WordPress AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin 3.4.9-3.4.9 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by daroo in WordPress Plugin AI Engine versions 3.4.9-3.4.9...

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

ALSA-2026:18030 Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

PT-2026-41778

Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

CVE-2026-8740

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

EUVD-2026-30689

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

CVE-2026-8740

CVE-2026-8740 affects Sanluan PublicCMS 5.202506.d; the issue lies in TemplateResultDirective.java (TemplateResult API), where manipulating the templateContent argument during execution leads to improper neutralization of special template engine elements. This enables a remote attack, and exploit...

CVE-2026-8740 Sanluan PublicCMS templateResult API TemplateResultDirective.java execute special elements used in a template engine

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

CVE-2026-8740 Sanluan PublicCMS templateResult API TemplateResultDirective.java execute special elements used in a template engine

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

EUVD-2026-30678

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be...

WordPress plugin AI Engine 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-41513

Name of the Vulnerable Software and Affected Versions The AI Engine – The Chatbot, AI Framework & MCP for WordPress version 3.4.9 Description Missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path allows authenticated users with Subscriber privileges or higher t...

Chromium: CVE-2026-8540 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Exploit for CVE-2025-9074

🐚 docker-shell A lightweight, dependency-free bash script tha...

CVE-2025-14972 Insufficient DPA countermeasure reseeding

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

EUVD-2025-209883

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

CVE-2025-14972 Insufficient DPA countermeasure reseeding

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

CVE-2025-14972

CVE-2025-14972 affects the SYMCRYPTO engine on SixG301xxx devices, where DPA countermeasures are not sufficiently random, leading to eventual repetition. The vulnerability could impact KSU keys using SYMCRYPTO. The CVSS in the provided data indicates physical attack vector with high complexity an...

CVE-2026-8570

A type confusion flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=490353576...