4.4
CVE-2026-1053 - Ivory Search <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse'β¦
The Ivory Search β WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrβ¦
7.5
CVE-2026-0702 - VidShop β Shoppable Videos for WooCommerce <= 1.1.4 - Unauthenticated Time-Based SQL Injection via β¦
The VidShop β Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL queβ¦
4.4
CVE-2026-1381 - Order Minimum/Maximum Amount Limits for WooCommerce <= 4.6.8 - Authenticated (Shop Manager+) Storedβ¦
The Order Minimum/Maximum Amount Limits for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shoβ¦
4.3
CVE-2026-0818 - CSS-based exfiltration of the content from partially encrypted emails when allowing remote content
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If tβ¦
9.8
CVE-2025-40554 - SolarWinds Web Help Desk Authentication Bypass Vulnerability
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
9.8
CVE-2025-40553 - SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
9.8
CVE-2025-40552 - SolarWinds Web Help Desk Authentication Bypass Vulnerability
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
9.8
CVE-2025-40551 - SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
7.5
CVE-2025-40537 - SolarWinds Web Help Desk Hardcoded Credentials Vulnerability
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.
8.1
CVE-2025-40536 - SolarWinds Web Help Desk Security Control Bypass Vulnerability
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.