CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-24139 MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete applica... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24140 MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient in... | 2.7 | LOW | β | 0 |
| CVE-2026-24474 Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, `use_animated_open` formats a string for `eval` with an `i... | N/A | NONE | β | 0 |
| CVE-2026-22582 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulatio... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22583 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulati... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22585 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Web... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22586 Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24399 ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an <ifr... | 9.3 | CRITICAL | β | 0 |
| CVE-2026-24402 Rejected reason: GitHub cannot issue a CVE for this Security Advisory because this advisory includes information about more than one vulnerability. According to [rule 4.2.11 of the CVE CNA rules](h... | N/A | NONE | β | 0 |
| CVE-2026-24403 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidat... | 7.1 | HIGH | β | 0 |
| CVE-2026-24404 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereferenc... | 7.1 | HIGH | β | 0 |
| CVE-2026-24405 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalcu... | 8.8 | HIGH | β | 0 |
| CVE-2026-24406 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamed... | 8.8 | HIGH | β | 0 |
| CVE-2026-24407 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp(). This occurs whe... | 7.1 | HIGH | β | 0 |
| CVE-2026-24401 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sendi... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24409 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIc... | 7.1 | HIGH | β | 0 |
| CVE-2026-24410 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIc... | 7.1 | HIGH | β | 0 |
| CVE-2025-14973 The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter before using it in a SQL statement, allowing contributors and above to perform SQL injection attacks... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-24411 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXm... | 7.1 | HIGH | β | 0 |
| CVE-2026-24412 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXm... | 8.8 | HIGH | β | 0 |
| CVE-2026-24421 phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissio... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-13952 A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platform... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24420 phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissio... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24422 phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQu... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1284 An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attac... | 7.8 | HIGH | β | 0 |
| CVE-2026-24469 C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. ... | 7.5 | HIGH | β | 0 |
| CVE-2026-24642 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24643 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24644 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24645 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24646 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24647 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24648 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24649 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-13374 The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalrav_upload_file AJAX action in all versions up to, and including, 2.3.3. ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-13676 The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output esc... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-0633 The MetForm β Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due ... | 3.7 | LOW | β | 0 |
| CVE-2025-14629 The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'delete_file' function in all versions up to, and including, 1... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-14797 The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to th... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-14843 The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a lack of authenticatio... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-14903 The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on the scs_backend functi... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-14906 The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce verification on the wpYTVideoGalle... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-14985 The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βalpha_block_cssβ parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitizatio... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-0806 The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter ... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-0807 The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the ... | 7.2 | HIGH | β | 0 |
| CVE-2026-1070 The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alex_user_counter_funct... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1075 The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the save_ztcpt_captcha_settings... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1076 The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1081 The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category up... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-0687 The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mb_gallery' custom post type in all versions up to, and inclu... | 4.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.