CVE-2026-24477 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKe... read CVE-2026-24477
Published: January 26, 2026; 7:15:51 PM -0500

V3.1: 7.5 HIGH

CVE-2024-54383 - Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9.
Published: December 18, 2024; 2:15:11 PM -0500

CVE-2026-24478 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.10.0, a critical Path Traversal vulnerability in the DrupalWiki integration allows a malicious admin (or... read CVE-2026-24478
Published: January 26, 2026; 7:15:51 PM -0500

CVE-2023-28689 - Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0.
Published: December 09, 2024; 8:15:26 AM -0500

CVE-2023-25993 - Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3.
Published: December 09, 2024; 8:15:24 AM -0500

CVE-2025-47382 - Memory corruption while loading an invalid firmware in boot loader.
Published: December 18, 2025; 1:15:49 AM -0500

V3.1: 7.8 HIGH

CVE-2026-24858 - An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0... read CVE-2026-24858
Published: January 27, 2026; 3:16:24 PM -0500

CVE-2025-47387 - Memory Corruption when processing IOCTLs for JPEG data without verification.
Published: December 18, 2025; 1:15:49 AM -0500

V3.1: 7.8 HIGH

CVE-2025-47332 - Memory corruption while processing a config call from userspace.
Published: January 07, 2026; 7:17:02 AM -0500

V3.1: 6.4 MEDIUM

CVE-2025-39485 - Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour | Travel Agency WordPress allows Object Injection. This issue affects Grand Tour | Travel Agency WordPress: from n/a through 5.5.1.
Published: May 23, 2025; 9:15:30 AM -0400

CVE-2025-32309 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul allows PHP Local File Inclusion. This issue affects Healsoul: from n/a through 2.0.2.
Published: May 23, 2025; 9:15:30 AM -0400

CVE-2025-39354 - Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference allows Object Injection.This issue affects Grand Conference: from n/a through 5.2.
Published: May 19, 2025; 4:15:23 PM -0400

CVE-2025-39458 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through 2.5.2.
Published: May 19, 2025; 3:15:50 PM -0400

CVE-2025-39590 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS. This issue affects Essential Addons for Elementor: from n/a through 6.1.9.
Published: April 16, 2025; 9:15:51 AM -0400

CVE-2026-1415 - A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be ca... read CVE-2026-1415
Published: January 25, 2026; 10:15:49 PM -0500

V3.1: 3.3 LOW

CVE-2025-39589 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9.
Published: April 16, 2025; 9:15:51 AM -0400

CVE-2026-1416 - A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated fr... read CVE-2026-1416
Published: January 25, 2026; 11:16:09 PM -0500

V3.1: 3.3 LOW

CVE-2026-1417 - A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The ex... read CVE-2026-1417
Published: January 25, 2026; 11:16:10 PM -0500

V3.1: 3.3 LOW

CVE-2025-13053 - When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle (MITM) atta... read CVE-2025-13053
Published: December 11, 2025; 10:15:51 PM -0500

V3.1: 3.7 LOW

CVE-2025-13052 - When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can intercept network traffic between the SMTP client and server to execute a man-in-the-mid... read CVE-2025-13052
Published: December 11, 2025; 10:15:50 PM -0500

V3.1: 5.9 MEDIUM