Threat Intelligence Feed

CVE-2026-7670 A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSumma CVE-2026-6481 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2026-7669 A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function get_tokenizer of the file pytho CVE-2026-7668 A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in CVE-2026-7653 A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function open_image_ CVE-2026-7645 A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function export_s CVE-2026-7644 A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the fil CVE-2026-7643 A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of t CVE-2026-7642 A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function download_website of th CVE-2026-7633 A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function setUploadSetting of the CVE-2026-7632 A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function CVE-2026-7631 A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown fun CVE-2026-7630 A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallService CVE-2026-7629 A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of t CVE-2026-3504 The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Infor CVE-2026-2554 The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is CVE-2026-0703 The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CVE-2026-7628 A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function execu CVE-2026-6817 The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate_reason' parameter CVE-2026-6525 IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 CVE-2026-6320 The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and CVE-2026-4790 The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored C CVE-2026-4100 The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhoo CVE-2026-4062 The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_i CVE-2026-4061 The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all v CVE-2026-4060 The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions u CVE-2026-7627 A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function Call CVE-2026-7612 A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the fil CVE-2026-7611 A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev CVE-2026-7610 A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi CVE-2026-7609 A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the CVE-2026-7491 School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote att CVE-2026-7490 CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to up CVE-2026-7489 CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary CVE-2026-5077 The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and includ CVE-2026-7608 A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic CVE-2026-5324 The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versio CVE-2026-4024 The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing CVE-2026-7649 The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is CVE-2026-7607 A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware CVE-2026-7670 A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSumma CVE-2026-6481 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2026-7669 A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function get_tokenizer of the file pytho CVE-2026-7668 A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in CVE-2026-7653 A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function open_image_ CVE-2026-7645 A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function export_s CVE-2026-7644 A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the fil CVE-2026-7643 A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of t CVE-2026-7642 A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function download_website of th CVE-2026-7633 A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function setUploadSetting of the CVE-2026-7632 A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function CVE-2026-7631 A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown fun CVE-2026-7630 A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallService CVE-2026-7629 A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of t CVE-2026-3504 The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Infor CVE-2026-2554 The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is CVE-2026-0703 The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CVE-2026-7628 A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function execu CVE-2026-6817 The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate_reason' parameter CVE-2026-6525 IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 CVE-2026-6320 The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and CVE-2026-4790 The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored C CVE-2026-4100 The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhoo CVE-2026-4062 The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_i CVE-2026-4061 The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all v CVE-2026-4060 The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions u CVE-2026-7627 A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function Call CVE-2026-7612 A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the fil CVE-2026-7611 A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev CVE-2026-7610 A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi CVE-2026-7609 A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the CVE-2026-7491 School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote att CVE-2026-7490 CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to up CVE-2026-7489 CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary CVE-2026-5077 The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and includ CVE-2026-7608 A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic CVE-2026-5324 The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versio CVE-2026-4024 The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing CVE-2026-7649 The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is CVE-2026-7607 A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware