7.6
CVE-2026-41038 - Weak Password Policy Vulnerability in Quantum Networks Router QN-I-470
This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading tโฆ
8.7
CVE-2026-41036 - Command Injection Vulnerability in Quantum Networks Router QN-I-470
This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this vโฆ
8.7
CVE-2026-41037 - Missing Rate Limiting Vulnerability in Quantum Networks Router QN-I-470
This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative credentโฆ
7.3
CVE-2026-6553 - TYPO3 CMS Stores Cleartext Password in User Settings Module
Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.
7.2
CVE-2026-39467 - WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0.
5.1
CVE-2026-3317 - Reflected Cross-Site Scripting in Navigate CMS application
Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker tโฆ
8.2
CVE-2025-13826 - Incorrect input validation on the Zervit portable HTTP/Web server
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is successfulโฆ
6.1
CVE-2026-6711 - Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filter_input() without a sanitization filter and insufficient output escaping. This makes it possible for unauthenโฆ
4.4
CVE-2026-6712 - Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting
The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions โฆ
4.3
CVE-2026-6703 - Responsive Blocks <= 2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modifiโฆ
The Responsive Blocks โ Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticatedโฆ