Common Vulnerabilities and Exposures (CVE)

CVE-2026-1916

Feb 25, 2026 08:25:31 UTC

The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the `wpgsi_callBackFuncAccept` and `wpgsi_callB...

CVE-2026-2479

Feb 25, 2026 08:25:30 UTC

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of `strpos()` for substring-based hostname validation instead of strict ...

CVE-2026-3170

Feb 25, 2026 08:02:07 UTC

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown function of the file /patient-search.php. The manipulation of the argument First Name/Last Name results i...

CVE-2025-29481

Feb 25, 2026 07:51:20 UTC

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be ...

CVE-2025-29628

Feb 25, 2026 07:37:32 UTC

An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via a request

CVE-2026-3169

Feb 25, 2026 07:32:10 UTC

A security vulnerability has been detected in Tenda F453 1.0.0.3. This impacts the function fromSafeEmailFilter of the file /goform/SafeEmailFilter of the component httpd. The manipulation of the argument page leads to buffer overflow. Remo...

CVE-2025-11563

Feb 25, 2026 07:24:31 UTC

URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool.

CVE-2026-3168

Feb 25, 2026 07:02:14 UTC

A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromNatStaticSetting of the file /goform/NatStaticSetting of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The...

CVE-2026-3167

Feb 25, 2026 07:02:09 UTC

A security flaw has been discovered in Tenda F453 1.0.0.3. The impacted element is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component httpd. Performing a manipulation of the argument webSiteId results in buf...

CVE-2026-1614

Feb 25, 2026 06:54:51 UTC

The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘logoTag’ Site Identity block attribute in all versions up to, and including, 3.7 due to insufficient input saniti...

CVE-2026-3166

Feb 25, 2026 06:32:09 UTC

A vulnerability was identified in Tenda F453 1.0.0.3. The affected element is the function fromRouteStatic of the file /goform/RouteStatic of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack c...

CVE-2026-3179

Feb 25, 2026 06:23:28 UTC

The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to ...

CVE-2026-3100

Feb 25, 2026 06:13:16 UTC

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic ...

CVE-2026-3165

Feb 25, 2026 06:02:12 UTC

A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the component httpd. This manipulation of the argument mit_ssid causes buffer overflow. The attack ...

CVE-2026-3164

Feb 25, 2026 06:02:08 UTC

A vulnerability was found in itsourcecode News Portal Project 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulation of the argument pagetitle results in sql injection. It is possible to launch th...