Vulnerability Notes
- CVE-2026-0621 - MCP TypeScript SDK UriTemplate Exploded Array Pattern ReDoS
- CVE-2025-64424 - Colify has command injection vulnerability in project git source
- CVE-2026-0625 - D-Link DSL Command Injection via DNS Configuration Endpoint
- CVE-2025-64419 - Coolify vulnerable to command injection via docker-compose.yaml parameters
- CVE-2025-59156 - Coolify has Docker Compose Injection issue
- CVE-2025-55204 - muffon has One-click Remote Code Execution via XSS and Custom URL Handling
- CVE-2026-21633 - Ubiquiti UniFi Protect Camera Discovery Protocol Authentication Bypass
- CVE-2025-39484 - WordPress Entrada Theme <= 5.7.7 - SQL Injection vulnerability
- CVE-2025-14346 - WHILL Model C2 and F Power Chairs Bluetooth Authentication Bypass
- CVE-2025-15026 - Unauthenticated configuration import allows administrative account creation using AWIE component
- CVE-2023-50897 - WordPress Media File Renamer plugin <= 5.7.7 - Arbitrary File Rename lead to RCE vulnerability
- CVE-2025-68865 - WordPress Infility Global plugin <= 2.14.48 - SQL Injection vulnerability
- CVE-2025-68044 - WordPress Five Star Restaurant Reservations plugin <= 2.7.8 - Insecure Direct Object References (IDOR) vulnerability
- CVE-2025-30633 - WordPress Amazon Native Shopping Recommendations Plugin <= 1.3 - SQL Injection Vulnerability
- CVE-2025-66518 - Apache Kyuubi: Unauthorized directory access due to missing path normalization