CVE-2026-42654 WordPress Wallet System for WooCommerce plugin <= 2.7.5 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...

CVE-2026-42654 WordPress Wallet System for WooCommerce plugin <= 2.7.5 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...

CVE-2026-42654

CVE-2026-42654 affects the WordPress Wallet System for WooCommerce plugin (versions up to 2.7.5). The vulnerability is an authentication bypass via an alternate path or channel that enables password recovery exploitation. This is described as a broken authentication vulnerability and specifically...

EUVD-2026-33947

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...

PT-2026-45780

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...

CVE-2026-39821 affecting package influxdb for versions less than 2.7.5-17

CVE-2026-39821 affecting package influxdb for versions less than 2.7.5-17. A patched version of the package is available...

CVE-2026-27136 affecting package influxdb for versions less than 2.7.5-17

CVE-2026-27136 affecting package influxdb for versions less than 2.7.5-17. A patched version of the package is available...

CVE-2026-25680 affecting package influxdb for versions less than 2.7.5-17

CVE-2026-25680 affecting package influxdb for versions less than 2.7.5-17. A patched version of the package is available...

CVE-2026-42506 affecting package influxdb for versions less than 2.7.5-17

CVE-2026-42506 affecting package influxdb for versions less than 2.7.5-17. A patched version of the package is available...

CVE-2026-25681 affecting package influxdb for versions less than 2.7.5-17

CVE-2026-25681 affecting package influxdb for versions less than 2.7.5-17. A patched version of the package is available...

Slackware Linux 15.0 / current expat Vulnerability (SSA:2026-132-01)

The version of expat installed on the remote host is prior to 2.7.5 / 2.8.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-132-01 advisory. New expat packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...

Unity Linux 20.1070e Security Update: expat (UTSA-2026-016799)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016799 advisory. libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. Tenable has extracted the...

JLSEC-2026-382

libexpat before 2.7.5 allows an infinite loop while parsing DTD content...

JLSEC-2026-381

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content...

WordPress Wallet System for WooCommerce plugin <= 2.7.5 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin Wallet System for WooCommerce versions = 2.7.5...

CVE-2026-39880

Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7.5, a glitch in the HWID device registration logic allows an authenticated user to bypass the configured limit for HWID devices and register more devices than expected, allowing them to resell...

CVE-2026-39880 Remnawave Backend has a race condition in HWID device limit allows bypassing max devices

Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7.5, a glitch in the HWID device registration logic allows an authenticated user to bypass the configured limit for HWID devices and register more devices than expected, allowing them to resell...

CVE-2026-39880 Remnawave Backend has a race condition in HWID device limit allows bypassing max devices

Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7.5, a glitch in the HWID device registration logic allows an authenticated user to bypass the configured limit for HWID devices and register more devices than expected, allowing them to resell...

PT-2026-31444

Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7.5, a glitch in the HWID device registration logic allows an authenticated user to bypass the configured limit for HWID devices and register more devices than expected, allowing them to resell...

OPENSUSE-SU-2026:10466-1 expat-2.7.5-1.1 on GA media

These are all security issues fixed in the expat-2.7.5-1.1 package on the GA media of openSUSE Tumbleweed...