268 matches found
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...
CVE-2026-57343 WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...
EUVD-2026-39756
Unauthenticated Cross Site Request Forgery CSRF in Real Estate 7 = 3.5.9 versions...
CVE-2026-57641 WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Real Estate 7 = 3.5.9 versions...
EUVD-2026-39674
Unauthenticated SQL Injection in Real Estate 7 = 3.5.9 versions...
CVE-2026-49079 WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetSearch = 3.5.17 versions...
EUVD-2026-36972
Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...
CVE-2026-40732
Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...
PT-2026-49407
Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...
PT-2026-45502
A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made...
2026-05 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809 for ARM64 (KB5088864)
2026-05 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809 for ARM64 KB5088864...
OESA-2026-2151 libXpm security update
X.Org X11 libXpm runtime library Security Fixes: A vulnerability was found in X.org libXpm up to 3.5.4. It has been classified as problematic.CWE is classifying the issue as CWE-125. The product reads data past the end, or before the beginning, of the intended buffer.This is going to have an impa...
CVE-2025-15636
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in emarket-design YouTube Showcase youtube-showcase allows Stored XSS.This issue affects YouTube Showcase: from n/a through = 3.5.1...
April 14, 2026-KB5084165 Cumulative Update for .NET Framework 3.5 for Windows 11, version 26H1 (build 28000) and later
None None...
SUSE CVE-2026-31807
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...
CVE-2026-25372 WordPress Academy LMS plugin <= 3.5.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through = 3.5.3...
EUVD-2026-5189
Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through = 3.5.34...
EUVD-2025-206450
Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2,...
Discourse security vulnerabilities
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Vulnerabilities exist in versions of Discourse prior to 3.5.4, as well as versions prior to 2025.11.2, 2025.12.1, and 2026.1....
The x509 application adds trusted use instead of rejected use
Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste...