9.3
CVE-2026-4163 - Wavlink WL-WN579A3 POST Request wireless.cgi GuestWifi command injection
A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit iβ¦
6.1
CVE-2026-4179 - stm32: usb: Infinite while loop in Interrupt Handler
Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop.
5.3
CVE-2026-32774 - Vulnogram - Stored Cross-Site Scripting via Comment Hypertext
Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers.
3.8
CVE-2026-0849 - crypto: ATAES132A response length allows stack buffer overflow
Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.
0.0
CVE-2026-4178 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.3
CVE-2026-1870 - Thim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure
The Thim Kit for Elementor β Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7. Thβ¦
8.8
CVE-2025-54920 - Apache Spark: Spark History Server Code Execution Vulnerability
This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jacβ¦
4.3
CVE-2026-1948 - NEX-Forms β Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (β¦
The NEX-Forms β Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_license() function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with Suβ¦
5
CVE-2026-0385 - Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
0
CVE-2026-32732 - XSS in @leanprover/unicode-input-component
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as uneβ¦