7.5

CVSS3.1

CVE-2026-1947 - NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated…

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submit_nex_form() function due to missing validation on a user controlled key. This makes it possible for unauthenticated at…

πŸ“… Published: March 15, 2026, 1:19 a.m. πŸ”„ Last Modified: March 15, 2026, 1:19 a.m.

4.3

CVSS3.1

CVE-2026-1883 - Wicked Folders <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrar…

The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the delete_folders() function due to missing validation on a user controlled key. This makes it possib…

πŸ“… Published: March 15, 2026, 1:19 a.m. πŸ”„ Last Modified: March 15, 2026, 1:19 a.m.

9.3

CVSS4.0

CVE-2026-4163 - Wavlink WL-WN579A3 POST Request wireless.cgi GuestWifi command injection

A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit i…

πŸ“… Published: March 14, 2026, 10:32 p.m. πŸ”„ Last Modified: March 14, 2026, 10:32 p.m.

6.1

CVSS3.1

CVE-2026-4179 - stm32: usb: Infinite while loop in Interrupt Handler

Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop.

πŸ“… Published: March 14, 2026, 9:51 p.m. πŸ”„ Last Modified: March 14, 2026, 9:51 p.m.

5.1

CVSS4.0

CVE-2026-32774 - Vulnogram - Stored Cross-Site Scripting via Comment Hypertext

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers.

πŸ“… Published: March 14, 2026, 9:44 p.m. πŸ”„ Last Modified: March 14, 2026, 9:44 p.m.

3.8

CVSS3.1

CVE-2026-0849 - crypto: ATAES132A response length allows stack buffer overflow

Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.

πŸ“… Published: March 14, 2026, 9:05 p.m. πŸ”„ Last Modified: March 14, 2026, 9:05 p.m.

5.3

CVSS3.1

CVE-2026-1870 - Thim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure

The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7. Th…

πŸ“… Published: March 14, 2026, 1:24 p.m. πŸ”„ Last Modified: March 14, 2026, 1:24 p.m.

0.0

CVE-2025-54920 - Apache Spark: Spark History Server Code Execution Vulnerability

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jac…

πŸ“… Published: March 14, 2026, 9:01 a.m. πŸ”„ Last Modified: March 14, 2026, 9:01 a.m.

4.3

CVSS3.1

CVE-2026-1948 - NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (…

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_license() function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with Su…

πŸ“… Published: March 14, 2026, 3:24 a.m. πŸ”„ Last Modified: March 14, 2026, 3:24 a.m.

5

CVSS3.1

CVE-2026-0385 - Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

πŸ“… Published: March 13, 2026, 9:55 p.m. πŸ”„ Last Modified: March 13, 2026, 9:55 p.m.
Total resulsts: 338000
Page 2 of 33,800
Β« previous page Β» next page
Filters