4.3
CVE-2026-2687 - Reading progressbar < 1.3.1 - Admin+ Stored XSS
The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
4.3
CVE-2025-15473 - Timetics < 1.0.52 - Unauthenticated Payment/Booking Status Update
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type.
5.3
CVE-2026-3992 - CodeGenieApp serverless-express Users Endpoint dynamodb.ts injection
A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made avaiβ¦
5.3
CVE-2026-3990 - CesiumGS CesiumJS standalone.html cross site scripting
A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argument c results in cross site scripting. The attack can be launched remotely. The exploit has been relβ¦
5.1
CVE-2026-3984 - Campcodes Division Regional Athletic Meet Game Result Matrix System save_up_athlete.php cross site β¦
A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athlete.php. This manipulation of the argument a_name causes cross site scripting. It is possible to initiate the attack remotely. Tβ¦
5.1
CVE-2026-3983 - Campcodes Division Regional Athletic Meet Game Result Matrix System save-games.php cross site scripβ¦
A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argument game_name results in cross site scripting. The attack may be performed from remote. The exploit hβ¦
5.3
CVE-2026-3982 - itsourcecode University Management System view_result.php cross site scripting
A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_result.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack can be executed remotely. The exploit haβ¦
6.9
CVE-2026-3981 - itsourcecode Online Doctor Appointment System doctor_action.php sql injection
A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publiβ¦
6.9
CVE-2026-3980 - itsourcecode Online Doctor Appointment System patient_action.php sql injection
A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to thβ¦
4.8
CVE-2026-3979 - quickjs-ng quickjs quickjs.c js_iterator_concat_return use after free
A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local access. The exploit has been published and may be used. Patch name: daab4ad4bae4ef071ed0294618d6244β¦