Common Vulnerabilities and Exposures (CVE)

CVE-2026-12731

Jul 7, 2026 17:01:35 UTC

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' Block Attributes in all versions up to, and includin...

CVE-2026-13040

Jul 7, 2026 17:01:29 UTC

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'real_val__' parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and outp...

CVE-2026-9725

Jul 7, 2026 17:01:23 UTC

The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the store_design_data() functio...

CVE-2026-11900

Jul 7, 2026 17:01:17 UTC

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the [adinserter] shortcode. This is due to the replace_ai_t...

CVE-2026-4360

Jul 7, 2026 17:01:15 UTC

In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the us...

CVE-2026-44269

Jul 7, 2026 17:01:11 UTC

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link re...

CVE-2026-58379

Jul 7, 2026 17:01:01 UTC

A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially ...

CVE-2026-57851

Jul 7, 2026 17:00:55 UTC

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by ac...

CVE-2026-20779

Jul 7, 2026 17:00:54 UTC

Gitea versions from 1.5.0 before 1.26.3 have a TOTP single-use enforcement defect that allows a valid TOTP code to be accepted more than once across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path.

CVE-2026-20896

Jul 7, 2026 17:00:46 UTC

Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.

CVE-2026-20909

Jul 7, 2026 17:00:40 UTC

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries.

CVE-2026-22547

Jul 7, 2026 17:00:34 UTC

Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values.

CVE-2026-22874

Jul 7, 2026 17:00:28 UTC

Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering.

CVE-2026-24451

Jul 7, 2026 17:00:21 UTC

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized.

CVE-2026-24690

Jul 7, 2026 17:00:15 UTC

Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches.