPAddr results in os command injecti...

A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of the argument policy_name can lead to...

A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command i...

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue...

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on t...

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misalig...

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed ...

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_...

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA l...

OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image tool that fails to enforce tools.fs.workspaceOnly restrictions on mounted sandbox paths, allowing att...

ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary...

ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored Cross-Site Scripting (Stored XSS) vulnerability in the admin panel’s group-creation feature allows any user with group-cr...

MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addit...

ChurchCRM is an open-source church management system. Prior to 7.1.0, a reflected Cross-Site Scripting (XSS) vulnerability in GeoPage.php allows any authenticated user to inject arbitrary JavaScript i...

ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied input (DateStart and DateEnd) into HTML input field attributes without prope...

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing...

Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra ar...

Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chat(message) passes its string argument directly as a Jinja2 tem...

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B...

Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15.

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment.

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if st...

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing t...

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This...

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead t...