CVE-2026-55477

3X-UI before version 3.3.1 is affected. An authenticated administrator can abuse the database import functionality to write arbitrary files on the host by altering Xray configuration values stored in the database, enabling code execution and persistent access as the Xray process user (including r...

CVE-2026-56051

The CVE-2026-56051 entry describes an unauthenticated reflected XSS vulnerability in the WordPress TablePress plugin, affecting versions

Command Injection

Overview degit is a Straightforward project scaffolding Affected versions of this package are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec method by cloneWithGit and fetchRefs functions. An attacker can execute...

CVE-2025-62233

CVE-2025-62233 concerns Apache DolphinScheduler’s RPC module. A deserialization of untrusted data vulnerability affects versions >= 3.2.0 and

CVE-2026-2505 Categories Images <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'z_taxonomy_image' Shortcode

The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'ztaxonomyimage' shortcode. This is due to the shortcode rendering path passing attacker-controlled class input into a fallback image builder that concatenates...

CVE-2026-2505 Categories Images <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'z_taxonomy_image' Shortcode

The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'ztaxonomyimage' shortcode. This is due to the shortcode rendering path passing attacker-controlled class input into a fallback image builder that concatenates...

WordPress Categories Images plugin <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Categories Images versions = 3.3.1...

Important: Red Hat Security Advisory: Red Hat AI Inference Server 3.3.1 (CUDA)

Red Hat AI Inference Server 3.3.1 CUDA is now available. Red Hat® AI Inference Server...

Important: Red Hat Security Advisory: Red Hat AI Inference Server 3.3.1 (ROCm)

Red Hat AI Inference Server 3.3.1 ROCm is now available. Red Hat® AI Inference Server...

CVE-2026-40734 WordPress Categories Images plugin <= 3.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zahlan Categories Images categories-images allows DOM-Based XSS.This issue affects Categories Images: from n/a through = 3.3.1...

CVE-2026-40734 WordPress Categories Images plugin <= 3.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zahlan Categories Images categories-images allows DOM-Based XSS.This issue affects Categories Images: from n/a through = 3.3.1...

CVE-2026-40734

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zahlan Categories Images categories-images allows DOM-Based XSS.This issue affects Categories Images: from n/a through = 3.3.1...

PT-2026-33042

Name of the Vulnerable Software and Affected Versions Zahlan Categories Images versions n/a through 3.3.1 Description Improper neutralization of input during web page generation in the categories-images component allows DOM-Based Cross-Site Scripting XSS, a flaw where the application contains...

SUSE CVE-2026-33320

Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...

CVE-2026-32363

Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through = 3.3.1...

EUVD-2026-11855

Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through = 3.3.1...

CVE-2026-32363 WordPress WPLifeCycle plugin <= 3.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through = 3.3.1...

CVE-2026-32363

Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through = 3.3.1...

PT-2026-25210

Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through = 3.3.1...

CVE-2025-7706 Improper Access Control in TUBITAK BILGEM's Liderahenk

Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion. This issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0...