Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-22
CVE-2026-0880 - Firefox ESR Plugin
Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
PLUGIN
Firefox ESR
CVE-2026-0880
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-0877 - Firefox ESR Plugin
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
PLUGIN
Firefox ESR
CVE-2026-0877
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-0878 - Firefox ESR Plugin
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
PLUGIN
Firefox ESR
CVE-2026-0878
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-0883 - Firefox ESR Plugin
Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
PLUGIN
Firefox ESR
CVE-2026-0883
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-0684 - Cp Image Store Plugin
The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis_admin_init' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and above, to import arbitrary products via XML, if the XML file has already been uploaded to the server.
PLUGIN
Cp Image Store
CVE-2026-0684
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2025-9427 - WordPress Core
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lemonsoft WordPress add on allows Cross-Site Scripting (XSS).This issue affects WordPress add on: 2025.7.1.
CORE
WordPress Core
CVE-2025-9427
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2025-14507 - Bookings And Tickets Plugin
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names, email addresses, ticket details, payment information, and order keys when the API is enabled by an administrator. The vulnerability was partially patched in version 4.2.7.0.
PLUGIN
Bookings And Tickets
CVE-2025-14507
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-0859 - TYPO3 CMS Plugin
TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.
PLUGIN
TYPO3 CMS
CVE-2026-0859
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2025-14001 - Wp Duplicate Page Plugin
The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate arbitrary posts, pages, and WooCommerce HPOS orders even when their role is explicitly excluded from the plugin's "Allowed User Roles" setting, potentially exposing sensitive information and allowing duplicate fulfillment of WooCommerce orders.
PLUGIN
Wp Duplicate Page
CVE-2025-14001
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2025-10915 - Dreamer Blog Theme
The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check.
THEME
Dreamer Blog
CVE-2025-10915
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2025-14829 - Through 2 Plugin
The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.
PLUGIN
Through 2
CVE-2025-14829
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-0514 - SAP Business Connector Plugin
Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redirected to a site controlled by the attacker. Successful exploitation could allow the attacker to access or modify information related to the webclient, impacting confidentiality and integrity, with no effect on availability.
PLUGIN
SAP Business Connector
CVE-2026-0514
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0507 - SAP Application Server for ABAP and SAP NetWeaver RFCSDK Plugin
Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.
PLUGIN
SAP Application Server for ABAP and SAP NetWeaver RFCSDK
CVE-2026-0507
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0511 - SAP Fiori App (Intercompany Balance Reconciliation) Plugin
SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has high impact on confidentiality and integrity of the application ,availability is not impacted.
PLUGIN
SAP Fiori App (Intercompany Balance Reconciliation)
CVE-2026-0511
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-0506 - SAP NetWeaver Application Server ABAP and ABAP Platform Plugin
Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs and invoke system functionality exposed via FORMs, resulting in a high impact on integrity and availability, while confidentiality remains unaffected.
PLUGIN
SAP NetWeaver Application Server ABAP and ABAP Platform
CVE-2026-0506
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-0513 - SAP Supplier Relationship Management (SICF Handler in SRM Catalog) Plugin
Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application. Confidentiality and availability are not impacted.
PLUGIN
SAP Supplier Relationship Management (SICF Handler in SRM Catalog)
CVE-2026-0513
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0504 - SAP Identity Management Plugin
Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. This may lead to limited disclosure or modification of data, resulting in low impact on confidentiality and integrity, with no impact on application availability.
PLUGIN
SAP Identity Management
CVE-2026-0504
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0510 - NW AS Java UME User Mapping Plugin
The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially leading to partial disclosure of sensitive information.This has low impact on confidentiality with no impact on integrity and availability of the application.
PLUGIN
NW AS Java UME User Mapping
CVE-2026-0510
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0501 - SAP S/4HANA Private Cloud and On-Premise (Financials � General Ledger) Plugin
Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity, and availability of the application.
PLUGIN
SAP S/4HANA Private Cloud and On-Premise (Financials � General Ledger)
CVE-2026-0501
Risk Score
Threat Entry
Updated 2026-01-22
CVE-2026-0500 - SAP Wily Introscope Enterprise Manager (WorkStation) Plugin
Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (WorkStation), an unauthenticated attacker could create a malicious JNLP (Java Network Launch Protocol) file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope Server could execute OS commands on the victim's machine. This could completely compromising confidentiality, integrity and availability of the system.
PLUGIN
SAP Wily Introscope Enterprise Manager (WorkStation)
CVE-2026-0500
Risk Score