Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.6 CVE-2026-50704

Frappe Framework 17.0.0-dev – Reflected/Stored XSS in File View breadcrumbs rendering_CVE-2026-50704

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled i...

Frappe Frappe Framework 17.0.0-dev CVE
MEDIUM 4.8 CVE-2026-50703

Frappe Framework 17.0.0-dev – Stored XSS in Desktop Icon label rendering_CVE-2026-50703

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled i...

Frappe Frappe Framework 17.0.0-dev CVE
MEDIUM 5.1 CVE-2026-50701

Frappe Framework 17.0.0-dev – Reflected DOM XSS in dashboard-view breadcrumb rendering_CVE-2026-50701

A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlle...

Frappe Frappe Framework 17.0.0-dev CVE
MEDIUM 4.6 CVE-2026-50700

Frappe Framework 17.0.0-dev – Stored XSS in frappe.get_avatar image rendering_CVE-2026-50700

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled i...

Frappe Frappe Framework 17.0.0-dev CVE
CRITICAL 9.8 9FE7E8BC-4FDD-

Exploit for Out-of-bounds Write in Fortinet Fortiproxy_9FE7E8BC-4FDD-5C40-A866-41D14FB4E0CD

CVE-2024-21762 - FortiOS SSL VPN Out-of-Bounds Write Overview | Field | Value | |-------|-------| | CVE | CVE-2024-21762 | | Advisory | FG-IR-24-01...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 313C0238-45FD-

Exploit for CVE-2026-12416_313C0238-45FD-59C7-9A09-F1668F7DFE47

CVE-2026-12416-CVE-2026-12417 Unauthenticated Account Takeover via Weak Password Reset Validation via 'resetuserid' Parameter | Unauthenticated Pri...

N/A N/A GITHUBEXPLOIT
NONE HACKREAD:614136...

Fake npm Packages Impersonate PostCSS Tool to Steal Chrome Passwords_HACKREAD:6141367662A6D7A675D4167ED30B5E35

JFrog warns of malicious npm packages that mimic PostCSS tooling, drop a Windows RAT, and target Chrome-stored passwords through a staged infection...

N/A N/A HACKREAD
HIGH 7.7 CVE-2026-9710

Themeco Cornerstone < 7.8.8 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Password Hash Disclosure_CVE-2026-9710

The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce ...

Unknown Cornerstone 3.0.0 CVE
HIGH 7.7 CVE-2026-9709

Themeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta Disclosure_CVE-2026-9709

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to ...

Unknown Cornerstone 3.0.0 CVE
LOW 2.7 CVE-2026-10753

Site Kit by Google < 1.176.0 - Editor+ Email Reporting Settings Update_CVE-2026-10753

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-priv...

Unknown Site Kit by Google CVE