Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.4 CVE-2026-11380

JetWidgets For Elementor <= 1.0.21 - Authenticated (Author+) Stored Cross-Site Scripting via Animated Box 'animation_effect' Setting_CVE-2026-11380

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due ...

jetmonsters JetWidgets For Elementor CVE
MEDIUM 4.8 CVE-2025-15666

Open Asset Import Library Assimp Model File SceneCombiner.cpp Copy heap-based overflow_CVE-2025-15666

A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::...

Open Asset Import Library Assimp 5.4.0 CVE
MEDIUM 6.4 CVE-2026-9107

Kali Forms <= 2.4.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'kaliforms_field_components' Parameter_CVE-2026-9107

The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'meta[kaliforms_fie...

wpchill Kali Forms — Contact Form & Drag-and-Drop Builder CVE
MEDIUM 5.3 CVE-2026-7828

UltraVNC repeater integer overflow in win_log malloc leading to heap overflow_CVE-2026-7828

UltraVNC repeater through 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, the win_log() f...

uvnc UltraVNC CVE
MEDIUM 6.9 CVE-2026-58519

Stored XSS through Cargo’s map format_CVE-2026-58519

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Ex...

The Wikimedia Foundation Mediawiki - Cargo Extension * CVE
MEDIUM 6.9 CVE-2026-58518

CVE-2026-58518_CVE-2026-58518

Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery...

The Wikimedia Foundation Mediawiki - RedirectManager Extension * CVE
MEDIUM 4.3 CVE-2026-44041

UltraVNC vncWc2Mb calls wcslen() before validating that the wide string is NUL-terminated_CVE-2026-44041

UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the vncWc2Mb() functi...

uvnc UltraVNC CVE
MEDIUM 4.8 CVE-2026-44040

UltraVNC vncauth.c uses time-seeded libc rand() to generate VNC authentication challenge bytes_CVE-2026-44040

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth...

uvnc UltraVNC CVE
MEDIUM 6.4 CVE-2026-2387

Event Organiser <= 3.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via eo_events Shortcode_CVE-2026-2387

The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.12.9. This is due to ...

stephenharris Event Organiser CVE
MEDIUM 6.4 CVE-2026-13443

Tutor LMS <= 3.9.13 - Authenticated (Author+) Stored Cross-Site Scripting via Lesson Attachment Title_CVE-2026-13443

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Lesson Attachment Title ...

themeum Tutor LMS – eLearning and online course solution CVE