Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-02-12
CVE-2026-0404 - RBR750 Plugin
An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.
PLUGIN
RBR750
CVE-2026-0404
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-0885 - Firefox ESR Plugin
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
PLUGIN
Firefox ESR
CVE-2026-0885
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-0890 - Firefox ESR Plugin
Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
PLUGIN
Firefox ESR
CVE-2026-0890
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-0888 - Firefox Plugin
Information disclosure in the XML component. This vulnerability affects Firefox < 147 and Thunderbird < 147.
PLUGIN
Firefox
CVE-2026-0888
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-0886 - Firefox ESR Plugin
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
PLUGIN
Firefox ESR
CVE-2026-0886
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-0887 - Firefox ESR Plugin
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
PLUGIN
Firefox ESR
CVE-2026-0887
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-0883 - Firefox ESR Plugin
Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
PLUGIN
Firefox ESR
CVE-2026-0883
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-0684 - Cp Image Store Plugin
The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis_admin_init' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and above, to import arbitrary products via XML, if the XML file has already been uploaded to the server.
PLUGIN
Cp Image Store
CVE-2026-0684
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2025-14507 - Bookings And Tickets Plugin
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names, email addresses, ticket details, payment information, and order keys when the API is enabled by an administrator. The vulnerability was partially patched in version 4.2.7.0.
PLUGIN
Bookings And Tickets
CVE-2025-14507
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-0859 - TYPO3 CMS Plugin
TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.
PLUGIN
TYPO3 CMS
CVE-2026-0859
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2025-14001 - Wp Duplicate Page Plugin
The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate arbitrary posts, pages, and WooCommerce HPOS orders even when their role is explicitly excluded from the plugin's "Allowed User Roles" setting, potentially exposing sensitive information and allowing duplicate fulfillment of WooCommerce orders.
PLUGIN
Wp Duplicate Page
CVE-2025-14001
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-0514 - SAP Business Connector Plugin
Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redirected to a site controlled by the attacker. Successful exploitation could allow the attacker to access or modify information related to the webclient, impacting confidentiality and integrity, with no effect on availability.
PLUGIN
SAP Business Connector
CVE-2026-0514
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-0513 - SAP Supplier Relationship Management (SICF Handler in SRM Catalog) Plugin
Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application. Confidentiality and availability are not impacted.
PLUGIN
SAP Supplier Relationship Management (SICF Handler in SRM Catalog)
CVE-2026-0513
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0503 - SAP ERP Central Component and SAP S/4HANA (SAP EHS Management) Plugin
Due to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management), an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful exploitation, the attacker can access, modify or delete certain change pointer information within EHS objects in the application which might further affect the subsequent systems. This vulnerability leads to a low impact on confidentiality and integrity of the application with no affect on the availability.
PLUGIN
SAP ERP Central Component and SAP S/4HANA (SAP EHS Management)
CVE-2026-0503
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0499 - SAP NetWeaver Enterprise Portal Plugin
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application's confidentiality and integrity, with no impact on availability.
PLUGIN
SAP NetWeaver Enterprise Portal
CVE-2026-0499
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0497 - Business Server Pages Application (Product Designer Web UI) Plugin
SAP Product Designer Web UI of Business Server Pages allows authenticated non-administrative users to access non-sensitive information. This results in a low impact on confidentiality, with no impact on integrity or availability of the application.
PLUGIN
Business Server Pages Application (Product Designer Web UI)
CVE-2026-0497
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0496 - SAP Fiori App (Intercompany Balance Reconciliation) Plugin
SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file (including script files) without proper file format validation. This has low impact on confidentiality, integrity and availability of the application.
PLUGIN
SAP Fiori App (Intercompany Balance Reconciliation)
CVE-2026-0496
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0495 - SAP Fiori App (Intercompany Balance Reconciliation) Plugin
SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to send uploaded files to arbitrary emails which could enable effective phishing campaigns. This has low impact on confidentiality, integrity and availability of the application.
PLUGIN
SAP Fiori App (Intercompany Balance Reconciliation)
CVE-2026-0495
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0494 - SAP Fiori App (Intercompany Balance Reconciliation) Plugin
Under certain conditions SAP Fiori App Intercompany Balance Reconciliation application allows an attacker to access information which would otherwise be restricted. This has low impact on confidentiality of the application, integrity and availability are not impacted.
PLUGIN
SAP Fiori App (Intercompany Balance Reconciliation)
CVE-2026-0494
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0493 - SAP Fiori App (Intercompany Balance Reconciliation) Plugin
Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App Intercompany Balance Reconciliation an attacker could execute state?changing actions using an inappropriate request type, this deviation from expected request semantics may allow an attacker to trigger unintended actions on behalf of an authenticated user causing low impact on integrity of the system. This has no impact on confidentiality and availability.
PLUGIN
SAP Fiori App (Intercompany Balance Reconciliation)
CVE-2026-0493
Risk Score