7.3
CVE-2026-6553 - TYPO3 CMS Stores Cleartext Password in User Settings Module
Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.
7.2
CVE-2026-39467 - WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0.
5.1
CVE-2026-3317 - Reflected Cross-Site Scripting in Navigate CMS application
Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker tβ¦
8.2
CVE-2025-13826 - Incorrect input validation on the Zervit portable HTTP/Web server
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is successfulβ¦
6.1
CVE-2026-6711 - Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filter_input() without a sanitization filter and insufficient output escaping. This makes it possible for unauthenβ¦
4.4
CVE-2026-6712 - Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting
The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions β¦
4.3
CVE-2026-6703 - Responsive Blocks <= 2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modifiβ¦
The Responsive Blocks β Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticatedβ¦
7.8
CVE-2026-31368 - Privilege Bypass in AiAssistant
AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.
6.3
CVE-2026-31370 - Information Leak Vulnerability in Honor E
Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
3.2
CVE-2026-31369 - Privilege Bypass in PcManager
PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability