CVE-2026-45436 WordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerability

Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...

CVE-2026-40726

CVE-2026-40726 affects the WordPress plugin User Registration Stripe (versions

CVE-2026-40726 WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration Stripe = 1.3.14 versions...

CVE-2026-40723

The advisory describes CVE-2026-40723 as a Broken Access Control issue in the WordPress Bricks Builder theme, affecting versions

CVE-2026-40723 WordPress Bricks Builder theme <= 2.1.4 - Broken Access Control vulnerability

Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...

CVE-2026-39595 WordPress W3 Total Cache plugin <= 2.9.1 - Broken Access Control vulnerability

Author Broken Access Control in W3 Total Cache = 2.9.1 versions...

CVE-2026-24611

CVE-2026-24611 affects WordPress MetForm Pro plugin (versions

CVE-2026-24611 WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in MetForm Pro = 3.9.1 versions...

CVE-2026-24610

CVE-2026-24610: A Broken Access Control vulnerability in WordPress MetForm Pro plugin (versions ≤ 3.9.1) potentially allows a subscriber to access restricted functionality. Public technical details are limited in the provided documents; PatchStack lists the issue, but no remediation version is st...

CVE-2026-24610 WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in MetForm Pro = 3.9.1 versions...

CVE-2026-24575

CVE-2026-24575 affects WordPress WishList Member X plugin

CVE-2026-24575 WordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in WishList Member X = 3.29.0 versions...

CVE-2026-22343

CVE-2026-22343 describes an which affects the WordPress Dating Theme (DA10) up to version 11.2.0, with an Unauthenticated Broken Access Control vulnerability. The connected records confirm an unauthenticated path to perform actions that should require authorization, indicating potential impact on...

CVE-2026-22343 WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WordPress Dating Theme = 11.2.0 versions...

kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...

kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()

A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...

kernel: netfilter: xt_tcpmss: check remaining length before reading optlen

A flaw was found in the Linux kernel, specifically within the netfilter: xttcpmss module. A remote attacker could exploit this vulnerability by sending a specially crafted TCP packet. The TCP option parser does not properly validate the remaining option length, which results in an out-of-bounds...

Vulnerabilities in Oracle VM VirtualBox

Oracle has identified several vulnerabilities in Oracle VM VirtualBox version 7.2.8. These vulnerabilities are located in various components of Oracle VM VirtualBox 7.2.8, including the Shared Folders and the VMSVGA device. An attacker with low to high privileges and access to the underlying...

Vulnerabilities are managed in Oracle Enterprise Manager

Oracle has identified several vulnerabilities in Oracle Enterprise Manager versions 13.5 and 24.1. The vulnerabilities in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allow an attacker with low or no privileges, and access via HTTP or HTTPS, to gain complete control over the...

CVE-2026-40722

CVE-2026-40722 : Missing Authorization vulnerability in Yoast SEO Premium for WordPress (plugin