5.3
CVE-2026-6222 - Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Informaβ¦
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the `processRequest()` method in `Forminator_Admin_Module_Edit_Page` (admin/abstracts/class-admin-module-edit-page.php) dispatching sensitive module-management actβ¦
5.1
CVE-2026-40003 - USB-based arbitrary memory write vulnerability in ZTE ZX297520V3 soc BootROM
ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow, bypβ¦
3.7
CVE-2026-44597 - Out-of-bounds Read in Tor Relay Cell Handling for END, TRUNCATE Cells Without Reason
Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.
0.0
CVE-2026-36458 - ChestnutCMS v1.5.10 SQL Injection via cms_content tag
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.
0.0
CVE-2025-63705 - OS Command Injection in node-ts-ocr 1.0.15
NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js.
0.0
CVE-2026-30496 - Unauthenticated Remote Control via HTTP API on Optoma CinemaX P2 Projector
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration (74 endpoints) and writing/modifying settings including volume, mute, brightβ¦
7.5
CVE-2025-65122 -
Regex Denial of Service in youtube-regex npm package through version 1.0.5.
0.0
CVE-2025-63703 - Prototype Pollution Vulnerability in parse-ini v1.0.6
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js().
6.5
CVE-2026-36387 -
A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE.
7.8
CVE-2026-43284 - xfrm: esp: avoid in-place decrypt on shared skb frags
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packeβ¦