CVE-2026-11360

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

EUVD-2026-37647

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

EUVD-2025-210253

Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...

EUVD-2026-37625

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

EUVD-2026-37624

Unauthenticated Cross Site Scripting XSS in WPFunnels Pro = 2.9.4 versions...

EUVD-2026-37603

Unauthenticated Cross Site Scripting XSS in collectchat = 2.4.9 versions...

EUVD-2026-37592

Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...

EUVD-2026-37653

Unauthenticated Local File Inclusion in Right Way = 4.0 versions...

CVE-2026-30803

RTI Connext Micro (Core Libraries) is affected by an Integer Underflow (wrap/wraparound) vulnerability that allows overread of buffers. Affected versions are Connext Micro 4.0.0 up to (but not including) 4.3.0. The issue is documented across CVE-2026-30803 entries in NVD and CVE records; no explo...

EUVD-2026-37767

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists...

Important: Red Hat Security Advisory: ruby:3.3 security update

An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2026-22283

Dell PowerFlex Manager, versions Version prior to 4.8, contains an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...

EUVD-2026-37726

Dell PowerFlex Manager, versions Version prior to 4.8, contains an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...

EUVD-2026-37713

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4...

CVE-2026-52696

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

CVE-2026-49071

Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...

CVE-2026-48869

Unauthenticated Cross Site Scripting XSS in Enfold = 7.1.4 versions...

CVE-2026-47277

Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...

CVE-2026-40754

Unauthenticated PHP Object Injection in Roisin = 1.4 versions...

CVE-2026-40723

Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...