CVE ID :CVE-2026-4021 Published : March 24, 2026, 12:16 a.m. | 17 minutes ago Description :The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in…
CVE-2026-4001 – Woocommerce Custom Product Addons Pro <= 5.4.1 – Unauthenticated Remote Code Execution via Custom Pricing Formula
CVE ID :CVE-2026-4001 Published : March 24, 2026, 12:16 a.m. | 17 minutes ago Description :The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions…
CVE-2026-3533 – JupiterX Core <= 4.14.1 – Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import
CVE ID :CVE-2026-3533 Published : March 24, 2026, 12:16 a.m. | 17 minutes ago Description :The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on…
CVE-2026-33286 – Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
CVE ID :CVE-2026-33286 Published : March 24, 2026, 12:16 a.m. | 17 minutes ago Description :Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions…
CVE-2026-33241 – Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing
CVE ID :CVE-2026-33241 Published : March 24, 2026, 12:16 a.m. | 17 minutes ago Description :Salvo is a Rust web framework. Prior to version 0.89.3, Salvo’s form data parsing implementations (`form_data()` method and…
CVE-2026-4565 – Tenda AC21 SetNetControlList formSetQosBand buffer overflow
CVE ID :CVE-2026-4565 Published : March 23, 2026, 1:16 a.m. | 47 minutes ago Description :A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing…
CVE-2026-4606 – GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege
CVE ID :CVE-2026-4606 Published : March 23, 2026, 1:05 a.m. | 58 minutes ago Description :GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to…
CVE-2026-4558 – Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection
CVE ID :CVE-2026-4558 Published : March 22, 2026, 6:16 p.m. | 5 hours, 47 minutes ago Description :A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file…
CVE-2026-4555 – D-Link DIR-513 boa formEasySetTimezone memory corruption
CVE ID :CVE-2026-4555 Published : March 22, 2026, 5:17 p.m. | 6 hours, 46 minutes ago Description :A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of…
CVE-2026-33295 – AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php
CVE ID :CVE-2026-33295 Published : March 22, 2026, 5:17 p.m. | 6 hours, 46 minutes ago Description :WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site…