4.3

CVSS3.1

CVE-2026-1948 - NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (…

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_license() function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with Su…

📅 Published: March 14, 2026, 3:24 a.m. 🔄 Last Modified: March 14, 2026, 3:24 a.m.

5

CVSS3.1

CVE-2026-0385 - Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

📅 Published: March 13, 2026, 9:55 p.m. 🔄 Last Modified: March 13, 2026, 9:55 p.m.

0

CVSS4.0

CVE-2026-32732 - XSS in @leanprover/unicode-input-component

Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as une…

📅 Published: March 13, 2026, 9:43 p.m. 🔄 Last Modified: March 13, 2026, 9:43 p.m.

8.1

CVSS3.1

CVE-2026-32729 - Runtipi has a TOTP two-factor authentication bypass via unrestricted brute-force on `/api/auth/veri…

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials (via phishing, credential stuffing, or data breach) c…

📅 Published: March 13, 2026, 9:41 p.m. 🔄 Last Modified: March 13, 2026, 9:41 p.m.

5.3

CVSS3.1

CVE-2026-32724 - PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condit…

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available() function. The issue is caused by a race condition between the MAVLink receiver thread (which handles shell creation/destruction) and the telemetry sender th…

📅 Published: March 13, 2026, 9:39 p.m. 🔄 Last Modified: March 13, 2026, 9:39 p.m.
Load More Vulnerability
avatar

Mehmet Ince

@mdisec

CVE stats coming here

avatar

Nuri Çilengir

@ncilengir

CVE stats coming here

avatar

@aydinnyunus

CVE stats coming here

avatar

Onurcan Genç

@onurcangnc

CVE stats coming here

avatar

Seyit Sigirci

@h3xecute

CVE stats coming here

avatar

Ali İltizar

@iltosec

CVE stats coming here

avatar

@b3rsec

CVE stats coming here

avatar

@furkank

CVE stats coming here

avatar

kutaysec

@kutaysec

CVE stats coming here