Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-21
CVE-2026-22794 - Appsmith Plugin
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be generated pointing to the attacker’s domain, causing authentication tokens to be exposed and potentially leading to account takeover. This vulnerability is fixed in 1.93.
PLUGIN
Appsmith
CVE-2026-22794
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22799 - Emlog Plugin
Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint (/index.php?rest-api=upload) for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers (with a valid API key or admin session cookie) to upload arbitrary files (including malicious PHP scripts) to the server. An attacker can obtain the API key either by gaining administrator access to enable the REST API setting, or via information disclosure vulnerabilities in the application. Once uploaded, the malicious PHP file…
PLUGIN
Emlog
CVE-2026-22799
Risk Score
Threat Entry
Updated 2026-02-26
CVE-2026-22785 - Orval Plugin
orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to "break out" of the string literal and inject arbitrary code. This vulnerability is fixed in 7.18.0.
PLUGIN
Orval
CVE-2026-22785
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-22781 - TinyWeb Plugin
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows CreateProcess(). An unauthenticated remote attacker can execute arbitrary commands on the server by injecting Windows shell metacharacters into HTTP requests. This vulnerability is fixed in 1.98.
PLUGIN
TinyWeb
CVE-2026-22781
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-22783 - Iris Web Plugin
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the file_local_name field combined with path trust in the delete operation enables authenticated users to delete arbitrary filesystem paths. The vulnerability manifests through a three-step attack chain: authenticated users upload a file to the datastore, update the file's file_local_name field to point to an arbitrary filesystem path through mass assignment, then trigger the delete operation which removes the target…
PLUGIN
Iris Web
CVE-2026-22783
Risk Score
Threat Entry
Updated 2026-01-15
CVE-2026-22252 - LibreChat Plugin
LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fixed in v0.8.2-rc2.
PLUGIN
LibreChat
CVE-2026-22252
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-22688 - WeKnora Plugin
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. This issue has been patched in version 0.2.5.
PLUGIN
WeKnora
CVE-2026-22688
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-22600 - Openproject Plugin
OpenProject is an open-source, web-based project management software. A Local File Read (LFR) vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file (disguised as a PNG) as a work package attachment, an attacker can exploit the backend image processing engine (ImageMagick). When the work package is exported to PDF, the backend attempts to resize the image, triggering the ImageMagick text: coder. This allows an attacker to read arbitrary local files that the application user has permissions to…
PLUGIN
Openproject
CVE-2026-22600
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-22584 - Uni2TS Plugin
Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.
PLUGIN
Uni2TS
CVE-2026-22584
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2025-14741 - Acf Frontend Form Element Plugin
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'delete_object' function in all versions up to, and including, 3.28.25. This makes it possible for unauthenticated attackers to delete arbitrary posts, pages, products, taxonomy terms, and user accounts.
PLUGIN
Acf Frontend Form Element
CVE-2025-14741
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2025-14736 - Frontend Admin By Dynamiapps Plugin
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.25. This is due to insufficient validation of user-supplied role values in the 'validate_value', 'pre_update_value', and 'get_fields_display' functions. This makes it possible for unauthenticated attackers to register as administrators and gain complete control of the site, granted they can access a user registration form containing a Role field.
PLUGIN
Frontend Admin By Dynamiapps
CVE-2025-14736
Risk Score
Threat Entry
Updated 2026-02-18
CVE-2026-22234 - eCase Portal Plugin
OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files.
PLUGIN
eCase Portal
CVE-2026-22234
Risk Score
Threat Entry
Updated 2026-01-08
CVE-2026-22034 - Snuffleupagus Plugin
Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and configured to use one of the upstream validation scripts based on Vulcan Logic Disassembler (VLD) while the VLD extension is not available to the CLI SAPI, all files from multipart POST requests are evaluated as PHP code. The issue was fixed in version 0.13.0.
PLUGIN
Snuffleupagus
CVE-2026-22034
Risk Score
Threat Entry
Updated 2026-01-12
CVE-2026-21891 - ZimaOS Plugin
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a known system service account. The application's login function fails to properly handle the password validation result for these users, effectively granting authenticated access to anyone who knows one of these common usernames and provides any password. As of time of publication, no…
PLUGIN
ZimaOS
CVE-2026-21891
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2026-21876 - Coreruleset Plugin
The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, which means malicious charsets in earlier parts can be missed if a later part has…
PLUGIN
Coreruleset
CVE-2026-21876
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2026-21881 - Kanboard Plugin
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSE_PROXY_AUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a trusted reverse proxy. An attacker can impersonate any user, including administrators, by simply sending a spoofed HTTP header. This issue is fixed in version 1.2.49.
PLUGIN
Kanboard
CVE-2026-21881
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2026-21877 - N8n Plugin
n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended.
PLUGIN
N8n
CVE-2026-21877
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-21875 - Clipbucket V5 Plugin
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The obj_id parameter within the POST request to /actions/ajax.php is then used within the user_exists function of the upload/includes/classes/user.class. php file as the $id parameter. It is then used within the count function of the upload/includes/classes/db.class. php file. The $id parameter is concatenated into the…
PLUGIN
Clipbucket V5
CVE-2026-21875
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-21858 - N8n Plugin
n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.
PLUGIN
N8n
CVE-2026-21858
Risk Score
Threat Entry
Updated 2026-02-03
CVE-2026-21854 - Tarkov Data Manager Plugin
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoint allows any unauthenticated user to gain full admin access to the Tarkov Data Manager admin panel by exploiting a JavaScript prototype property access vulnerability, combined with loose equality type coercion. A series of fix commits on 02 January 2025 fixed this and other vulnerabilities.
PLUGIN
Tarkov Data Manager
CVE-2026-21854
Risk Score