Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-02-23
CVE-2026-0821 - Quickjs Plugin
A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue.
PLUGIN
Quickjs
CVE-2026-0821
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2025-14555 - Widget Countdown Plugin
The Countdown Timer – Widget Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdevart_countdown' shortcode in all versions up to, and including, 2.7.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Widget Countdown
CVE-2025-14555
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2025-14506 - Convertforce Popup Builder Plugin
The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gutenberg block's `entrance_animation` attribute in all versions up to, and including, 0.0.7. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Convertforce Popup Builder
CVE-2025-14506
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-0831 - Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! Plugin
The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and `ai_page_ids` are used to construct file paths without proper sanitization. This makes it possible for unauthenticated attackers to write arbitrary `.ai.json` files to locations within the uploads directory.
PLUGIN
Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!
CVE-2026-0831
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2025-14976 - User Registration Plugin
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce validation on the 'process_row_actions' function with the 'delete' action. This makes it possible for unauthenticated attackers to delete arbitrary post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
User Registration
CVE-2025-14976
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22773 - Vllm Plugin
vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. This issue has been patched in version 0.12.0.
PLUGIN
Vllm
CVE-2026-22773
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-22705 - Signatures Plugin
RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. This issue has been patched in version 0.1.0-rc.2.
PLUGIN
Signatures
CVE-2026-22705
Risk Score
Threat Entry
Updated 2026-02-05
CVE-2026-22703 - Cosign Plugin
Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor entry, Cosign verifies the Rekor entry signature, and also compares the artifact's digest, the user's public key from either a Fulcio certificate or provided by the user, and the artifact signature to the Rekor entry contents. Without these comparisons, Cosign would accept any response…
PLUGIN
Cosign
CVE-2026-22703
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2025-14948 - Miniorange Otp Verification And Sms Notification For Woocommerce Plugin
The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `enable_wc_sms_notification` AJAX action in all versions up to, and including, 4.3.8. This makes it possible for unauthenticated attackers to enable or disable SMS notification settings for WooCommerce orders.
PLUGIN
Miniorange Otp Verification And Sms Notification For Woocommerce
CVE-2025-14948
Risk Score
Threat Entry
Updated 2026-02-18
CVE-2026-22702 - Virtualenv Plugin
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's app_data and lock file operations to attacker-controlled locations. This issue has been patched in version 20.36.1.
PLUGIN
Virtualenv
CVE-2026-22702
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2025-14943 - Blog2social Plugin
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that a user has the 'read' capability (Subscriber-level) and a valid nonce, but fails to verify whether the user has permission to access the specific post being requested. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract data from password-protected, private, or draft posts.
PLUGIN
Blog2social
CVE-2025-14943
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-22701 - Filelock Plugin
filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition between the permission validation and file creation to cause lock operations to fail or behave unexpectedly. The vulnerability occurs in the _acquire() method between raise_on_not_writable_file() (permission check) and os.open() (file creation). During this race window, an attacker can create a symlink at the lock file path, potentially causing…
PLUGIN
Filelock
CVE-2026-22701
Risk Score
Threat Entry
Updated 2026-02-18
CVE-2026-22693 - Harfbuzz Plugin
HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and…
PLUGIN
Harfbuzz
CVE-2026-22693
Risk Score
Threat Entry
Updated 2026-02-18
CVE-2026-22689 - Mailpit Plugin
Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking (CSWSH) vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailpit locally, establishes a WebSocket connection to the victim's Mailpit instance (default ws://localhost:8025). This allows the attacker to intercept sensitive data such as email contents, headers, and server statistics in real-time. This issue has been patched in…
PLUGIN
Mailpit
CVE-2026-22689
Risk Score
Threat Entry
Updated 2026-01-15
CVE-2026-22596 - Ghost Plugin
Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in versions 5.130.6 and 6.11.0.
PLUGIN
Ghost
CVE-2026-22596
Risk Score
Threat Entry
Updated 2026-02-05
CVE-2026-22030 - React Router Plugin
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router (or Remix v2) is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. There is no impact if Declarative Mode () or Data Mode (createBrowserRouter/) is being used. This issue has been patched in @remix-run/server-runtime version 2.17.3 and react-router version 7.12.0.
PLUGIN
React Router
CVE-2026-22030
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-22604 - Openproject Plugin
OpenProject is an open-source, web-based project management software. For OpenProject versions from 11.2.1 to before 16.6.2, when sending a POST request to the /account/change_password endpoint with an arbitrary User ID as the password_change_user_id parameter, the resulting error page would show the username for the requested user. Since this endpoint is intended to be called without being authenticated, this allows to enumerate the user names of all accounts registered in an OpenProject instance. This issue has been patched in version 16.6.2.
PLUGIN
Openproject
CVE-2026-22604
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-22603 - Openproject Plugin
OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, OpenProject’s unauthenticated password-change endpoint (/account/change_password) was not protected by the same brute-force safeguards that apply to the normal login form. In affected versions, an attacker who can guess or enumerate user IDs can send unlimited password-change requests for a given account without triggering lockout or other rate-limiting controls. This allows automated password-guessing (e.g., with wordlists of common passwords) against valid accounts. Successful guessing results in full account compromise for the targeted user and, depending on that user’s role,…
PLUGIN
Openproject
CVE-2026-22603
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-22605 - Openproject Plugin
OpenProject is an open-source, web-based project management software. OpenProject versions prior to version 16.6.3, allowed users with the View Meetings permission on any project, to access meeting details of meetings that belonged to projects, the user does not have access to. This issue has been patched in version 16.6.3.
PLUGIN
Openproject
CVE-2026-22605
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-22025 - CryptoLib Plugin
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP status code, cryptography_encrypt() and cryptography_decrypt() return immediately without freeing previously allocated buffers. Each failed request leaks approximately 467 bytes. Repeated failures (from a malicious server or network issues) can gradually exhaust memory. This issue has been patched in version 1.4.3.
PLUGIN
CryptoLib
CVE-2026-22025
Risk Score