- CVE-2026-32774 - Vulnogram - Stored Cross-Site Scripting via Comment Hypertext
- CVE-2026-0849 - crypto: ATAES132A response length allows stack buffer overflow
- CVE-2026-1870 - Thim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure
- CVE-2025-54920 - Apache Spark: Spark History Server Code Execution Vulnerability
- CVE-2026-1948 - NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license
- CVE-2026-0385 - Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
- CVE-2026-32732 - XSS in @leanprover/unicode-input-component
- CVE-2026-32729 - Runtipi has a TOTP two-factor authentication bypass via unrestricted brute-force on `/api/auth/verify-totp`
- CVE-2026-32724 - PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition
- CVE-2026-3227 - Authenticated Command Injection on TP-Link TL-WR802N, TL-WR841N and TL-WR840N
- CVE-2026-32720 - Improper Access Control in github.com/ctfer-io/monitoring
- CVE-2026-32719 - AnythingLLM has a Zip Slip Path Traversal and Code Execution via Community Hub Plugin Import
- CVE-2026-32717 - AnythingLLM access control bypass: suspended users can continue using Browser Extension API keys
- CVE-2026-32715 - AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences
- CVE-2026-32713 - PX4 Autopilot MAVLink FTP Session Validation Logic Error Allows Operations on Invalid File Descriptors
- CVE-2026-32709 - PX4 Autopilot MAVLink FTP Unauthenticated Path Traversal (Arbitrary File Read/Write/Delete)
- CVE-2026-32708 - Zenoh uORB Subscriber Allows Arbitrary Stack Allocation (PX4/PX4-Autopilot)
- CVE-2026-32707 - PX4 autopilot has a stack buffer overflow in tattu_can due to unbounded memcpy in frame assembly loop
- CVE-2026-32706 - PX4 autopilot has a global buffer overflow in crsf_rc via oversized variable-length known packet
- CVE-2026-32705 - PX4 autopilot BST Device Name Length Can Overflow Driver Buffer
- CVE-2026-32616 - Pigeon has a Host Header Injection in email verification flow
- CVE-2026-32704 - SiYuan renderSprig: missing admin check allows any user to read full workspace DB
- CVE-2026-26133 - M365 Copilot Information Disclosure Vulnerability
- CVE-2026-32702 - Cleanuparr has Username Enumeration via Timing Attack
- CVE-2026-32640 - (SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.
- CVE-2026-32772 - Telnet in GNU Inetutils Environmental Variable Disclosure Vulnerability
- CVE-2026-32635 - Angular has XSS in i18n attribute bindings
- CVE-2026-32630 - file-type affected by ZIP Decompression Bomb DoS via [Content_Types].xml entry
- CVE-2026-32628 - AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter
- CVE-2026-32627 - cpp-httplib has a Silent TLS Certificate Verification Bypass on HTTPS Redirect via Proxy
- CVE-2025-15060 - claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability
- CVE-2026-0956 - Digilent DASYLab Out-of-Bounds Read Memory Corruption Vulnerability
- CVE-2026-4092 - Google Apps Script Path Traversal Remote Code Execution Vulnerability
- CVE-2026-26954 - SandboxJS Function Injection Vulnerability
- CVE-2026-0955 - Digilent DASYLab Out-of-Bounds Read Memory Corruption Vulnerability
- CVE-2026-0957 - Digilent DASYLab Out-of-Bounds Write Vulnerability
- CVE-2026-32745 - JetBrains Datalore Session Hijacking Vulnerability
- CVE-2025-66249 - Apache Livy Path Traversal Vulnerability
- CVE-2025-60012 - Apache Livy Spark Configuration File Access Vulnerability
- CVE-2026-0954 - Digilent DASYLab Out-of-Bounds Write Memory Corruption Vulnerability
- CVE-2025-13778 - ABB AWIN GW100 GW120 Authentication Bypass
- CVE-2026-2673 - OpenSSL TLS 1.3 Key Exchange Group Selection Vulnerability
- CVE-2026-32460 - Themefic Ultimate Addons for Contact Form 7 Cross-Site Scripting (XSS)
- CVE-2026-32461 - Really Simple SSL Missing Authorization Vulnerability
- CVE-2026-32486 - Wptravelengine Travel Booking Missing Authorization Vulnerability
- CVE-2026-32487 - Raratheme Lawyer Landing Page Missing Authorization Vulnerability
- CVE-2026-32451 - ThemeFusion Fusion Builder Missing Authorization Vulnerability
