Common Vulnerabilities and Exposures (CVE)

CVE-2026-3178

Mar 11, 2026 11:09:10 UTC

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' parameter in all versions up to, and including, 1.32.1 due to insufficient input sanitization and output escaping. This makes...

CVE-2026-3805

Mar 11, 2026 10:16:34 UTC

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

CVE-2026-3784

Mar 11, 2026 10:16:32 UTC

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

CVE-2026-3783

Mar 11, 2026 10:16:31 UTC

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redir...

CVE-2026-1965

Mar 11, 2026 10:08:52 UTC

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to a...

CVE-2025-9820

Mar 11, 2026 10:00:24 UTC

A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-siz...

CVE-2025-14087

Mar 11, 2026 09:55:03 UTC

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously...

CVE-2026-3231

Mar 11, 2026 09:25:44 UTC

The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted through the WooCommerce Block Checkout Store API in all...

CVE-2026-3906

Mar 11, 2026 09:25:44 UTC

WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature (block-level collaboration annotations) was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. ...

CVE-2026-3492

Mar 11, 2026 09:25:43 UTC

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the `create_from_template` AJAX endpoin...

CVE-2026-1992

Mar 11, 2026 09:25:43 UTC

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the `store_settings()` method in the `ExactMetrics_Onboarding` class accept...

CVE-2026-1993

Mar 11, 2026 09:25:42 UTC

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the `update_settings()` function accepting arbitrary plugin setting names with...

CVE-2025-54820

Mar 11, 2026 09:05:59 UTC

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauth...

CVE-2025-14831

Mar 11, 2026 08:48:55 UTC

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and...

CVE-2026-1454

Mar 11, 2026 08:24:46 UTC

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 via form field submissions. This is due to insufficient input sanitiz...