7.8
CVE-2026-34001 - Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential meβ¦
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentiallyβ¦
7.8
CVE-2026-33999 - Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map haβ¦
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of serviceβ¦
8.7
CVE-2026-35225 - Improper timeout handling in CODESYS EtherNetIP
An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.
6.3
CVE-2026-41461 - SocialEngine <= 7.8.0 Blind SSRF via /core/link/preview
SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbound HTTP requests. Authenticated remote attackers caβ¦
9.3
CVE-2026-41460 - SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall
SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this vulnerabβ¦
4.7
CVE-2025-66286 - Webkitgtk: authorization bypass through webpage::send-request signal handler
An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP requests β¦
9.9
CVE-2026-39440 - WordPress FunnelFormsPro plugin <= 3.8.1 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1.
5.7
CVE-2025-13763 - Libopensc: opensc: multiple uses of uninitialized variable
Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs
6.5
CVE-2025-62110 - WordPress Rescue Shortcodes plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 3.3.
4.3
CVE-2025-62104 - WordPress ACF Galerie 4 plugin <= 1.4.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2.