5.3
CVE-2026-4751 - NULL Pointer Dereference in tmate-io tmate
NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.
9.1
CVE-2026-4750 - Out-of-bounds Read in fabiangreffrath woof
Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.
6.5
CVE-2026-4749 - NVD-CWE-noinfo in albfan miraclecast
NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0.
7.5
CVE-2026-4662 - JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter being excluded from the HMAC signature validation (allowing attacker-controlled input to bypass secu…
9.1
CVE-2026-4283 - WP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of N…
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the `super-unsubscribe` AJAX action accepting a `process_now` parameter from unauthenticated users, which bypasses the intended email-confirm…
6.5
CVE-2026-3138 - Product Filter for WooCommerce by WBW <= 3.1.2 - Missing Authorization to Unauthenticated Filter Da…
The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check in all versions up to, and including, 3.1.2. This is due to the plugin's MVC framework dynamically registering unauthenticated AJAX handlers via `wp_ajax_nopriv_`…
8.7
CVE-2026-4640 - Galaxy Software Services|Vitals ESP - Missing Authentication
Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information.
8.7
CVE-2026-4639 - Galaxy Software Services|Vitals ESP - Incorrect Authorization
Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges.
6.9
CVE-2026-4632 - itsourcecode Online Enrollment System Parameter index.php sql injection
A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack may be performed from…
5.9
CVE-2026-3260 - Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests
A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to…