Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-hvv7-hfrh-7gxj |
6.5 (3.1)
|
Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenti… | 2026-05-23T00:18:33Z | 2026-05-23T00:18:34Z |
| ghsa-99gv-2m7h-3hh9 |
9.9 (3.1)
|
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron | 2026-05-23T00:17:58Z | 2026-05-23T00:17:58Z |
| ghsa-jpjh-jm2p-39hh |
8.8 (3.1)
|
Arcane: Missing admin authorization on global variables endpoint | 2026-05-23T00:16:56Z | 2026-05-23T00:16:56Z |
| ghsa-ggxf-37hm-9wqf |
6.5 (3.1)
|
instagrapi: Unsafe signup challenge path handling in instagrapi | 2026-05-23T00:12:34Z | 2026-05-23T00:12:34Z |
| ghsa-jh37-x3fv-4x72 |
6.5 (3.1)
|
aiograpi: Unsafe signup challenge path handling | 2026-05-23T00:11:53Z | 2026-05-23T00:11:53Z |
| ghsa-38m6-82c8-4xfm |
8.7 (4.0)
|
Parse Server: Pre-authentication denial of service via client version header regex backtracking | 2026-05-23T00:11:25Z | 2026-05-23T00:11:25Z |
| ghsa-rxf6-wjh4-jfj6 |
5.4 (3.1)
|
Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ow… | 2026-05-23T00:08:45Z | 2026-05-23T00:08:45Z |
| ghsa-w4g9-mxgg-j532 |
8.5 (3.1)
|
Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/not… | 2026-05-23T00:08:04Z | 2026-05-23T00:08:04Z |
| ghsa-97r5-pg8x-p63p |
|
Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance | 2026-05-22T17:48:54Z | 2026-05-22T17:48:54Z |
| ghsa-7m8f-hgjq-8gc9 |
7.5 (3.1)
|
aiosend: Deserialization of request body before signature verification (Pre-auth DoS) in webhook handler | 2026-05-22T17:27:56Z | 2026-05-22T17:27:56Z |
| ghsa-q8mj-m7cp-5q26 |
5.3 (3.1)
6.3 (4.0)
|
qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in… | 2026-05-22T17:27:19Z | 2026-05-22T17:27:19Z |
| ghsa-qqqm-5547-774x |
9.3 (4.0)
|
FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory | 2026-05-22T17:26:25Z | 2026-05-22T17:26:25Z |
| ghsa-jwvv-qr7q-cv8j |
9.8 (3.1)
|
YesWiki: Unauthenticated SQL Injection | 2026-05-22T15:39:07Z | 2026-05-22T15:39:07Z |
| ghsa-6gxq-f64p-5w6f |
5.7 (3.1)
|
ImageMagick: Heap Buffer Over-Read in distributed pixel cache server | 2026-05-22T13:14:38Z | 2026-05-22T13:14:38Z |
| ghsa-2rgj-gx5x-f62w |
4.1 (3.1)
|
ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a cha… | 2026-05-22T13:14:02Z | 2026-05-22T13:14:02Z |
| ghsa-4g75-9r48-jf92 |
4.1 (3.1)
|
ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking | 2026-05-22T13:11:29Z | 2026-05-22T13:11:29Z |
| ghsa-p93h-f2jc-477j |
4.1 (3.1)
|
ImageMagick: Heap Buffer Over-Write in distributed pixel cache server | 2026-05-22T13:10:55Z | 2026-05-22T13:10:55Z |
| ghsa-x7jf-v64x-878j |
5.3 (3.1)
|
The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versi… | 2026-05-22T09:31:28Z | 2026-05-22T09:31:28Z |
| ghsa-x4qq-w73c-72mv |
5.4 (3.1)
|
A broken access control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior ver… | 2026-05-22T09:31:28Z | 2026-05-22T09:31:28Z |
| ghsa-pq4x-338r-cq3h |
5.4 (3.1)
|
The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and … | 2026-05-22T09:31:28Z | 2026-05-22T09:31:28Z |
| ghsa-jrc7-p252-6hpq |
4.3 (3.1)
|
The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions… | 2026-05-22T09:31:28Z | 2026-05-22T09:31:28Z |
| ghsa-hvqp-vjwf-27jg |
7.5 (3.1)
|
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions… | 2026-05-22T09:31:28Z | 2026-05-22T09:31:28Z |
| ghsa-hg7j-7v3f-fjq2 |
7.5 (3.1)
|
The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to autho… | 2026-05-22T09:31:28Z | 2026-05-22T09:31:28Z |
| ghsa-92j9-vfpr-4xhf |
4.3 (3.1)
|
The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordP… | 2026-05-22T09:31:28Z | 2026-05-22T09:31:28Z |
| ghsa-273r-585g-q7wv |
4.3 (3.1)
|
The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable … | 2026-05-22T09:31:28Z | 2026-05-22T09:31:28Z |
| ghsa-jvg6-x4cw-2wj7 |
8.8 (3.1)
|
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to … | 2026-05-22T06:31:39Z | 2026-05-22T06:31:39Z |
| ghsa-v8xg-3gv8-m4wc |
4.3 (3.1)
|
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ver… | 2026-05-22T06:31:38Z | 2026-05-22T06:31:38Z |
| ghsa-p9mp-xq3w-289v |
6.1 (3.1)
|
The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'short… | 2026-05-22T06:31:38Z | 2026-05-22T06:31:38Z |
| ghsa-m4c4-9rgw-f76c |
6.4 (3.1)
|
The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's… | 2026-05-22T06:31:38Z | 2026-05-22T06:31:39Z |
| ghsa-jjqp-72fq-xmqp |
4.3 (3.1)
|
The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activat… | 2026-05-22T06:31:38Z | 2026-05-22T06:31:38Z |