Latest CVE Vulnerabilities

9.8 CRITICAL

CVE-2026-4484 — Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Esca…

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the…

masteriyo | Remote | Authorization

Mar 26, 2026 Apr 24, 2026

Mar 26, 2026

Apr 24, 2026

6.3 MEDIUM

CVE-2026-4830 — kalcaddle kodbox Public Share userShare.class.php add privilege escalation

A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipu…

kodbox | Remote | Misconfiguration

Mar 26, 2026 Apr 24, 2026

Mar 26, 2026

Apr 24, 2026

9.8 CRITICAL

CVE-2026-33942 — Saloon has insecure deserialization in AccessTokenAuthenticator (object injection / RCE)

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to 4.0.0 used PHP's unserialize() in AccessTokenAuthenticator::unserialize() to restore OAuth token s…

saloon | Remote | Injection

Mar 26, 2026 Mar 26, 2026

Mar 26, 2026

9.2 CRITICAL

CVE-2026-33526 — Squid vulnerable to Denial of Service in ICP Request handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to pe…

squid | Remote | Denial of Service

Mar 26, 2026 Mar 31, 2026

Mar 26, 2026

Mar 31, 2026

6.9 MEDIUM

CVE-2026-33515 — Squid has issues in ICP message handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacke…

squid | Remote | Information Disclosure

Mar 26, 2026 Mar 31, 2026

Mar 26, 2026

Mar 31, 2026

7.5 HIGH

CVE-2026-33287 — LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaScript's `String.prototype.replace()` whi…

liquidjs | Remote | Denial of Service

Mar 26, 2026 Mar 30, 2026

Mar 26, 2026

Mar 30, 2026

7.5 HIGH

CVE-2026-33285 — LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's `memoryLimit` security mechanism can be completely bypassed by using reverse r…

liquidjs | Remote | Denial of Service

Mar 26, 2026 Mar 30, 2026

Mar 26, 2026

Mar 30, 2026

9.1 CRITICAL

CVE-2026-33183 — Saloon has a Fixture Name Path Traversal Vulnerability

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without v…

saloon | Remote | Path Traversal

Mar 26, 2026 Mar 30, 2026

Mar 26, 2026

Mar 30, 2026

7.5 HIGH

CVE-2026-33182 — Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overridi…

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request end…

saloon | Remote | Server-Side Request Forgery

Mar 26, 2026 Mar 30, 2026

Mar 26, 2026

Mar 30, 2026

8.7 HIGH

CVE-2026-32748 — Squid has Denial of Service in ICP Response handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when h…

squid | Remote | Denial of Service

Mar 26, 2026 Mar 26, 2026

Mar 26, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences