7.5
CVE-2026-1947 - NEX-Forms β Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticatedβ¦
The NEX-Forms β Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submit_nex_form() function due to missing validation on a user controlled key. This makes it possible for unauthenticated atβ¦
4.3
CVE-2026-1883 - Wicked Folders <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrarβ¦
The Wicked Folders β Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the delete_folders() function due to missing validation on a user controlled key. This makes it possibβ¦
9.3
CVE-2026-4163 - Wavlink WL-WN579A3 POST Request wireless.cgi GuestWifi command injection
A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit iβ¦
6.1
CVE-2026-4179 - stm32: usb: Infinite while loop in Interrupt Handler
Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop.
5.1
CVE-2026-32774 - Vulnogram - Stored Cross-Site Scripting via Comment Hypertext
Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers.
3.8
CVE-2026-0849 - crypto: ATAES132A response length allows stack buffer overflow
Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.
5.3
CVE-2026-1870 - Thim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure
The Thim Kit for Elementor β Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7. Thβ¦
0.0
CVE-2025-54920 - Apache Spark: Spark History Server Code Execution Vulnerability
This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jacβ¦
4.3
CVE-2026-1948 - NEX-Forms β Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (β¦
The NEX-Forms β Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_license() function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with Suβ¦
5
CVE-2026-0385 - Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability