CVE-2026-44262

Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

CVE-2025-0612 affecting package nodejs for versions less than 24.14.1-3

CVE-2025-0612 affecting package nodejs for versions less than 24.14.1-3. An upgraded version of the package is available that resolves this issue...

CVE-2026-46483 affecting package vim for versions less than 9.2.0488-1

CVE-2026-46483 affecting package vim for versions less than 9.2.0488-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-39830 affecting package packer for versions less than 1.9.5-14

CVE-2026-39830 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...

PT-2026-44558

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in PDFium allows a remote attacker to potentially exploit heap corruption through a crafted PDF file. Use after free occurs when an application continues to use ...

CVE-2018-25324 Simple Fields 0.2-0.3.5 Local File Inclusion via wp_abspath

Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wpabspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wpabspath values to...

@afd-software/angular-ng-autocomplete (=14.0.0), @angularexpert/my-workspace (=0.0.0) +147 more potentially affected by CVE-2026-41423 via @angular/platform-server (>=0.0.0-0 <=18.2.14)

@angular/platform-server NPM version =0.0.0-0, =5.0.0, =1.0.0, =0.0.1, =2.0.0, =0.0.6, =19.3.0, =1.5.0, =1.4.1, =1.5.2 - @nani-creative-labs/app-builder =1.0.0 - @nger/angular =1.0.3 and more Source cves: CVE-2026-41423 Source advisory: OSV:GHSA-45Q2-GJVG-7973...

CVE-2026-22495

CVE-2026-22495 corresponds to a Local File Inclusion in the WordPress Greenville theme (AncoraThemes Greenville) up to version 1.3.2, caused by improper control of filenames in include/require statements. The CVSSv3.1 base score is 8.1 (HIGH) with network attack vector, high attack complexity, no...

CVE-2026-32058

OpenClaw prior to 2026.2.26 contains an approval context-binding weakness in system.run flows with host=node that allows reuse of previously approved requests after environment variables are modified. Exploitation requires access to an approval id to reuse an approval with changed env input, bypa...

WordPress Seraphinite Accelerator plugin <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log Clearing vulnerability

Missing Authorization to Authenticated Subscriber+ Log Clearing vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Seraphinite Accelerator versions = 2.28.14...

WordPress Xpro Addons - 140+ Widgets for Elementor plugin <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link vulnerability

WordPress Xpro Addons - 140+ Widgets for Elementor plugin = 1.4.24 - Authenticated Contributor+ Stored Cross-Site Scripting via Image Scroller Widget box link vulnerability discovered by zer0gh0st in WordPress Plugin Xpro Elementor Addons versions = 1.4.24...

CVE-2025-69295

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Coven Core coven-core allows Blind SQL Injection.This issue affects Coven Core: from n/a through = 1.3...

WordPress Best-wp-google-map plugin <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'latitude' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'latitude' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin Best-wp-google-map versions = 2.1...

AZL-76119 CVE-2026-22795 affecting package edk2 for versions less than 20230301gitf80f052277c8-47

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...

CVE-2026-24595 WordPress Zoho CRM Lead Magnet plugin <= 1.8.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through = 1.8.1.9...

PT-2025-53670

Name of the Vulnerable Software and Affected Versions PbootCMS versions prior to 3.2.12 Description A security issue exists in PbootCMS that allows for remote manipulation of the X-Forwarded-For argument. This manipulation impacts the get user ip function within the core/function/handle.php file,...

CVE-2025-63037

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows DOM-Based XSS.This issue affects Ronneby Theme Core: from n/a through = 1.5.68...

CVE-2025-40936

Summary: CVE-2025-40936 affects Siemens PS/IGES Parasolid Translator Component versions prior to 29.0.258. The connected ZDI advisory (ZDI-25-1042) specifies an out-of-bounds read during IGS file parsing, which can crash the host application or allow arbitrary code execution in the current proces...

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +207 more potentially affected by CVE-2025-62706 via authlib (>=1.0.0 <=1.6.4)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2025-62706 Source advisory:...

AZL-64604 CVE-2025-38149 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: net: phy: clear phydev-devlink when the link is deleted There is a potential crash issue when disabling and re-enabling the network port. When disabling the network port, phydetach calls devicelinkdel to remove the device link, b...