3jee/CVE-2025-8110 CVE-2025-8110 — Gogs <= 0.13.3 Arbitrary File Write via Symlink Traversal in PutContents API Create: 2026-04-11 20:28:17 +0000 UTC Push: 2026-04-11 20:28:19 +0000 UTC |

lukasz-rybak/CVE-2026-23500 CVE-2026-23500 - OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration in Dolibarr Create: 2026-04-11 19:37:51 +0000 UTC Push: 2026-04-11 19:37:53 +0000 UTC |

lukasz-rybak/CVE-2026-23498 CVE-2026-23498 - Shopware Has Improper Control of Generation of Code in Twig rendered views Create: 2026-04-11 19:15:40 +0000 UTC Push: 2026-04-11 19:15:41 +0000 UTC |

lukasz-rybak/CVE-2026-1434 CVE-2026-1434 - Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a... Create: 2026-04-11 19:15:34 +0000 UTC Push: 2026-04-11 19:15:37 +0000 UTC |

lukasz-rybak/CVE-2026-24415 CVE-2026-24415 - OpenSTAManager Affected by XSS in modifica_iva.php via righe parameter Create: 2026-04-11 19:15:29 +0000 UTC Push: 2026-04-11 19:15:31 +0000 UTC |

lukasz-rybak/CVE-2026-27621 CVE-2026-27621 - TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload Create: 2026-04-11 19:15:23 +0000 UTC Push: 2026-04-11 19:15:26 +0000 UTC |

lukasz-rybak/CVE-2025-66024 CVE-2025-66024 - XWiki Blog Application home page vulnerable to Stored XSS via Post Title Create: 2026-04-11 19:15:18 +0000 UTC Push: 2026-04-11 19:15:19 +0000 UTC |

lukasz-rybak/CVE-2026-22849 CVE-2026-22849 - Saleor lacks proper HTML sanitization in rich text fields Create: 2026-04-11 19:15:13 +0000 UTC Push: 2026-04-11 19:15:15 +0000 UTC |

lukasz-rybak/CVE-2026-23499 CVE-2026-23499 - Saleor vulnerable to stored XSS via Unrestricted File Upload Create: 2026-04-11 19:15:07 +0000 UTC Push: 2026-04-11 19:15:09 +0000 UTC |

lukasz-rybak/CVE-2025-66204 CVE-2025-66204 - WBCE CMS allows brute-force protection bypass using X-Forwarded-For header Create: 2026-04-11 19:15:02 +0000 UTC Push: 2026-04-11 19:15:02 +0000 UTC |

lukasz-rybak/CVE-2025-67875 CVE-2025-67875 - ChurchCRM has stored XSS via Person Property Assignment Leading to Admin Session Hijacking Create: 2026-04-11 19:14:56 +0000 UTC Push: 2026-04-11 19:14:59 +0000 UTC |

lukasz-rybak/CVE-2025-67876 CVE-2025-67876 - ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking Create: 2026-04-11 19:14:50 +0000 UTC Push: 2026-04-11 19:14:53 +0000 UTC |

lukasz-rybak/CVE-2025-65094 CVE-2025-65094 - WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation (IDOR) Create: 2026-04-11 19:14:44 +0000 UTC Push: 2026-04-11 19:14:47 +0000 UTC |

lukasz-rybak/CVE-2026-23491 CVE-2026-23491 - InvoicePlane has Unauthenticated Path Traversal in Guest Controller Create: 2026-04-11 19:14:40 +0000 UTC Push: 2026-04-11 19:14:40 +0000 UTC |

lukasz-rybak/CVE-2026-21857 CVE-2026-21857 - Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read Create: 2026-04-11 19:14:34 +0000 UTC Push: 2026-04-11 19:14:37 +0000 UTC |

lukasz-rybak/CVE-2026-25514 CVE-2026-25514 - FacturaScripts has SQL Injection in Autocomplete Actions Create: 2026-04-11 19:14:29 +0000 UTC Push: 2026-04-11 19:14:31 +0000 UTC |

lukasz-rybak/CVE-2026-25513 CVE-2026-25513 - FacturaScripts has SQL Injection in API ORDER BY Clause Create: 2026-04-11 19:14:24 +0000 UTC Push: 2026-04-11 19:14:24 +0000 UTC |

lukasz-rybak/CVE-2026-24419 CVE-2026-24419 - OpenSTAManager has a SQL Injection in the Prima Nota module Create: 2026-04-11 19:14:18 +0000 UTC Push: 2026-04-11 19:14:21 +0000 UTC |

lukasz-rybak/CVE-2026-24418 CVE-2026-24418 - OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module Create: 2026-04-11 19:14:13 +0000 UTC Push: 2026-04-11 19:14:15 +0000 UTC |

lukasz-rybak/CVE-2026-24417 CVE-2026-24417 - OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service Create: 2026-04-11 19:14:07 +0000 UTC Push: 2026-04-11 19:14:10 +0000 UTC |