Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-14193

DVP80ES300T – Improper Validation of Array Index Vulnerability_CVE-2026-14193

DVP80ES300T with Improper Validation of Array Index Vulnerability

deltaww DVP80ES300T CVE
HIGH 7.4 CVE-2026-12579

AS228T – Authentication Bypass Vulnerability_CVE-2026-12579

AS228T with Authentication Bypass Vulnerability

deltaww AS228T CVE
HIGH 7.5 CVE-2026-11823

BookingPress Appointment Booking Pro <= 5.7.1 - Unauthenticated SQL Injection via 'store_service_date' Parameter_CVE-2026-11823

The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'store_service_date' parameter of the bpa_assi...

Repute Infosystems BookingPress Appointment Booking Pro CVE
HIGH 8.8 CVE-2026-7838

UltraVNC viewer heap buffer overflow via integer overflow in RFB connection-failure reason length_CVE-2026-7838

UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. I...

uvnc UltraVNC CVE
HIGH 7.5 CVE-2026-7831

UltraVNC viewer off-by-one stack overflow in ServerInit desktop name parsing_CVE-2026-7831

UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.c...

uvnc UltraVNC CVE
HIGH 7.4 CVE-2026-7830

UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception_CVE-2026-7830

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth). In rfb/dh.cpp the Diffi...

uvnc UltraVNC CVE
HIGH 7.2 CVE-2026-7829

UltraVNC repeater authenticated out-of-bounds write in rule parser via oversized token_CVE-2026-7829

UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:2...

uvnc UltraVNC CVE
HIGH 7.2 CVE-2026-7517

Custom Payment Gateways for WooCommerce <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting via 'alg_wc_cpg_input_fields' Parameter_CVE-2026-7517

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alg_wc_cpg_input_fields' par...

dhruvin Custom Payment Gateways for WooCommerce CVE
HIGH 7.2 CVE-2026-13731

WPBot <= 8.4.9 - Unauthenticated Stored Cross-Site Scripting via 'conversation' Parameter_CVE-2026-13731

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'co...

quantumcloud WPBot – AI ChatBot for Live Support, Lead Generation, AI Services CVE
HIGH 7.5 CVE-2026-13468

Visualizer <= 4.0.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via /visualizer/v1/action/{chart}/{type}/ REST Endpoint_CVE-2026-13468

The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up t...

themeisle Visualizer – Tables & Charts Manager with Built-in AI Generator CVE