CVE-2026-48165

Disclaimer: This data contains information about vulnerable...

CVE-2026-44168

Disclaimer: This data contains information about vulnerable...

CVE-2026-44169

Disclaimer: This data contains information about vulnerable...

CVE-2024-33724

SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php. Affected software is SOPlanning; the vulnerability arises in the groupe_id handling, enabling injection that can affect authenticated users and potentially hijack sessions (per C...

CVE-2026-42048

creationtimestamp| type| source ---|---|--- 2026-04-27 10:45:50+00:00| published-proof-of-concept| https://github.com/langflow-ai/langflow/security/advisories/GHSA-9whx-c884-c68q 2026-05-14 05:44:30+00:00| seen|...

CVE-2024-32537

CVE-2024-32537 is a CSRF vulnerability in the Flash Video Player plugin for WordPress (joshuae1974). Public description indicates the issue affects Flash Video Player versions from unspecified earliest through 5.0.4. Connected sources confirm a CSRF flaw; Red Hat and CVE feeds reiterate the same,...

CVE-2024-35644

CVE-2024-35644 describes a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Preferred Languages” by Pascal Birchler. The issue is caused by improper input neutralization during web page generation, enabling DOM-based XSS. It affects versions from n/a through 2.2.2 of th...

CVE-2024-34438

CVE-2024-34438 is a Missing Authorization vulnerability in the WordPress plugin Shared Files (Download Manager & Media Gallery) affecting versions up to and including 1.7.19 . The issue enables unauthorized access to protected resources due to broken access control. The CVSS v3.1 base score is 5....

AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities

From an Anthropic blog post: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates h...

CVE-2024-30461

CVE-2024-30461 affects Tumult Hype Animations (WordPress plugin) up to version 1.9.11. The issue is an DOM-based XSS caused by improper input neutralization during web page generation, enabling script execution in the context of a user’s browser. Public sources consistently describe this as a Cro...

CVE-2023-49186

CVE-2023-49186 affects the WordPress plugin Machic Core (

CVE-2023-3867

In CVE-2023-3867, the Linux kernel ksmbd SMB2 session setup function smb2_sess_setup could perform an out-of-bounds read when a compound SMB2 request contains a second payload, enabling an OOB read while processing the first payload. The issue is tied to not handling the case where smb2 session s...

CVE-2023-32253

CVE-2023-32253 affects the Linux kernel’s ksmbd subsystem. A deadlock is triggered by sending multiple concurrent session setup requests, which can lead to a denial of service. Provided sources consistently describe the issue in the ksmbd component and its DO S impact; no explicit exploit details...

CVE-2023-32256

The CVE-2023-32256 entry describes a race condition in the Linux kernel ksmbd component where a race between smb2 close and logoff on multichannel connections can cause a use-after-free. This affects the Linux kernel ksmbd implementation; the vulnerability details include the potential for a secu...

CVE-2014-0468

CVE-2014-0468 affects FusionForge prior to 5.3+20140506, due to a misconfigured Apache setup that allows the web server to execute scripts uploaded by users in raw SCM repositories (SVN, Git, Bzr...). This mode C summary uses concrete details from connected sources: affected product/component (Fu...

CVE-2021-41691

CVE-2021-41691 affects OS4Ed Open Source Information System Community v8.0 (openSIS). The openSIS 8.0 product is reported vulnerable to SQL injection through the POST endpoint /TransferredOutModal.php, using the parameters student_id and TRANSFER[SCHOOL]. The Nuclei template confirms an HTTP POST...

CVE-2024-4025

CVE-2024-4025 describes a DoS in GitLab CE/EE across all versions up to fixed points: 7.10–16.11.4, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1, triggered by processing a crafted Markdown page. The issue's impact is high (availability loss) per CVSS; no exploitation details are provided in the...

CVE-2024-3062

The CVE-2024-3062 entry concerns the WordPress plugin Save as Image by Pdfcrowd (pre-3.2.2). It documents that certain settings are not sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite setups). Affected com...

CVE-2024-0970

CVE-2024-0970 concerns the WordPress plugin User Activity Tracking and Log (pre-4.1.4). The vulnerability stems from retrieving client IP addresses from untrusted headers, enabling an attacker to spoof/manipulate the logged IP address in activity logs. Public sources in the connected data confirm...

CVE-2024-0249

CVE-2024-0249 affects the WordPress plugin Advanced Schedule Posts (versions ≤ 2.1.8). The vulnerability is a Reflected Cross‑Site Scripting (XSS) caused by not sanitising/escaping a parameter before echoing it on the page, which could impact high‑privilege users (e.g., admins). Exploitation stat...