- CVE-2026-32458 - RealMag777 WOLF SQL Injection
- CVE-2026-32450 - RealMag777 Active Products Tables for WooCommerce Cross-site Scripting
- CVE-2026-32453 - Avada Core Missing Authorization Vulnerability
- CVE-2026-32456 - Admin Menu Editor CSRF Vulnerability
- CVE-2026-32452 - ThemeFusion Fusion Builder Missing Authorization Vulnerability
- CVE-2026-32448 - Podlove Podcast Publisher Cross-site Scripting Vulnerability
- CVE-2026-32442 - E2Pdf Missing Authorization Vulnerability
- CVE-2026-32457 - Wombat Plugins WooCommerce Advanced Product Fields Missing Authorization Vulnerability
- CVE-2026-32543 - CyberChimps Responsive Blocks Missing Authorization Vulnerability
- CVE-2026-32447 - Atarim Visual Collaboration Missing Authorization Vulnerability
- CVE-2026-32446 - WPForms Lite Missing Authorization Vulnerability
- CVE-2026-32455 - RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter Cross-site Scripting
- CVE-2026-32445 - Elementor Website Builder Missing Authorization Vulnerability
- CVE-2026-32443 - WooCommerce Product Feed PRO CSRF Vulnerability
- CVE-2026-32459 - Flycart UpsellWP SQL Injection
- CVE-2026-32454 - Avada ThemeFusion Cross-site Scripting (XSS)
- CVE-2026-32449 - Themifyme Themify Event Post Stored Cross-site Scripting
- CVE-2026-32440 - Ex-Themes WP Food Unauthenticated Access Control Bypass
- CVE-2026-32462 - Liton Arefin Master Addons for Elementor Cross-site Scripting
- CVE-2026-4111 - Libarchive RAR5 Archive Decompression Infinite Loop Denial of Service Vulnerability
- CVE-2026-23943 - Erlang OTP SSH Compression Bomb DoS
- CVE-2026-23942 - Erlang OTP SSH SFTP Path Traversal Vulnerability
- CVE-2026-4105 - Systemd Machined Improper Access Control Vulnerability
- CVE-2026-3986 - WordPress Calculated Fields Form Stored Cross-Site Scripting Vulnerability
- CVE-2026-3999 - Apache HTTP Server Privilege Escalation Vulnerability
- CVE-2026-23941 - Erlang OTP HTTP Request Smuggling
- CVE-2026-3873 - Avantra Hard-coded Credentials Authentication Bypass
- CVE-2026-24097 - Checkmk Unauthenticated Information Disclosure
- CVE-2026-2879 - WordPress GetGenie Plugin Insecure Direct Object Reference
- CVE-2026-2859 - Checkmk Information Disclosure
- CVE-2026-2888 - "Formidable Forms WordPress Authorization Bypass"
- CVE-2026-4063 - WPZOOM Social Icons Widget & Block Unauthenticated Data Modification Vulnerability
- CVE-2026-2257 - WordPress GetGenie Plugin Insecure Direct Object Reference and Stored Cross-Site Scripting Vulnerability
- CVE-2026-3045 - WordPress Simply Schedule Appointments Unauthenticated Data Exposure Vulnerability
- CVE-2026-2890 - WordPress Formidable Forms Stripe Payment Integrity Bypass
- CVE-2026-1704 - WordPress Simply Schedule Appointments Booking Plugin Insecure Direct Object Reference
- CVE-2026-3891 - "Pix for WooCommerce Arbitrary File Upload Vulnerability"
- CVE-2025-15515 - Adobe EasyShare Authentication Bypass Data Leakage
- CVE-2025-8766 - Multi-Cloud Object Gateway Core Container Group Privilege Escalation Vulnerability
- CVE-2026-22215 - WordPress wpDiscuz CSRF
- CVE-2026-22216 - WordPress Discuz Unauthenticated Email Notification Subscription Vulnerability
- CVE-2026-22201 - wpDiscuz IP Spoofing Vulnerability
- CVE-2026-22203 - WordPress wpDiscuz Information Disclosure Vulnerability
- CVE-2026-22204 - WordPress wpDiscuz Email Header Injection Vulnerability
- CVE-2026-22191 - Adobe wpDiscuz Cross-Site Scripting (XSS)
- CVE-2026-22199 - WordPress wpDiscuz Cross-Site Request Forgery (CSRF) and Vote Manipulation Vulnerability
- CVE-2025-57849 - Apache Fuse Container Privilege Escalation Vulnerability
- CVE-2026-22210 - WordPress wpDiscuz Cross-Site Scripting Vulnerability
- CVE-2026-22182 - WordPress wpDiscuz Unauthenticated Denial of Service
- CVE-2026-22209 - WordPress Discuz Cross-Site Scripting Vulnerability
- CVE-2026-22192 - WordPress Discuz Stored Cross-Site Scripting Vulnerability
- CVE-2026-22183 - Apache wpDiscuz Stored Cross-Site Scripting
- CVE-2026-32612 - Statmatic: privilege escalation via stored cross-site scripting
Franck Ridel
