Common Vulnerabilities and Exposures (CVE)

CVE-2026-3953

May 7, 2026 11:20:11 UTC

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting (XSS), Reflected XSS. This issue affects Pr...

CVE-2026-33589

May 7, 2026 10:31:52 UTC

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.

CVE-2026-33588

May 7, 2026 10:28:09 UTC

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.

CVE-2026-28201

May 7, 2026 10:23:57 UTC

An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malici...

CVE-2026-33587

May 7, 2026 10:22:16 UTC

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.

CVE-2026-27415

May 7, 2026 10:20:28 UTC

Cross-Site Request Forgery (CSRF) vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5.

CVE-2026-6805

May 7, 2026 09:45:42 UTC

Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.

CVE-2023-6460

May 7, 2026 09:22:52 UTC

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read acc...

CVE-2026-27416

May 7, 2026 08:38:15 UTC

Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1.

CVE-2024-43384

May 7, 2026 08:37:04 UTC

A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.

CVE-2025-1978

May 7, 2026 08:05:42 UTC

Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, ...

CVE-2025-62127

May 7, 2026 07:54:04 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a through 3.4.0.

CVE-2025-66105

May 7, 2026 07:46:34 UTC

Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket Booking with Seat Reservation: from n/a ...

CVE-2025-68060

May 7, 2026 07:44:12 UTC

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection. This issue affects Team Member: from n/a through 8.5.

CVE-2025-68604

May 7, 2026 07:40:27 UTC

Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3.