Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-12
CVE-2026-21674 - iccDEV Plugin
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path (iccFromXml). This issue is fixed in version 2.3.1.1.
PLUGIN
iccDEV
CVE-2026-21674
Risk Score
Threat Entry
Updated 2026-01-08
CVE-2025-15364 - Download Manager Plugin
The Download Manager plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.40. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change user's passwords, except administrators, and leverage that to gain access to their account.
PLUGIN
Download Manager
CVE-2025-15364
Risk Score
Threat Entry
Updated 2026-01-12
CVE-2026-21507 - iccDEV Plugin
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1.
PLUGIN
iccDEV
CVE-2026-21507
Risk Score
Threat Entry
Updated 2026-01-12
CVE-2026-21439 - Badkeys Plugin
badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line tool. This impacts scanning DKIM keys (both --dkim and --dkim-dns), SSH keys (--ssh-lines mode), and filenames in various modes. This issue is fixed in version 0.0.16.
PLUGIN
Badkeys
CVE-2026-21439
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2026-0607 - Online Music Site Plugin
A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminViewSongs.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
PLUGIN
Online Music Site
CVE-2026-0607
Risk Score
Threat Entry
Updated 2026-01-12
CVE-2026-0606 - Online Music Site Plugin
A vulnerability was detected in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /FrontEnd/Albums.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
PLUGIN
Online Music Site
CVE-2026-0606
Risk Score
Threat Entry
Updated 2026-01-08
CVE-2026-0625 - DIR-600 Plugin
Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DNS settings without valid credentials, enabling DNS hijacking (“DNSChanger”) attacks that redirect user traffic to attacker-controlled infrastructure. In 2019, D-Link reported that this behavior was leveraged by the "GhostDNS" malware ecosystem targeting consumer and carrier routers. All impacted products were subsequently designated end-of-life/end-of-service, and no longer receive security updates. Exploitation evidence was observed…
PLUGIN
DIR-600
CVE-2026-0625
Risk Score
Threat Entry
Updated 2026-01-30
CVE-2026-0621 - MCP TypeScript SDK Plugin
Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service (ReDoS) vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested quantifiers that can trigger catastrophic backtracking on specially crafted inputs, resulting in excessive CPU consumption. An attacker can exploit this by supplying a malicious URI that causes the Node.js process to become unresponsive, leading to a denial of service.
PLUGIN
MCP TypeScript SDK
CVE-2026-0621
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2026-0605 - Online Music Site Plugin
A security vulnerability has been detected in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Such manipulation of the argument username/password leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
PLUGIN
Online Music Site
CVE-2026-0605
Risk Score
Threat Entry
Updated 2026-01-30
CVE-2026-21633 - UniFi Protect Application Plugin
A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.
PLUGIN
UniFi Protect Application
CVE-2026-21633
Risk Score
Threat Entry
Updated 2026-01-30
CVE-2026-21634 - UniFi Protect Application Plugin
A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.
PLUGIN
UniFi Protect Application
CVE-2026-21634
Risk Score
Threat Entry
Updated 2026-01-30
CVE-2026-21635 - UniFi Connect EV Station Lite Plugin
An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.
PLUGIN
UniFi Connect EV Station Lite
CVE-2026-21635
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-0597 - Supplier Management System Plugin
A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
PLUGIN
Supplier Management System
CVE-2026-0597
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-0592 - Online Product Reservation System Plugin
A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This affects an unknown function of the file /handgunner-administrator/register_code.php of the component User Registration Handler. Performing a manipulation of the argument fname/lname/address/city/province/country/zip/tel_no/email/username results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
PLUGIN
Online Product Reservation System
CVE-2026-0592
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-0591 - Online Product Reservation System Plugin
A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Handler. Such manipulation of the argument id/qty leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
PLUGIN
Online Product Reservation System
CVE-2026-0591
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-0589 - Online Product Reservation System Plugin
A vulnerability was found in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the component Administration Backend. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made public and could be used.
PLUGIN
Online Product Reservation System
CVE-2026-0589
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-0590 - Online Product Reservation System Plugin
A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
PLUGIN
Online Product Reservation System
CVE-2026-0590
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-0588 - Rainrock RockOA Plugin
A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
PLUGIN
Rainrock RockOA
CVE-2026-0588
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-0586 - Online Product Reservation System Plugin
A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunner-administrator/prod.php. Performing a manipulation of the argument cat results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.
PLUGIN
Online Product Reservation System
CVE-2026-0586
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-0587 - Rainrock RockOA Plugin
A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_gong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
PLUGIN
Rainrock RockOA
CVE-2026-0587
Risk Score