Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in minimatch (CVE-2026-26996)

Summary A Regular Expression Denial of Service ReDoS vulnerability in the minimatch pattern matching library CVE-2026-26996 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 5.1.8. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch i...

CVE-2026-39486

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through = 5.1.8...

EUVD-2026-20154

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through = 5.1.8...

CVE-2026-39486

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through = 5.1.8...

CVE-2026-39486

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through = 5.1.8...

PT-2026-28427

Name of the Vulnerable Software and Affected Versions Download Monitor plugin for WordPress versions prior to 5.1.8 Description The software contains an Insecure Direct Object Reference issue in the executePayment function. Missing validation on a user-controlled key allows unauthenticated...

CVE-2026-25456 WordPress Automated FedEx live/manual rates with shipping labels plugin <= 5.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through = 5.1....

WordPress Download Monitor plugin <= 5.1.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Download Monitor versions = 5.1.8...

Inefficient Algorithmic Complexity

Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the matchOne function. An attacker can cause significant delays in processing and stall the event loop by supplying specially crafted glob patterns containi...

EUVD-2025-3890

Malicious code in bioql PyPI...

CVE-2025-24698 WordPress Essential Real Estate plugin <= 5.1.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in g5theme Essential Real Estate essential-real-estate allows Cross Site Request Forgery.This issue affects Essential Real Estate: from n/a through = 5.1.8...

WordPress plugin Essential Real Estate 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

CVE-2024-12857

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as an...

WordPress UserPro plugin <= 5.1.8 - Unauthenticated Account Takeover vulnerability

Unauthenticated Account Takeover vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Userpro versions = 5.1.8...

WordPress Userpro Plugin <= 5.1.8 is vulnerable to Privilege Escalation

Software Userpro Type Plugin Vulnerable versions = 5.1.8 Fixed in 5.1.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-35700 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fbe11c6e1e92 Credits Rafie Muhammad...

CVE-2024-3601

The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayspollcreateauthor function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to extract email...

PT-2024-26846 · WordPress · The Poll Maker – Best Wordpress Poll Plugin

Name of the Vulnerable Software and Affected Versions: The Poll Maker – Best WordPress Poll Plugin versions up to, and including, 5.1.8 Description: The issue is related to unauthorized access of data due to a missing capability check on the ays poll create author function. This allows...

WordPress Poll Maker plugin <= 5.1.8 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting vulnerability

Missing Authorization to Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Krzysztof Zając in WordPress Plugin Poll Maker versions = 5.1.8...

CentOS 9 : bash-5.1.8-6.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the bash-5.1.8-6.el9 build changelog. - A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parametertransform. This issue may lead to memory problems...

WordPress plugin Responsive Pricing Table Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...