6.3
CVE-2024-52334 -
A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). The affected application does not encrypt the passwords properly. This could allow an attacker to recover the original passwords and might gain unauthorized access.
8.8
CVE-2026-24343 - Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions
Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.
9.8
CVE-2026-23906 - Apache Druid: Authentication Bypass via LDAP Anonymous Bind
Affected Products and Versions * Apache Druid * Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0) * Prerequisites: * druid-basic-security extension enabled * LDAP authenticator configured * Underlying LDAP server permits anonymous bindย ย ย ย ย ย ย ย ย ย ย ย ย ย โฆ
5.4
CVE-2025-14895 - PopupKit <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data Deletion
The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to access the /popup/logs REST API endpoint. This makes it possible for authenticated attackers, with Subscโฆ
6.4
CVE-2026-1922 - The Events Calendar Shortcode & Block <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scrโฆ
The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ecs-list-events` shortcode `message` attribute in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attribโฆ
7.2
CVE-2026-1866 - Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encodโฆ
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitization function calling `html_entity_decode()` before `wp_kses()`, and then calling `html_entity_decodโฆ
7.5
CVE-2026-2268 - Ninja Forms <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action
The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the `ninja_forms_merge_tags` filter to user-supplied input within repeater fields, which allows the resolution of `{post_meta:Kโฆ
1
CVE-2026-23901 - Apache Shiro: Brute force attack possible to determine valid user names
Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1.*, 2.* before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, โฆ
3.3
CVE-2026-2271 - gimp: GIMP: Denial of service via crafted PSP image file
No description is available for this CVE.
4.3
CVE-2026-2272 - gimp: GIMP: Memory corruption due to integer overflow in ICO file handling
No description is available for this CVE.