Common Vulnerabilities and Exposures (CVE)

CVE-2026-3876

Apr 16, 2026 14:13:20 UTC

The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismatic_encoded' pseudo-shortcode in all versions up to, and including, 3.7.3. This is due to insufficient input sanitization and output escaping on ...

CVE-2021-23840

Apr 16, 2026 14:12:36 UTC

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the ret...

CVE-2026-4160

Apr 16, 2026 14:12:35 UTC

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submission_id' parameter in versions up to, and including, 6.1.21. Th...

CVE-2021-3712

Apr 16, 2026 14:11:16 UTC

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer...

CVE-2026-40256

Apr 16, 2026 14:11:15 UTC

Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses startswith against the repository root pat...

CVE-2020-1968

Apr 16, 2026 14:10:35 UTC

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result i...

CVE-2026-33220

Apr 16, 2026 14:10:15 UTC

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are u...

CVE-2026-6370

Apr 16, 2026 14:09:47 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Mini Ajax Cart for WooCommerce allows Stored XSS.This issue affects Mini Ajax Cart for WooCommerce: from n/a through 1.3.4.

CVE-2021-22922

Apr 16, 2026 14:09:32 UTC

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of differe...

CVE-2026-40104

Apr 16, 2026 14:08:58 UTC

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as /xwi...

CVE-2018-16840

Apr 16, 2026 14:08:57 UTC

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a str...

CVE-2019-5481

Apr 16, 2026 14:08:12 UTC

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

CVE-2020-8285

Apr 16, 2026 14:07:21 UTC

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

CVE-2026-40499

Apr 16, 2026 14:06:54 UTC

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attack...

CVE-2026-6372

Apr 16, 2026 14:06:37 UTC

Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a through 2.0.5.