CVEFind.com

[CVE-2026-4038: CRITICAL] WordPress Aimogen Pro plugin up to v2.7.5 is at risk of Arbitrary Function Call exploit affecting users' roles. Unauthenticated attackers could escalate privileges to gain administrat...#cve,CVE-2026-4038,#cybersecurity cvefind.com/CVE-2026-4038

[CVE-2026-32940: CRITICAL] SiYuan users are urged to update to version 3.6.1 due to a cyber security flaw in previous versions. A vulnerability allows click-through XSS attacks via unescaped SVG input.#cve,CVE-2026-32940,#cybersecurity cvefind.com/CVE-2026-32940

[CVE-2026-32938: CRITICAL] Vulnerability in SiYuan versions 3.6.0 & below allowed unauthorized access to sensitive files on desktops. Update to version 3.6.1 to resolve this security flaw.#cve,CVE-2026-32938,#cybersecurity cvefind.com/CVE-2026-32938

[CVE-2026-32891: CRITICAL] Anchorr Discord bot versions 1.4.1 and below are vulnerable to stored XSS in Jellyseerr user selector, enabling attackers to access plaintext config data and gain full admin access...#cve,CVE-2026-32891,#cybersecurity cvefind.com/CVE-2026-32891

[CVE-2026-32890: CRITICAL] Discord bot Anchorr had a serious Cross-Site Scripting (XSS) vulnerability in versions 1.4.1 and below, allowing attackers to gain access to sensitive credentials. Update to versio...#cve,CVE-2026-32890,#cybersecurity cvefind.com/CVE-2026-32890

[CVE-2026-32888: HIGH] Web-based Point of Sale app has an SQL Injection flaw in custom attribute search function, allowing attackers to execute arbitrary SQL queries. No patch available currently.#cve,CVE-2026-32888,#cybersecurity cvefind.com/CVE-2026-32888

[CVE-2026-21992: CRITICAL] Critical vulnerability in Oracle Identity Manager and Web Services Manager. Unauthenticated attackers could compromise systems. Takeover possible. CVSS score 9.8.#cve,CVE-2026-21992,#cybersecurity cvefind.com/CVE-2026-21992

[CVE-2026-32817: CRITICAL] Cybersecurity alert: Admidio v5.0.0-5.0.6 has a critical flaw allowing unauthorized deletion of files. Update to v5.0.7 to fix the vulnerability and secure your user management sys...#cve,CVE-2026-32817,#cybersecurity cvefind.com/CVE-2026-32817

[CVE-2026-32767: CRITICAL] SiYuan's versions 3.6.0 & below have a critical authorization bypass flaw in the /api/search/fullTextSearchBlock endpoint, allowing authenticated users to execute unauthorized SQL ...#cve,CVE-2026-32767,#cybersecurity cvefind.com/CVE-2026-32767

[CVE-2026-33289: HIGH] Critical LDAP Injection vulnerability discovered in open-source SuiteCRM versions prior to 7.15.1 and 8.9.3. Attackers can exploit this flaw to bypass authentication or disclose sensit...#cve,CVE-2026-33289,#cybersecurity cvefind.com/CVE-2026-33289

[CVE-2026-33288: HIGH] Critical SQL Injection vulnerability in older SuiteCRM versions (pre-7.15.1, pre-8.9.3) allows for complete privilege escalation. Secure with the latest patches.#cve,CVE-2026-33288,#cybersecurity cvefind.com/CVE-2026-33288

[CVE-2026-32756: HIGH] Critical security flaw in Admidio user management solution! Versions 5.0.6 and below vulnerable to unrestricted file upload issue allowing remote code execution. Update to version 5.0....#cve,CVE-2026-32756,#cybersecurity cvefind.com/CVE-2026-32756

[CVE-2026-32760: CRITICAL] File Browser, a file managing interface, had a cyber security vulnerability allowing unauthenticated users to register as full administrators in versions 2.61.2 and below. Update t...#cve,CVE-2026-32760,#cybersecurity cvefind.com/CVE-2026-32760

[CVE-2026-32985: CRITICAL] Unauthenticated file upload vulnerability in Xerte Online Toolkits (versions 3.14 and earlier) allows attackers to achieve remote code execution. #CyberSecurity#cve,CVE-2026-32985,#cybersecurity cvefind.com/CVE-2026-32985

[CVE-2026-32721: HIGH] Vulnerability in LuCI interface, found in OpenWrt versions before 24.10.5 and 25.12.0, allows XSS attacks via crafted SSIDs in wireless scan modal, fixed in LuCI 26.072.65753~068150b.#cve,CVE-2026-32721,#cybersecurity cvefind.com/CVE-2026-32721

[CVE-2026-29103: CRITICAL] Critical RCE vulnerability in SuiteCRM 7.15.0 & 8.9.2 allows admins to execute commands. Patch bypass of CVE-2024-49774. Issue partially resolved in 7.14.5. Update to 7.15.1/8.9.3 ...#cve,CVE-2026-29103,#cybersecurity cvefind.com/CVE-2026-29103

[CVE-2026-29099: HIGH] SuiteCRM versions 7.15.1 and 8.9.3 fix a SQL injection vulnerability in the `retrieve()` function of `OutboundEmail.php`. Update now for improved cyber security.#cve,CVE-2026-29099,#cybersecurity cvefind.com/CVE-2026-29099

[CVE-2026-22732: CRITICAL] Vulnerability alert: Spring Security versions 5.7.0 to 5.7.21, 5.8.0 to 5.8.23, 6.3.0 to 6.3.14, 6.4.0 to 6.4.14, 6.5.0 to 6.5.8, 7.0.0 to 7.0.3 may not write specified HTTP respon...#cve,CVE-2026-22732,#cybersecurity cvefind.com/CVE-2026-22732

[CVE-2026-32754: CRITICAL] Attention! FreeScout versions 1.8.208 and below are susceptible to Stored Cross-Site Scripting (XSS) attacks. Ensure your system is updated to version 1.8.209 to fix this vulnerabi...#cve,CVE-2026-32754,#cybersecurity cvefind.com/CVE-2026-32754

[CVE-2026-32194: CRITICAL] Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.#cve,CVE-2026-32194,#cybersecurity cvefind.com/CVE-2026-32194