CVE-2026-9509 Uncaught exception vulnerability in Suprema's BioStar

An unhandled exception in Suprema BioStar 2 Server, versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service DoS by sending HTTP POST requests to the ‘/api/migration’ endpoint. This request triggers a failure that halts critical processes,...

PT-2026-43648

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalV...

PT-2026-34094

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.0 through 8.0.45 MySQL Server versions 8.4.0 through 8.4.8 MySQL Server versions 9.0.0 through 9.6.0 Description An issue exists in the Group Replication Plugin of MySQL Server. A low-privileged attacker with network...

CVE-2025-60233

Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2...

CVE-2025-53222

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.3...

CVE-2026-27406

Insertion of Sensitive Information Into Sent Data vulnerability in Joe Dolson My Tickets my-tickets allows Retrieve Embedded Sensitive Data.This issue affects My Tickets: from n/a through = 2.1.0...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to improper name handling in Werkzeug [ CVE-2025-66221]

Summary IBM Watson Speech Services Cartridge is vulnerable to improper name handling in Werkzeug, caused by a reading issue with Werkzeug's safejoin function that allows path segments with special device names to hang indefinately CVE-2025-66221. Werkzeug is used in our service runtimes. This...

CVE-2025-67975

Missing Authorization vulnerability in aDirectory aDirectory adirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects aDirectory: from n/a through = 3.0.3...

CVE-2026-25036

Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through = 4.2.25...

CVE-2025-31413

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...

CVE-2025-66139

Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through = 1.0.9...

CVE-2026-24535

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...

PT-2026-3983

Name of the Vulnerable Software and Affected Versions Jthemes xSmart versions through 1.2.9.4 Description An incorrect privilege assignment exists in Jthemes xSmart, potentially allowing privilege escalation. Recommendations Update Jthemes xSmart to a version later than 1.2.9.4...

CVE-2025-69273 Spectrum broken authentication

Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier...

CVE-2025-59003

Insertion of Sensitive Information Into Sent Data vulnerability in inkthemescom ColorWay colorway allows Retrieve Embedded Sensitive Data.This issue affects ColorWay: from n/a through = 4.2.3...

EUVD-2025-205999

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11...

EUVD-2025-203616

Cross-Site Request Forgery CSRF vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Cross Site Request Forgery.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through = 1.25...

PT-2025-51462

Name of the Vulnerable Software and Affected Versions Meks Meks Quick Plugin Disabler versions through 1.0 Description The Meks Quick Plugin Disabler software contains a Cross-Site Request Forgery issue. An attacker could potentially perform actions on behalf of an authenticated user without thei...

CVE-2025-61815 InDesign Desktop | Use After Free (CWE-416)

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...