While the best iPad deals usually land during major sale events like Black Friday, many great iPad deals are available outside
Vulnerabilities
CVE-2019-25398 | IPFire up to 2.21 VPN Configuration ovpnmain.cgi cross site scripting (Exploit 46344 / EDB-46344)
A vulnerability, which was classified as problematic, was found in IPFire up to 2.21. This vulnerability affects unknown code of
CVE-2019-25399 | IPFire up to 2.21 extrahd.cgi FS/PATH/UUID cross site scripting (Exploit 46344 / EDB-46344)
A vulnerability has been found in IPFire up to 2.21 and classified as problematic. This issue affects some unknown processing
CVE-2019-25400 | IPFire up to 2.21 POST Request fwhosts.cgi cross site scripting (Exploit 46344 / EDB-46344)
A vulnerability was found in IPFire up to 2.21 and classified as problematic. Impacted is an unknown function of the
CVE-2026-24126 | weblate up to 5.15.x SSH Management Console argument injection (GHSA-33fm-6gp7-4p47)
A vulnerability was found in weblate up to 5.15.x. It has been classified as critical. The affected element is an
CVE-2019-25326 | Northwest Performance ipPulse 1.92 Enter Key buffer overflow (Exploit 47674 / EDB-47674)
A vulnerability was found in Northwest Performance ipPulse 1.92. It has been declared as critical. The impacted element is an
CVE-2019-25349 | scadaApp 1.1.4.0 on iOS Servername buffer overflow (Exploit 47678 / EDB-47678)
A vulnerability was found in scadaApp 1.1.4.0 on iOS. It has been rated as critical. This affects an unknown function.
CVE-2019-25356 | Bematech MP-4200 POST Researcher cross site scripting (Exploit 47648 / EDB-47648)
A vulnerability categorized as problematic has been discovered in Bematech MP-4200. This impacts an unknown function of the component POST
CVE-2026-24746 | InvoicePlane 1.7.0 quote_number cross site scripting (GHSA-73×8-gr6v-vjvj)
A vulnerability identified as problematic has been detected in InvoicePlane 1.7.0. Affected is an unknown function. Performing a manipulation of
CVE-2026-24743 | InvoicePlane 1.7.0 cross site scripting (GHSA-485m-4725-2428)
A vulnerability labeled as problematic has been found in InvoicePlane 1.7.0. Affected by this vulnerability is an unknown functionality. Executing
CVE-2026-24744 | InvoicePlane 1.7.0 invoice_number cross site scripting (GHSA-5mxx-553h-m62w)
A vulnerability marked as problematic has been reported in InvoicePlane 1.7.0. Affected by this issue is some unknown functionality. The
CVE-2026-24745 | InvoicePlane 1.7.0 Logo cross site scripting (GHSA-r9rq-f946-6×54)
A vulnerability described as problematic has been identified in InvoicePlane 1.7.0. This affects the function Logo. The manipulation results in
CVE-2026-2731 | 9DynamicWeb JobRunnerBackground.aspx path traversal
A vulnerability classified as critical has been found in 9DynamicWeb. This vulnerability affects unknown code of the file JobRunnerBackground.aspx. This
CVE-2026-25594 | InvoicePlane up to 1.7.0 Family Name Field family_name cross site scripting (GHSA-wrr7-2f27-8h94)
A vulnerability classified as problematic was found in InvoicePlane up to 1.7.0. This issue affects some unknown processing of the
CVE-2026-2681 | blst up to 0.3.16 blst_keygen_v5 salt out-of-bounds write
A vulnerability, which was classified as critical, has been found in blst up to 0.3.16. Impacted is the function blst_keygen_v5.
CVE-2026-25595 | InvoicePlane up to 1.7.0 Invoice Number cross site scripting (GHSA-xxvr-2564-6jg6)
A vulnerability, which was classified as problematic, was found in InvoicePlane up to 1.7.0. The affected element is an unknown
CVE-2026-25596 | InvoicePlane up to 1.7.0 Product Unit Name cross site scripting (GHSA-3wjq-822q-98f4)
A vulnerability has been found in InvoicePlane up to 1.7.0 and classified as problematic. The impacted element is an unknown
CVE-2026-26270 | InvoicePlane 1.7.0 Identifier Format cross site scripting (GHSA-432m-jv69-qp5j)
A vulnerability was found in InvoicePlane 1.7.0 and classified as problematic. This affects an unknown function. The manipulation of the
CVE-2026-26281 | InvoicePlane 1.7.0 cross site scripting (GHSA-ccpx-2v5c-cc24)
A vulnerability was found in InvoicePlane 1.7.0. It has been classified as problematic. This impacts an unknown function. This manipulation
CVE-2026-2232 | Product Table and List Builder for WooCommerce Lite Plugin sql injection
A vulnerability was found in Product Table and List Builder for WooCommerce Lite Plugin up to 4.6.2 on WordPress. It
CVE-2026-1461 | Simple Membership Plugin up to 4.7.0 on WordPress Remote Code Execution
A vulnerability was found in Simple Membership Plugin up to 4.7.0 on WordPress. It has been rated as critical. Affected
CVE-2026-1219 | MP3 Audio Player Plugin up to 4.0/5.10 on WordPress load_track_note_ajax resource injection
A vulnerability categorized as problematic has been discovered in MP3 Audio Player Plugin up to 4.0/5.10 on WordPress. Affected by
CVE-2026-1581 | wpForo Forum Plugin up to 2.4.14 on WordPress wpfob sql injection
A vulnerability identified as critical has been detected in wpForo Forum Plugin up to 2.4.14 on WordPress. This affects an
CVE-2026-2716 | Client Testimonial Slider Plugin up to 2.0 on WordPress Setting cross site scripting
A vulnerability labeled as problematic has been found in Client Testimonial Slider Plugin up to 2.0 on WordPress. This vulnerability
CVE-2026-2718 | Dealia Plugin up to 1.0.6 on WordPress Gutenberg Block wp_kses cross site scripting
A vulnerability marked as problematic has been reported in Dealia Plugin up to 1.0.6 on WordPress. This issue affects the
Debian 11 GIMP Significant Denial Of Service Vulnerability 2025-15059
Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially
openSUSE Avahi Moderate Denial of Service Vulnerability CVE-2025-68276
An update that solves three vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE Avahi Moderate Update 2026-0577-1 Addressing CVE-2025-68276
An update that solves three vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 20.04 LTS Inetutils Important Access Issue CVE-2026-24061
Inetutils could allow unintended access to network services.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 26 Alpha Essential python-github-anotherpackage Upgrade 2025-78901-9
An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-70063 | PHPGurukul Hospital Management System 4.0 viewid resource injection
A vulnerability classified as problematic has been found in PHPGurukul Hospital Management System 4.0. Affected is an unknown function. Performing
CVE-2025-69287 | bsv-blockchain ts-sdk 1.x improper following of specification by caller (GHSA-vjpq-xx5g-qvmm)
A vulnerability classified as problematic was found in bsv-blockchain ts-sdk 1.x. Affected by this vulnerability is an unknown functionality. Executing
CVE-2025-70064 | PHPGurukul Hospital Management System 4.0 Administrator Dashboard /admin/ improper authentication
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue
CVE-2026-22860 | Rack up to 2.2.21/3.1.19/3.2.4 Rack::Directory path traversal (GHSA-mxw3-3hh2-x2mh)
A vulnerability, which was classified as critical, was found in Rack up to 2.2.21/3.1.19/3.2.4. This affects the function Rack::Directory. The
CVE-2026-25500 | Rack up to 2.2.21/3.1.19/3.2.4 Rack::Directory cross site scripting
A vulnerability has been found in Rack up to 2.2.21/3.1.19/3.2.4 and classified as problematic. This vulnerability affects the function Rack::Directory.
CVE-2025-70062 | PHPGurukul Hospital Management System 4.0 Add Doctor add-doctor.php cross-site request forgery
A vulnerability was found in PHPGurukul Hospital Management System 4.0 and classified as problematic. This issue affects some unknown processing
CVE-2026-1994 | s2Member Plugin on WordPress Remote Code Execution
A vulnerability was found in s2Member Plugin on WordPress. It has been classified as critical. Impacted is an unknown function.
