Common Vulnerabilities and Exposures (CVE)
CVE-2026-1456
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially ...
CVE-2026-1458
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by...
CVE-2025-25207
The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization proc...
CVE-2026-1761
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted mult...
CVE-2026-0719
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due t...
CVE-2025-63386
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow...
CVE-2025-15096
The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to upda...
CVE-2026-2295
The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_post_grid_load_more' function in all versions up to, and includin...
CVE-2025-13651
Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31.
CVE-2025-13650
An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injectin...
CVE-2025-13649
An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by inject...
CVE-2025-13648
An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and ...
CVE-2025-9986
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025.
CVE-2026-1827
The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's codeflask shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on use...
CVE-2026-0815
The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible ...