CVE-2026-4379 (v3: 6.4) 8 Apr 2026

The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `group` attribute in the `[gallery]` shortcode in al... Read more ➔

CVE-2026-2988 (v3: 6.4) 8 Apr 2026

The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'powerpress' and 'podcast' shortcodes in versions up... Read more ➔

CVE-2026-5726 (v3: 7.8) 8 Apr 2026

ASDA-Soft Stack-based Buffer Overflow Vulnerability Read more ➔

CVE-2026-1163 (v3: 4.1) 8 Apr 2026

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions... Read more ➔

CVE-2026-3499 (v3: 8.8) 8 Apr 2026

The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in v... Read more ➔

CVE-2026-3296 (v3: 9.8) 8 Apr 2026

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrus... Read more ➔

CVE-2026-33810 8 Apr 2026

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a d... Read more ➔

CVE-2026-32289 8 Apr 2026

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches we... Read more ➔

CVE-2026-32288 8 Apr 2026

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded i... Read more ➔

CVE-2026-32283 8 Apr 2026

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrol... Read more ➔

CVE-2026-32282 8 Apr 2026

On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the syml... Read more ➔

CVE-2026-32281 8 Apr 2026

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mapp... Read more ➔

CVE-2026-32280 8 Apr 2026

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyO... Read more ➔

CVE-2026-27144 8 Apr 2026

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the... Read more ➔

CVE-2026-27143 8 Apr 2026

Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid i... Read more ➔

CVE-2026-27140 8 Apr 2026

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer... Read more ➔

CVE-2025-14732 (v3: 6.4) 8 Apr 2026

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget par... Read more ➔

CVE-2026-4788 (v3: 8.4) 8 Apr 2026

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user. Read more ➔

CVE-2026-3357 (v3: 8.8) 8 Apr 2026

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure def... Read more ➔

CVE-2026-1346 (v3: 9.3) 8 Apr 2026

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access... Read more ➔

CVE-2026-1343 (v3: 7.2) 8 Apr 2026

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access... Read more ➔

CVE-2026-5747 (v3: 7.5) 8 Apr 2026

An out-of-bounds write issue in the virtio PCI transport in Amazon Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow a lo... Read more ➔

CVE-2026-4406 (v3: 4.7) 8 Apr 2026

The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `form_ids` parameter in the `gform_get_config` AJAX act... Read more ➔

CVE-2026-4401 (v3: 5.4) 8 Apr 2026

The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the `actions_handler()` and `bulk_actions_handler()` methods... Read more ➔

CVE-2026-4394 (v3: 6.1) 8 Apr 2026

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field (`input_.4`) in... Read more ➔

Key Capabilities

Latest privacy news tracking

Latest Threat Intelligence

Breach modelling and ROI calculator

Threat Intelligence