Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-30041

CVE-2026-30041_CVE-2026-30041

An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Servi...

n/a n/a n/a CVE
MEDIUM 6.5 CVE-2026-30040

CVE-2026-30040_CVE-2026-30040

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the...

n/a n/a n/a CVE
MEDIUM 5.3 CVE-2026-24547

WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability_CVE-2026-24547

Unauthenticated Broken Access Control in SiteGround Email Marketing

SiteGround SiteGround Email Marketing n/a CVE
MEDIUM 6.5 CVE-2025-68075

WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability_CVE-2025-68075

Contributor Cross Site Scripting (XSS) in BNE Testimonials

Kerry BNE Testimonials n/a CVE
MEDIUM 6.5 CVE-2025-68074

WordPress Image Carousel plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability_CVE-2025-68074

Contributor Cross Site Scripting (XSS) in Image Carousel

GhozyLab Image Carousel n/a CVE
HIGH 7.5 CVE-2025-68064

WordPress Goya Core plugin < 1.0.9.4 - Local File Inclusion vulnerability_CVE-2025-68064

Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions.

Everthemess Goya Core n/a CVE
HIGH 7.5 CVE-2025-68063

WordPress Splash – Sport Club WordPress theme for Basketball, Football, Hockey theme <= 4.4.3 - Local File Inclusion vulnerability_CVE-2025-68063

Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey

StylemixThemes Splash - Sport Club WordPress Theme for Basketball, Football, Hockey n/a CVE
HIGH 8.8 CVE-2025-68052

WordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2025-68052

Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking

Eagle-Themes Eagle Booking n/a CVE
MEDIUM 5.3 CVE-2025-66123

WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2025-66123

Unauthenticated Insecure Direct Object References (IDOR) in BookPro

About Envato BookPro n/a CVE
MEDIUM 5.3 CVE-2025-64637

WordPress Auros Core plugin <= 5.3.1 - Content Injection vulnerability_CVE-2025-64637

Unauthenticated Content Injection in Auros Core

Opal_WP Auros Core n/a CVE