Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through <= 1.3.9.
Missing Authorization vulnerability in raratheme Business One Page business-one-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from…
Missing Authorization vulnerability in raratheme Bakes And Cakes bakes-and-cakes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bakes And Cakes: from n/a t…
Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constru…
Missing Authorization vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Presc…
Missing Authorization vulnerability in raratheme Rara Business rara-business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Business: from n/a through…
Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a thro…
Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through <= 1.1.7.
Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.9.
Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through <= 3.6.…
Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37.
Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Relate…
Cross-Site Request Forgery (CSRF) vulnerability in shufflehound Lemmony lemmony allows Cross Site Request Forgery.This issue affects Lemmony: from n/a through < 1.7.1.
soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr (scalar field) types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 represen…
Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integr…
Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able t…
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output vi…
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimes…
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the create_function(args, code) function passes both parameters directly to the Function…
OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrive…