4.3
CVE-2026-22279 -
Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficient logging vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information tampering.
0.0
CVE-2026-24402 -
GitHub cannot issue a CVE for this Security Advisory because this advisory includes information about more than one vulnerability. According to [rule 4.2.11 of the CVE CNA rules](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_4-2_CVE_ID_Assignment): > 4.2.6 CNAs SHOULD assβ¦
8.5
CVE-2026-1260 - Invalid Memory Access in Sentencepiece,
Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.
7.1
CVE-2026-0535 - Stored XSS in Electronic Library Component Description
A maliciously crafted HTML payload, stored in a componentβs description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code inβ¦
7.1
CVE-2026-0534 - Stored XSS in the value of a part attribute
A maliciously crafted HTML payload, stored in a partβs attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the coβ¦
7.1
CVE-2026-0533 - Stored XSS in Fusion desktop when attempting to delete a file
A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local β¦
4.3
CVE-2026-22359 - WordPress Wordpress Movies Bulk Importer plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerabβ¦
Cross-Site Request Forgery (CSRF) vulnerability in AA-Team Wordpress Movies Bulk Importer movies importer allows Cross Site Request Forgery.This issue affects Wordpress Movies Bulk Importer: from n/a through <= 1.0.
8.7
CVE-2023-7335 - EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics
EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem, inclβ¦
7.5
CVE-2026-24390 - WordPress Kentha Elementor Widgets plugin < 3.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through < 3.1.
6.5
CVE-2026-24389 - WordPress Gallery PhotoBlocks plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows DOM-Based XSS.This issue affects Gallery PhotoBlocks: from n/a through <= 1.3.2.