Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.4 CVE-2026-11380

JetWidgets For Elementor <= 1.0.21 - Authenticated (Author+) Stored Cross-Site Scripting via Animated Box 'animation_effect' Setting_CVE-2026-11380

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due ...

jetmonsters JetWidgets For Elementor CVE
HIGH 7.5 CVE-2026-1239

Ninja Forms <= 3.14.1 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via token/refresh REST Endpoint_CVE-2026-1239

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a missing a...

kstover Ninja Forms – The Contact Form Builder That Grows With You CVE
HIGH 7.5 CVE-2026-14193

DVP80ES300T – Improper Validation of Array Index Vulnerability_CVE-2026-14193

DVP80ES300T with Improper Validation of Array Index Vulnerability

deltaww DVP80ES300T CVE
HIGH 7.4 CVE-2026-12579

AS228T – Authentication Bypass Vulnerability_CVE-2026-12579

AS228T with Authentication Bypass Vulnerability

deltaww AS228T CVE
HIGH 7.5 CVE-2026-11823

BookingPress Appointment Booking Pro <= 5.7.1 - Unauthenticated SQL Injection via 'store_service_date' Parameter_CVE-2026-11823

The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'store_service_date' parameter of the bpa_assi...

Repute Infosystems BookingPress Appointment Booking Pro CVE
MEDIUM 4.8 CVE-2025-15666

Open Asset Import Library Assimp Model File SceneCombiner.cpp Copy heap-based overflow_CVE-2025-15666

A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::...

Open Asset Import Library Assimp 5.4.0 CVE
MEDIUM 6.4 CVE-2026-9107

Kali Forms <= 2.4.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'kaliforms_field_components' Parameter_CVE-2026-9107

The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'meta[kaliforms_fie...

wpchill Kali Forms — Contact Form & Drag-and-Drop Builder CVE
CRITICAL 9.8 CVE-2026-7840

UltraVNC repeater HTTP server global buffer overflow via long URI (pre-auth RCE)_CVE-2026-7840

UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wi_senderr() and wi_r...

uvnc UltraVNC 1.8.2.2 CVE
CRITICAL 9.1 CVE-2026-7839

UltraVNC repeater ships hardcoded default admin password allowing unauthenticated admin access_CVE-2026-7839

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, ...

uvnc UltraVNC CVE
HIGH 8.8 CVE-2026-7838

UltraVNC viewer heap buffer overflow via integer overflow in RFB connection-failure reason length_CVE-2026-7838

UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. I...

uvnc UltraVNC CVE