CVEs from 2026
Total
14,386
critical
critical 1,271
high
high 4,880
medium
medium 4,570
low
low 497
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-10305 | medium | 6.1 | 6.1 | 1d ago | Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd. | |||
| CVE-2026-6657 | medium | 6.1 | 6.1 | 2d ago | A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` configuration is used. The issue arises from the use o… | |||
| CVE-2026-20175 | medium | 6.1 | 6.1 | 2d ago | A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to b… | |||
| CVE-2026-20233 | medium | 6.1 | 6.1 | 2d ago | A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this… | |||
| CVE-2026-41569 | medium | 6.1 | 6.1 | 3d ago | authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper UR… | |||
| CVE-2026-40181 | medium | 6.1 | 6.1 | 3d ago | React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to p… | |||
| CVE-2026-33553 | medium | 6.1 | 6.1 | 3d ago | Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS. | |||
| CVE-2026-30586 | medium | 6.1 | 6.1 | 3d ago | Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZE_SCHEMA, Memo Rendering Component, and Public/Private Memo View … | |||
| CVE-2026-40713 | medium | 6.1 | 6.1 | 3d ago | Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerabilit… | |||
| CVE-2026-2425 | medium | 6.1 | 6.1 | 3d ago | The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new_domain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input … | |||
| CVE-2026-1451 | medium | 6.1 | 6.1 | 3d ago | The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escapi… | |||
| CVE-2026-1450 | medium | 6.1 | 6.1 | 3d ago | The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output esc… | |||
| CVE-2026-10510 | medium | 6.1 | 6.1 | 3d ago | Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute ar… | |||
| CVE-2026-45278 | medium | 6.1 | 6.1 | 4d ago | Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses … | |||
| CVE-2026-42253 | medium | 6.1 | 6.1 | 4d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies … | |||
| CVE-2026-5071 | medium | 6.1 | 6.1 | 6d ago | The SocketCAN implementation validates the length of a user-provided buffer containing a socketcan_frame object using only a NET_ASSERT statement in zcan_sendto_ctx() before dereferencing it in socke… | |||
| CVE-2026-49384 | medium | 6.1 | 6.1 | 7d ago | In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible | |||
| CVE-2026-49380 | medium | 6.1 | 6.1 | 7d ago | In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible | |||
| CVE-2026-49375 | medium | 6.1 | 6.1 | 7d ago | In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page | |||
| CVE-2026-36324 | medium | 6.1 | 6.1 | 7d ago | SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) due to improper handling of user supplied input in the user registration functionality in register.php. | |||
| CVE-2026-9646 | medium | 6.1 | 6.1 | 8d ago | A reflected cross-site scripting issue exists in URL handling. | |||
| CVE-2026-47328 | medium | 6.1 | 6.1 | 8d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug… | |||
| CVE-2026-45307 | medium | 6.1 | 6.1 | 8d ago | Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the is_safe_url() helper used to validate post-login redirect targets applied urlj… | |||
| CVE-2026-7660 | medium | 6.1 | 6.1 | 8d ago | The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sani… | |||
| CVE-2026-44681 | medium | 6.1 | 6.1 | 9d ago | Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authoriza… | |||
| CVE-2026-44475 | medium | 6.1 | 6.1 | 9d ago | Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored va… | |||
| CVE-2026-49102 | medium | 6.1 | 6.1 | 9d ago | Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type (e.g., text/plain). | |||
| CVE-2026-47119 | medium | 6.1 | 6.1 | 9d ago | Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the im… | |||
| CVE-2026-3349 | medium | 6.1 | 6.1 | 9d ago | The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insuffic… | |||
| CVE-2026-8906 | medium | 6.1 | 6.1 | 9d ago | The WP Promoter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on a function. This ma… | |||
| CVE-2026-3001 | medium | 6.1 | 6.1 | 9d ago | The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output… | |||
| CVE-2026-8707 | medium | 6.1 | 6.1 | 9d ago | The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and outp… | |||
| CVE-2026-8911 | medium | 6.1 | 6.1 | 9d ago | The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This … | |||
| CVE-2026-44897 | medium | 6.1 | 6.1 | 10d ago | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening <hN> tag by string-concatenating the id attribute value directly into the HTM… | |||
| CVE-2026-44708 | medium | 6.1 | 6.1 | 10d ago | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math ($...$) and block math ($$...$$) by concatenating the raw user-supplied con… | |||
| CVE-2026-44899 | medium | 6.1 | 6.1 | 10d ago | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^… | |||
| CVE-2026-44896 | medium | 6.1 | 6.1 | 10d ago | Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options direc… | |||
| CVE-2026-30894 | medium | 6.1 | 6.1 | 10d ago | Lack of output escaping leads to a XSS vector in the content history component. | |||
| CVE-2026-48903 | medium | 6.1 | 6.1 | 10d ago | Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components. | |||
| CVE-2026-48905 | medium | 6.1 | 6.1 | 10d ago | Lack of input filtering leads to an XSS vector in the HTML filter code. | |||
| CVE-2026-25901 | medium | 6.1 | 6.1 | 10d ago | Lack of output escaping leads to a XSS vector in the multilingual associations component. | |||
| CVE-2026-25900 | medium | 6.1 | 6.1 | 10d ago | Lack of output escaping leads to a XSS vector in the feed modules. | |||
| CVE-2026-30895 | medium | 6.1 | 6.1 | 10d ago | Lack of output escaping leads to a XSS vector in the readmore links for com_content. | |||
| CVE-2026-47070 | medium | 6.1 | 6.1 | 11d ago | HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney | |||
| CVE-2026-45249 | medium | 6.1 | 6.1 | 11d ago | A cross-site scripting (XSS) vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0,… | |||
| CVE-2026-36226 | medium | 6.1 | 6.1 | 14d ago | Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User compone… | |||
| CVE-2026-42506 | medium | 6.1 | 6.1 | 14d ago | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML befo… | |||
| CVE-2026-42502 | medium | 6.1 | 6.1 | 14d ago | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML befo… | |||
| CVE-2026-27136 | medium | 6.1 | 6.1 | 14d ago | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML befo… | |||
| CVE-2026-25681 | medium | 6.1 | 6.1 | 14d ago | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML befo… | |||
| CVE-2026-6864 | medium | 6.1 | 6.1 | 14d ago | The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sani… | |||
| CVE-2026-3481 | medium | 6.1 | 6.1 | 14d ago | The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to and including 0.9.14. This is due to insufficient input saniti… | |||
| CVE-2026-6841 | medium | 6.1 | 6.1 | 15d ago | Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary Jav… | |||
| CVE-2026-22880 | medium | 6.1 | 6.1 | 15d ago | Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Ma… | |||
| CVE-2026-47099 | medium | 6.1 | 6.1 | 16d ago | TeleJSON: DOM XSS via unsanitised constructor name in `new Function()` | |||
| CVE-2026-26028 | medium | 6.1 | 6.1 | 16d ago | CryptPad has a Sanitizer Bypass in Diffmarked.js that Allows Arbitrary HTML Injection and Potential XSS | |||
| CVE-2026-30691 | medium | 6.1 | 6.1 | 16d ago | Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanit… | |||
| CVE-2026-5776 | medium | 6.1 | 6.1 | 16d ago | The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks | |||
| CVE-2026-8627 | medium | 6.1 | 6.1 | 16d ago | The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] variable in versions up to and including 1.0. This is due to the correct_prices_pa… | |||
| CVE-2026-8626 | medium | 6.1 | 6.1 | 16d ago | The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output… | |||
| CVE-2026-8624 | medium | 6.1 | 6.1 | 16d ago | The LJ comments import: reloaded plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 0.97.1 due to insufficient input san… | |||
| CVE-2026-8420 | medium | 6.1 | 6.1 | 16d ago | The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a func… | |||
| CVE-2026-7462 | medium | 6.1 | 6.1 | 16d ago | The VatanSMS WP SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `page` parameter in all versions up to, and including, 1.01. This is due to insufficient input sanitiz… | |||
| CVE-2026-6395 | medium | 6.1 | 6.1 | 16d ago | The Word 2 Cash plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in versions up to and including 0.9.2. This is due to the complete absence of n… | |||
| CVE-2026-6391 | medium | 6.1 | 6.1 | 16d ago | The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect no… | |||
| CVE-2026-6871 | medium | 6.1 | 6.1 | 17d ago | This module enables you to obfuscate email addresses in content. The module doesn't sufficiently sanitize user input via the Twig filter. This vulnerability is mitigated by the fact that it only af… | |||
