Recent analyses

• CVE-2026-57346 Epiphyt Epiphyt Embed Privacy is affected by a path traversal vulnerability that may allow unauthorized access to sensitive files.
• CVE-2026-13601 GNOME (Project: Yelp) The yelp-xsl package contains an overly permissive Content Security Policy (CSP) implementation, potentially leading to security bypasses.
• CVE-2026-54371 N/A (Project: attr) The attr utility before version 2 contains a vulnerability requiring investigation.
• CVE-2026-40522 FrontAccounting A security vulnerability exists in FrontAccounting versions prior to 2, which may allow for unauthorized access or system compromise.
• CVE-2026-54369 ACL An unauthenticated vulnerability has been identified in ACL versions prior to 2, potentially allowing attackers to bypass security constraints.
• CVE-2026-57338 Repute This vulnerability is an unauthenticated Cross-Site Scripting (XSS) flaw in the ARForms plugin, which could allow attackers to execute arbitrary scripts in a user's browser session.
• CVE-2026-57336 Astoundify An unauthenticated Cross-Site Scripting (XSS) vulnerability exists in the Jobify theme/plugin, allowing attackers to inject malicious scripts into web pages.
• CVE-2026-57337 PluginOps An unauthenticated Cross-Site Scripting (XSS) vulnerability exists in the Landing Page Builder plugin, allowing attackers to inject malicious scripts into web pages.
• CVE-2026-57333 Spencer An unauthenticated Cross-Site Scripting (XSS) vulnerability exists in the Link Whisper Free plugin, allowing attackers to inject malicious scripts into web pages.
• CVE-2026-13555 itsourcecode A security vulnerability has been identified in the itsourcecode Online Hotel Management System, potentially allowing for unauthorized system interaction.
• CVE-2026-57320 RealMag777 An unauthenticated Cross-Site Scripting (XSS) vulnerability exists in the RealMag777 BEAR plugin, allowing for the injection of malicious scripts into web pages.
• CVE-2026-57332 Swings A broken access control vulnerability in the Swings Wallet System for WooCommerce allows subscriber-level users to perform unauthorized actions.
• CVE-2026-13552 itsourcecode A vulnerability has been detected in the itsourcecode Online Hotel Management System that may expose the system to unauthorized access or manipulation.
• CVE-2026-13553 itsourcecode A security flaw has been found in the itsourcecode Online Hotel Management System, which may allow for unauthorized system interaction.
• CVE-2026-13559 code-projects A security weakness has been identified in the code-projects Real State Services application that could potentially lead to system compromise.
• CVE-2026-13565 SourceCodester A vulnerability in SourceCodester Class and Exam Timetabling System allows for potential unauthorized access or system compromise.
• CVE-2026-13566 SourceCodester A vulnerability in SourceCodester Class and Exam Timetabling System may allow for unauthorized system interaction or data exposure.
• CVE-2026-13568 SourceCodester A security weakness in SourceCodester Inventory Management System could allow for unauthorized system access or data manipulation.
• CVE-2026-12912 Red Hat A vulnerability in the libtiff library used within Red Hat Enterprise Linux 10 may allow for memory corruption or arbitrary code execution.
• CVE-2026-13676 fast-uri A security vulnerability has been identified in fast-uri version 2, which may impact applications relying on this library for URI parsing and processing.
• CVE-2026-56780 Modoboa Modoboa versions prior to 2 contain an unspecified security vulnerability that requires immediate attention from system administrators.
• CVE-2026-12243 NLTK Project A security vulnerability has been identified in NLTK version 3 that may lead to potential system compromise.
• CVE-2026-55607 Anthropic A vulnerability exists within the agentic coding tool Claude Code that may allow for unauthorized access or code execution.
• CVE-2026-8023 Zephyr Project A directory traversal or unauthorized file access vulnerability exists within the Zephyr HTTP server when using the static-filesystem resource type.
• CVE-2026-40524 FrontAccounting A high-severity security vulnerability in FrontAccounting before version 2 may facilitate unauthorized system impact or data access.
• CVE-2026-40523 FrontAccounting A high-severity vulnerability in FrontAccounting before version 2 may expose the application to unauthorized access or security bypass.
• CVE-2026-57950 RuoYi A high-severity vulnerability exists in ruoyi-vue-pro through 2026 that may allow for unauthorized system interaction or compromise.
• CVE-2026-53426 leandrocp The leandrocp MDEx software contains an allocation of resources without limits or throttling vulnerability, which may lead to excessive resource consumption.
• CVE-2026-7656 Zephyr Project The IPv6 Neighbor Discovery handlers in the Zephyr RTOS contain a vulnerability that may lead to memory corruption or instability.
• CVE-2026-13744 Snowflake Snowflake CLI versions prior to 3 contain an improper neutralization vulnerability that could allow attackers to inject malicious content.