Vulnerability Database
A comprehensive hub for tracking high-impact vulnerabilities across application code and third-party libraries, for security teams and developers.
Trusted by Startups to Fortune 500
CVE-2026-11462
(7.3)
Improper Authorization (CWE-285) in BeikeShop Stripe Plugin Callback
Authorization Bypass Leading to Unauthorized Actions
CVE-2026-11460
(7.3)
Improper Input Validation (CWE-20) in Boost Serialization ≤ 1.91
Remote Attack Surface via Malformed Serialized Data (Potential DoS / Data Integrity Violation)
CVE-2026-11457
(7.3)
Injection in JimuReport Test-Connection Endpoint (CWE-74) in JeeWMS
Arbitrary Injection into Backend Interpreter / Potential Remote Code or Command Execution Depending on Sink
CVE-2026-11456
(7.3)
SQL Injection (CWE-89) via gblOrgID in Chanjet CRM HTTP GET Handler
Unauthorized Database Access and Manipulation
CVE-2026-11452
(7.3)
OS Command Injection (CWE-77) in GL.iNet GL-MT3000 SET_USER_PWD Handler
Remote Command Execution
CVE-2026-11451
(7.3)
OS Command Injection via Unsanitized Argument (CWE-77) in GL.iNet GL-MT3000 FTP Protocol Handler
Remote Command Execution on Network Appliance
CVE-2026-11450
(7.3)
Command Injection via Path Normalization Handler (CWE-77) in GL.iNet GL-MT3000 RPC Interface
Remote Command Execution on Embedded Router
CVE-2026-11435
(7.3)
SQL Injection (CWE-89) in Jinher OA nextselectplan.aspx httpOID Parameter
Data Exposure and Manipulation via SQL Injection
CVE-2026-7537
(7.2)
Arbitrary File Upload (CWE-434) in MDJM Event Management WordPress Plugin
Remote Code Execution from Malicious File Upload
CVE-2026-9290
(7.5)
Local File Inclusion (CWE-22) in WP User Manager Profile Template Scope
Arbitrary File Inclusion and Remote Code Execution
