Common Vulnerabilities and Exposures (CVE)

CVE-2026-25468

May 7, 2026 07:37:59 UTC

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8.

CVE-2026-27329

May 7, 2026 07:35:51 UTC

Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0...

CVE-2026-25436

May 7, 2026 07:34:02 UTC

Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a before 1.7.1053.

CVE-2026-44407

May 7, 2026 07:33:17 UTC

A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.

CVE-2026-27421

May 7, 2026 07:31:53 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a before 1.7.1053.

CVE-2025-2514

May 7, 2026 07:30:28 UTC

Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E...

CVE-2025-2418

May 7, 2026 07:20:00 UTC

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows Phishing. This issue affects Web Application Firewall: from 4.30 before v1.4.0.117.

CVE-2026-4430

May 7, 2026 07:16:18 UTC

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.

CVE-2025-9661

May 7, 2026 07:08:14 UTC

OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04...

CVE-2026-31431

May 7, 2026 06:58:58 UTC

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in opera...

CVE-2025-37756

May 7, 2026 06:58:56 UTC

In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unexpected corner cases. I have a vague recol...

CVE-2026-44406

May 7, 2026 06:49:54 UTC

ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.co...

CVE-2026-7163

May 7, 2026 06:28:07 UTC

A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative c...

CVE-2026-41586

May 7, 2026 05:12:35 UTC

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call O...

CVE-2026-41143

May 7, 2026 05:08:23 UTC

YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data['id_fiche'] value (sourced from $_POST['id_fiche'])...