9.3

CVSS4.0

CVE-2026-31845 -

A pre-authenticated reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects user-supplied input from the 'zd_echo' GET parameter into the HTTP response without proper s…

📅 Published: April 11, 2026, 6:26 p.m. 🔄 Last Modified: April 11, 2026, 6:35 p.m.

6.2

CVSS4.0

CVE-2026-32146 - Improper Path Validation in Git Dependency Handling Allows Arbitrary File System Modification

Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement t…

📅 Published: April 11, 2026, 12:59 p.m. 🔄 Last Modified: April 11, 2026, 12:59 p.m.

0.0

CVE-2026-23900 - Extension - phoca.cz - Stored XSS vectors in Phoca Maps component 5.0.0 - 6.0.2 for Joomla

Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered.

📅 Published: April 11, 2026, 12:52 p.m. 🔄 Last Modified: April 11, 2026, 12:52 p.m.

7.1

CVSS3.1

CVE-2026-5809 - wpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl…

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic_add() and topic_edit() action handlers accept arbitrary user-supplied data[*] arrays from $_REQUEST and store them as postmeta withou…

📅 Published: April 11, 2026, 7:40 a.m. 🔄 Last Modified: April 11, 2026, 7:40 a.m.

9.6

CVSS3.1

CVE-2026-34621 - Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Poll…

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ…

📅 Published: April 11, 2026, 6:45 a.m. 🔄 Last Modified: April 11, 2026, 6:45 a.m.
Load More Vulnerability
avatar

Mehmet Ince

@mdisec

CVE stats coming here

avatar

Nuri Çilengir

@ncilengir

CVE stats coming here

avatar

@aydinnyunus

CVE stats coming here

avatar

Onurcan Genç

@onurcangnc

CVE stats coming here

avatar

Seyit Sigirci

@h3xecute

CVE stats coming here

avatar

Ali İltizar

@iltosec

CVE stats coming here

avatar

@b3rsec

CVE stats coming here

avatar

@furkank

CVE stats coming here

avatar

kutaysec

@kutaysec

CVE stats coming here