CVE-2026-2709 | busy up to 2.5.5 Callback app.js state redirect (Issue 2287)
A vulnerability was found in busy up to 2.5.5. It has been declared as problematic. The affected element is an
CVE-2026-2711 | zhutoutoutousan worldquant-miner up to 1.0.9 URL ssrf_proxy.py make_request server-side request forgery (Issue 100)
A vulnerability was found in zhutoutoutousan worldquant-miner up to 1.0.9. It has been rated as critical. The impacted element is
CVE-2025-15041 | BackWPup Plugin up to 5.6.2 on WordPress save_site_option privilege escalation
A vulnerability was found in BackWPup Plugin up to 5.6.2 on WordPress. It has been classified as critical. This issue
CVE-2026-0912 | Toret Manager Plugin up to 1.2.7 on WordPress trman_save_option privilege escalation
A vulnerability was found in Toret Manager Plugin up to 1.2.7 on WordPress. It has been declared as critical. Impacted
CVE-2025-13864 | Breeze Plugin up to 2.2.21 on WordPress REST API Endpoint permission_callback authorization
A vulnerability was found in Breeze Plugin up to 2.2.21 on WordPress. It has been rated as critical. The affected
CVE-2025-14427 | Shield Security Plugin up to 21.0.9 on WordPress Setting authorization
A vulnerability categorized as problematic has been discovered in Shield Security Plugin up to 21.0.9 on WordPress. The impacted element
CVE-2025-14427 | Shield Security Plugin up to 21.0.9 on WordPress setting authorization
A vulnerability identified as problematic has been detected in Shield Security Plugin up to 21.0.9 on WordPress. This affects an
CVE-2025-13563 | Lizza LMS Pro Plugin up to 1.0.3 on WordPress lizza_lms_pro_register_user_front_end Remote Code Execution
A vulnerability labeled as critical has been found in Lizza LMS Pro Plugin up to 1.0.3 on WordPress. This impacts
CVE-2025-13563 | Lizza LMS Pro Plugin up to 1.0.3 on WordPress lizza_lms_pro_register_user_front_end Remote Code Execution
A vulnerability marked as critical has been reported in Lizza LMS Pro Plugin up to 1.0.3 on WordPress. Affected is
CVE-2025-14270 | OneClick Chat to Order Plugin up to 1.0.9 on WordPress wa_order_number_save_number_field authorization
A vulnerability described as problematic has been identified in OneClick Chat to Order Plugin up to 1.0.9 on WordPress. Affected
CVE-2026-2284 | Webangon News Element Elementor Blog Magazine Plugin up to 1.0.8 on WordPress ne_clean_data authorization
A vulnerability classified as problematic has been found in Webangon News Element Elementor Blog Magazine Plugin up to 1.0.8 on
CVE-2026-2284 | Webangon News Element Elementor Blog Magazine Plugin up to 1.0.8 on WordPress ne_clean_data authorization
A vulnerability classified as problematic was found in Webangon News Element Elementor Blog Magazine Plugin up to 1.0.8 on WordPress.
CVE-2025-13851 | Buyent Classified Plugin up to 1.0.7 on WordPress REST API Endpoint _buyent_classified_user_type Remote Code Execution
A vulnerability, which was classified as critical, has been found in Buyent Classified Plugin up to 1.0.7 on WordPress. This
CVE-2025-4521 | IDonate Plugin up to 2.1.5/2.1.9 on WordPress Password Reset idonate_donor_profile authorization
A vulnerability, which was classified as critical, was found in IDonate Plugin up to 2.1.5/2.1.9 on WordPress. This issue affects
CVE-2025-14076 | Google XML sitemap generator Plugin up to 0.6 on WordPress iXML_email cross site scripting
A vulnerability has been found in Google XML sitemap generator Plugin up to 0.6 on WordPress and classified as problematic.
CVE-2026-1455 | Whatsiplus Scheduled Notification for Woocommerce Plugin Setting wsnfw_save_users_settings cross-site request forgery
A vulnerability was found in Whatsiplus Scheduled Notification for Woocommerce Plugin up to 1.0.1 on WordPress and classified as problematic.
CVE-2026-1455 | Whatsiplus Scheduled Notification for Woocommerce Plugin Setting wsnfw_save_users_settings cross-site request forgery
A vulnerability was found in Whatsiplus Scheduled Notification for Woocommerce Plugin up to 1.0.1 on WordPress. It has been classified
CVE-2026-2502 | xmlrpc Attacks Blocker Plugin up to 1.0 on WordPress Header X-Forwarded-For cross site scripting
A vulnerability was found in xmlrpc Attacks Blocker Plugin up to 1.0 on WordPress. It has been declared as problematic.
CVE-2025-13413 | Country Blocker for AdSense Plugin up to 1.0 on WordPress Setting CBFA_guardar_cbfa cross-site request forgery
A vulnerability was found in Country Blocker for AdSense Plugin up to 1.0 on WordPress. It has been rated as
CVE-2025-13732 | s2Member Plugin on WordPress Shortcode cross site scripting
A vulnerability categorized as problematic has been discovered in s2Member Plugin on WordPress. Affected is an unknown function of the
CVE-2026-1646 | Advance Block Extend Plugin up to 1.0.4 on WordPress Block Attribute TitleColor cross site scripting
A vulnerability identified as problematic has been detected in Advance Block Extend Plugin up to 1.0.4 on WordPress. Affected by
CVE-2025-13617 | Apollo13Themes Apollo13 Framework Extensions Plugin up to 1.9.8 on WordPress a13_alt_link cross site scripting
A vulnerability labeled as problematic has been found in Apollo13Themes Apollo13 Framework Extensions Plugin up to 1.9.8 on WordPress. Affected
CVE-2026-1047 | salavat Counter Plugin up to 0.9.5 on WordPress image_url cross site scripting
A vulnerability marked as problematic has been reported in salavat Counter Plugin up to 0.9.5 on WordPress. This affects an
CVE-2025-13612 | Album and Image Gallery Plus Lightbox Plugin up to 2.1.7 on WordPress Shortcode aigpl-gallery-album cross site scripting
A vulnerability described as problematic has been identified in Album and Image Gallery Plus Lightbox Plugin up to 2.1.7 on
CVE-2026-2282 | Slidorion Plugin up to 1.0.2 on WordPress Setting cross site scripting
A vulnerability classified as problematic has been found in Slidorion Plugin up to 1.0.2 on WordPress. This issue affects some
CVE-2025-13438 | Page Title, Description & Open Graph Updater Plugin dieno_update_page_title cross-site request forgery
A vulnerability classified as problematic was found in Page Title, Description & Open Graph Updater Plugin up to 1.02 on
CVE-2025-13738 | Easy Table of Contents Plugin up to 2.0.78 on WordPress Shortcode ez-toc cross site scripting
A vulnerability, which was classified as problematic, has been found in Easy Table of Contents Plugin up to 2.0.78 on
CVE-2025-13738 | Easy Table of Contents Plugin up to 2.0.78 on WordPress Shortcode ez-toc cross site scripting
A vulnerability, which was classified as problematic, was found in Easy Table of Contents Plugin up to 2.0.78 on WordPress.
CVE-2026-1043 | PostmarkApp Email Integrator Plugin up to 2.4 on WordPress Setting pma_api_key/pma_sender_address cross site scripting
A vulnerability has been found in PostmarkApp Email Integrator Plugin up to 2.4 on WordPress and classified as problematic. This
CVE-2026-1044 | Tennis Court Bookings Plugin up to 1.2.7 on WordPress Setting cross site scripting
A vulnerability was found in Tennis Court Bookings Plugin up to 1.2.7 on WordPress and classified as problematic. This impacts
CVE-2025-14851 | YaMaps Plugin up to 0.6.40 on WordPress Shortcode yamap cross site scripting
A vulnerability was found in YaMaps Plugin up to 0.6.40 on WordPress. It has been classified as problematic. Affected is
CVE-2025-14851 | YaMaps Plugin up to 0.6.40 on WordPress Shortcode yamap cross site scripting
A vulnerability was found in YaMaps Plugin up to 0.6.40 on WordPress. It has been declared as problematic. Affected by
CVE-2025-14167 | Remove Post Type Slug Plugin up to 1.0.2 on WordPress Setting cross-site request forgery
A vulnerability was found in Remove Post Type Slug Plugin up to 1.0.2 on WordPress. It has been rated as
CVE-2025-14983 | Advanced Custom Fields Plugin up to 5.0.1 on WordPress cross site scripting
A vulnerability categorized as problematic has been discovered in Advanced Custom Fields Plugin up to 5.0.1 on WordPress. This affects
CVE-2025-14452 | WP Customer Reviews Plugin up to 3.7.5 on WordPress wpcr3_fname cross site scripting
A vulnerability identified as problematic has been detected in WP Customer Reviews Plugin up to 3.7.5 on WordPress. This vulnerability
CVE-2026-0561 | Shield Security Plugin up to 21.0.8 on WordPress Message cross site scripting
A vulnerability labeled as problematic has been found in Shield Security Plugin up to 21.0.8 on WordPress. This issue affects
CVE-2025-14445 | DevVN Image Hotspot Plugin up to 1.2.9 on WordPress Custom Fields hotspot_content cross site scripting
A vulnerability marked as problematic has been reported in DevVN Image Hotspot Plugin up to 1.2.9 on WordPress. Impacted is
CVE-2025-14445 | DevVN Image Hotspot Plugin up to 1.2.9 on WordPress hotspot_content cross site scripting
A vulnerability described as problematic has been identified in DevVN Image Hotspot Plugin up to 1.2.9 on WordPress. The affected
CVE-2026-1055 | TalkJS Plugin up to 0.1.15 on WordPress Setting welcomeMessage cross site scripting
A vulnerability classified as problematic has been found in TalkJS Plugin up to 0.1.15 on WordPress. The impacted element is
CVE-2026-0722 | Shield Security Plugin up to 21.0.8 on WordPress isNonceVerifyRequired cross-site request forgery
A vulnerability classified as problematic was found in Shield Security Plugin up to 21.0.8 on WordPress. This affects the function
CVE-2026-1373 | Easy Author Image Plugin up to 1.7 on WordPress Profile Picture author_profile_picture_url cross site scripting
A vulnerability, which was classified as problematic, has been found in Easy Author Image Plugin up to 1.7 on WordPress.
CVE-2026-1055 | TalkJS Plugin up to 0.1.15 on WordPress Setting welcomeMessage cross site scripting
A vulnerability, which was classified as problematic, was found in TalkJS Plugin up to 0.1.15 on WordPress. Affected is an
CVE-2026-0549 | Groups Plugin up to 3.10.0 on WordPress Shortcode groups_group_info cross site scripting
A vulnerability has been found in Groups Plugin up to 3.10.0 on WordPress and classified as problematic. Affected by this
CVE-2026-0556 | XO Event Calendar Plugin up to 3.2.10 on WordPress Shortcode xo_event_field cross site scripting
A vulnerability was found in XO Event Calendar Plugin up to 3.2.10 on WordPress and classified as problematic. Affected by
CVE-2025-70151 | code-projects Scholars Tracking System 1.0 Endpoint update_profile_picture.php unrestricted upload
A vulnerability was found in code-projects Scholars Tracking System 1.0. It has been classified as critical. This affects an unknown
CVE-2025-70152 | code-projects Project Scholars Tracking System 1.0 Endpoint /admin/save_user.php firstname/lastname/username/password/user_id sql injection
A vulnerability was found in code-projects Project Scholars Tracking System 1.0. It has been declared as critical. This vulnerability affects
