9.8
CVE-2026-1952 - Denial of service via the undocumented subfunction in AS320T
Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.
9.8
CVE-2026-1950 - No checking of the length of the buffer with the file name in AS320T
Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability.
9.8
CVE-2026-1949 - Incorrect calculation of buffer size on the stack in AS320T
Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.
6.4
CVE-2026-5428 - Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Im…
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to and including 1.7.1056. This is due to insufficient output escaping in the render_post_thumbnail() function, where wp_kses_post(…
5.3
CVE-2026-6810 - Booking Calendar Contact Form <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Refere…
The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dex_bccf_admin_int_calendar_list.inc.php file due to missing validation on a user controlled key. This makes it possible for authenticated at…
5.3
CVE-2026-5347 - WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink…
The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admin_init hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php. T…
8.1
CVE-2026-5364 - Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via s…
The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing the file type parameter to be controlled by the attac…
8.7
CVE-2026-6947 - D-Link|DWM-222W USB Wi-Fi Adapter - Brute-Force Protection Bypass
DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device.
7.5
CVE-2026-41324 - basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()
basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to `Client…
7.7
CVE-2026-41485 - Kyverno Controller Denial of Service via forEach Mutation Panic
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the `forEach` mutation handler allows any user with permission to create a `Policy` or `ClusterPolicy` to crash the cluster-wide background controller…