| CVE-2026-6367 | medium | 6.1 | 6.1 | 17d ago | Drupal 11.3 comes with support for completing entity suggestions whilst adding a link to CKEditor 5. The suggestions aren't sufficiently sanitized and a malicious user could trigger a stored cross s… | |||
| CVE-2026-6365 | medium | 6.1 | 6.1 | 17d ago | Drupal core's jQuery integration for AJAX modal dialog boxes does not sufficiently sanitize certain options, which which can lead to a cross-site scripting (XSS) vulnerability. | |||
| CVE-2026-6095 | medium | 6.1 | 6.1 | 17d ago | The IframeConsent element writes HTML attributes without escaping their value. This module has a XSS vulnerability. If an attacker is able to write an `<iframe-consent>` tag, they may be able to ins… | |||
| CVE-2026-5090 | medium | 6.1 | 6.1 | 17d ago | Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The html_filter function did not escape single quotes. HTML attributes inside of single quotes could… | |||
| CVE-2026-31906 | medium | 6.1 | 6.1 | 17d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrad… | |||
| CVE-2026-31379 | medium | 6.1 | 6.1 | 17d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of… | |||
| CVE-2026-34000 | medium | 6.1 | 6.1 | 18d ago | A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an at… | |||
| CVE-2026-45243 | medium | 6.1 | 6.1 | 18d ago | Summarize contains a missing authorization vulnerability | |||
| CVE-2026-45231 | medium | 6.1 | 6.1 | 18d ago | DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side san… | |||
| CVE-2026-29965 | medium | 6.1 | 6.1 | 18d ago | HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscate… | |||
| CVE-2026-29964 | medium | 6.1 | 6.1 | 18d ago | HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaS… | |||
| CVE-2026-8656 | medium | 6.1 | 6.1 | 20d ago | Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an appli… | |||
| CVE-2026-44366 | medium | 6.1 | 6.1 | 21d ago | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Vvveb CMS com… | |||
| CVE-2026-45314 | medium | 6.1 | 6.1 | 22d ago | Open WebUI has XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/image | |||
| CVE-2026-44898 | medium | 6.1 | 6.1 | 22d ago | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used a… | |||
| CVE-2026-41932 | medium | 6.1 | 6.1 | 22d ago | Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup::addUser() controller copies raw POST username values into the display_name fiel… | |||
| CVE-2026-24710 | medium | 6.1 | 6.1 | 22d ago | Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS. | |||
| CVE-2026-21730 | medium | 6.1 | 6.1 | 22d ago | Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and p… | |||
| CVE-2026-43644 | medium | 6.1 | 6.1 | 22d ago | podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without … | |||
| CVE-2026-6417 | medium | 6.1 | 6.1 | 22d ago | The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed_orders' parameter in all versions up to, and including, 1.4.0 due to insufficient… | |||
| CVE-2026-44437 | medium | 6.1 | 6.1 | 23d ago | The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix he… | |||
| CVE-2026-44372 | medium | 6.1 | 6.1 | 23d ago | Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after… | |||
| CVE-2026-8496 | medium | 6.1 | 6.1 | 23d ago | A cross-site scripting (XSS) vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated S… | |||
| CVE-2026-41255 | medium | 6.1 | 6.1 | 23d ago | CKAN has CSRF exemption primed by anonymous requests | |||
| CVE-2026-44580 | medium | 6.1 | 6.1 | 23d ago | Next.js has cross-site scripting in beforeInteractive scripts with untrusted input | |||
| CVE-2026-45028 | medium | 6.1 | 6.1 | 23d ago | Astro: Server island encrypted parameters vulnerable to cross-component replay | |||
| CVE-2026-44665 | medium | 6.1 | 6.1 | 23d ago | fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes | |||
| CVE-2026-44664 | medium | 6.1 | 6.1 | 23d ago | fast-xml-builder Comment Value regex can be bypassed | |||
| CVE-2026-44455 | medium | 6.1 | 6.1 | 23d ago | hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection | |||
| CVE-2026-44245 | medium | 6.1 | 6.1 | 24d ago | Kyverno policy-reporter-ui has XSS via Stored Property Values in PropertyCard Component | |||
| CVE-2026-42338 | medium | 6.1 | 6.1 | 24d ago | ip-address has XSS in Address6 HTML-emitting methods | |||
| CVE-2026-20771 | medium | 6.1 | 6.1 | 24d ago | Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an… | |||
| CVE-2026-33862 | medium | 6.1 | 6.1 | 24d ago | A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All … | |||
| CVE-2026-7561 | medium | 6.1 | 6.1 | 24d ago | The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a fu… |