CVE-2026-2702 | Beetel 777VR1 up to 01.00.09 WPA2 PSK hard-coded credentials
A vulnerability was found in Beetel 777VR1 up to 01.00.09. It has been rated as critical. This issue affects some
CVE-2026-2703 | xlnt-community xlnt up to 1.6.1 Encrypted XLSX File Parser base64.cpp decode_base64 off-by-one (Issue 137)
A vulnerability categorized as problematic has been discovered in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of
CVE-2026-2704 | Open Babel up to 3.1.1 CIF File src/math/transform3d.cpp DescribeAsString out-of-bounds (Issue 2848)
A vulnerability identified as critical has been detected in Open Babel up to 3.1.1. The affected element is the function
CVE-2026-2705 | Open Babel up to 3.1.1 MOL2 File include/openbabel/atom.h OBAtom::SetFormalCharge out-of-bounds (Issue 2848)
A vulnerability labeled as critical has been found in Open Babel up to 3.1.1. The impacted element is the function
CVE-2026-2706 | code-projects Patient Record Management System 1.0 /fecalysis_not.php comp_id sql injection
A vulnerability marked as critical has been reported in code-projects Patient Record Management System 1.0. This affects an unknown function
CVE-2025-14009 | nltk nltk/downloader.py _unzip_iter code injection
A vulnerability described as critical has been identified in nltk. This impacts the function _unzip_iter of the file nltk/downloader.py. Such
CVE-2026-23221 | Linux Kernel up to 6.18.10/6.19.0 bus driver_override_show use after free
A vulnerability identified as critical has been detected in Linux Kernel up to 6.18.10/6.19.0. Affected by this issue is the
CVE-2026-23222 | Linux Kernel up to 6.6.124/6.12.71/6.18.10/6.19.0 crypto omap_crypto_copy_sg_lists allocation of resources
A vulnerability labeled as critical has been found in Linux Kernel up to 6.6.124/6.12.71/6.18.10/6.19.0. This affects the function omap_crypto_copy_sg_lists of
CVE-2026-23230 | Linux Kernel up to 6.6.124/6.12.71/6.18.10/6.19.0 smb race condition
A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.124/6.12.71/6.18.10/6.19.0. This vulnerability affects unknown code of
CVE-2026-23213 | Linux Kernel up to 6.12.69/6.18.9 smp_mb state issue
A vulnerability described as critical has been identified in Linux Kernel up to 6.12.69/6.18.9. This issue affects the function smp_mb.
CVE-2026-23214 | Linux Kernel up to 6.12.69/6.18.9 btrfs find_free_extent_update_loop privilege escalation
A vulnerability classified as critical has been found in Linux Kernel up to 6.12.69/6.18.9. Impacted is the function find_free_extent_update_loop of
CVE-2025-71227 | Linux Kernel up to 6.18.9 cfg80211_get_ies_channel_number privilege escalation
A vulnerability classified as critical was found in Linux Kernel up to 6.18.9. The affected element is the function cfg80211_get_ies_channel_number.
CVE-2025-71225 | Linux Kernel up to 6.12.69/6.18.9 raid1_reshape raid_disks out-of-bounds
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.69/6.18.9. The impacted element is
CVE-2025-71228 | Linux Kernel up to 6.1.162/6.6.123/6.12.69/6.18.9 LoongArch protection_map[] privilege escalation
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.162/6.6.123/6.12.69/6.18.9. This affects an unknown function
CVE-2026-23212 | Linux Kernel up to 6.1.161/6.6.122/6.12.68/6.18.8 bonding privilege escalation
A vulnerability has been found in Linux Kernel up to 6.1.161/6.6.122/6.12.68/6.18.8 and classified as critical. This impacts an unknown function
CVE-2025-71229 | Linux Kernel up to 6.6.124/6.12.71/6.18.10/6.19.0 rtw88 rtw_core_enable_beacon state issue
A vulnerability was found in Linux Kernel up to 6.6.124/6.12.71/6.18.10/6.19.0 and classified as critical. Affected is the function rtw_core_enable_beacon of
CVE-2026-23216 | Linux Kernel up to 6.18.9 iscsit_dec_conn_usage_count use after free
A vulnerability was found in Linux Kernel up to 6.18.9. It has been classified as critical. Affected by this vulnerability
CVE-2025-71230 | Linux Kernel up to 6.18.10/6.19.0 hfs setup_bdev_super allocation of resources
A vulnerability was found in Linux Kernel up to 6.18.10/6.19.0. It has been declared as critical. Affected by this issue