CVE Vulnerabilities - 23 May 2026

A Nezha Monitoring user with a 'RoleMember' role can create a scheduled task that runs on all monitored servers, including those in other tenants. This allows an attacker to execute arbitrary commands...

An attacker can send a request to Dolibarr ERP CRM 7.0.3 with malicious code, which can then be executed without needing a password. This means an attacker could potentially access and control the sys...

UserSpice, a user management system, has a security weakness that lets attackers find valid usernames without logging in. This could be used to guess or find existing accounts. To fix this, update to ...

The Mediapool Addon in Redaxo CMS is affected by a security flaw that allows authorized users to upload files with hidden malicious extensions. This could allow attackers to upload and execute harmful...

A Linux kernel vulnerability has been fixed, which could allow an attacker to write to a read-only file. This issue was found in the way the kernel handled fragment markers in network packets. It has ...

A security flaw in the Edimax BR-6428NS 1.10 router allows hackers to remotely access and manipulate the wireless settings. This could lead to unauthorized access to your network and compromise of sen...

A security issue affects Edimax BR-6428NS routers running version 1.10. An attacker could potentially send malicious data to the router, causing it to crash or behave unexpectedly. We recommend updati...

Firefox and Thunderbird users need to update their software to fix security issues that could allow hackers to steal data or take control of their computers. These updates are available now, and it's ...

The Wishlist Member plugin for WordPress, used in websites, has a security flaw that could allow attackers with limited access to make changes to sensitive data. This could potentially lead to a compl...

The Wishlist Member plugin for WordPress, used for membership management, has a security flaw that allows attackers with basic access to make changes to the site. This could lead to a complete takeove...

The WishList Member plugin for WordPress, used to manage memberships, contains a security flaw that could allow an attacker to access sensitive information and take control of the entire website. This...

Authenticated attackers with Subscriber-level access can steal the plugin's secret key, create administrator accounts, and take over the entire website. Affected users should update the WishList Membe...

An attacker can send a specially crafted request that causes Parse Server to use up a lot of CPU, making it slow or unresponsive. This affects Parse Server deployments that use the default configurati...

A low-privilege user can read internal HTTP response bodies, potentially accessing sensitive information. This affects the Nezha Monitoring dashboard, which allows a user with the 'RoleMember' role to...

SIPp versions 3.6 and earlier have a security flaw that can be exploited by a local attacker to crash the application or run unauthorized code. This can happen when an attacker supplies too much infor...

Audiograbber, a software used to record and rip audio CDs, has a security flaw that allows attackers to execute malicious code on a local computer. This could potentially lead to unauthorized access o...

The 10-Strike Network Scanner 3.0 has a security flaw that can be exploited by attackers. This allows them to run unauthorized code on a computer, potentially causing harm. To protect yourself, update...

The 10-Strike Network Inventory Explorer software has a security flaw that allows a local attacker to run malicious code with administrator privileges. This can happen if an attacker creates a fake re...

A security flaw in Joomla! EkRishta 2.10 allows hackers to access sensitive information without needing a login. This is a serious issue because it could allow attackers to steal user passwords and le...

An attacker can send a special request to Joomla! Ek Rishta 2.10, allowing them to access sensitive database information. This is a risk because it could give an attacker confidential information abou...

Smartshop 1 has a security flaw that lets attackers access sensitive information without a password. This means they can potentially steal product details and other system data. To protect your data, ...

An attacker can access sensitive information from Smartshop 1's database by sending a special request to the product.php page. This is a serious issue because it could allow unauthorized access to con...

An attacker can use a specific type of malicious input to extract sensitive user data from Smartshop 1, including usernames. This can happen without needing a password. To protect your data, update Sm...

The WooCommerce PayPal Payments plugin for WordPress has a security issue that allows attackers to manipulate other customers' orders and steal sensitive information. This affects all versions up to 4...

This issue affects the Linux kernel's networking component. If not fixed, it could allow unauthorized access to encrypted data. To address this, update your Linux kernel to the latest version.