ROOT-OS-UBUNTU-2404-CVE-2025-21820 CVE-2025-21820 in rootio-linux - Patched by Root

Root has patched CVE-2025-21820 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

EUVD-2026-40107

Unauthenticated Cross Site Scripting XSS in Jobify = 4.3.2 versions...

WordPress Simple User Avatar plugin <= 4.9 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Simple User Avatar versions = 4.9...

ROOT-OS-UBUNTU-2404-CVE-2025-68188 CVE-2025-68188 in rootio-linux - Patched by Root

Root has patched CVE-2025-68188 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

CVE-2026-13331 Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2026-57667

Sales Representative SQL Injection in Groundhogg = 4.5 versions...

CVE-2026-56055

Subscriber PHP Object Injection in RealHomes = 4.5.3 versions...

CVE-2026-57667 WordPress Groundhogg plugin <= 4.5 - SQL Injection vulnerability

Sales Representative SQL Injection in Groundhogg = 4.5 versions...

EUVD-2026-39671

Sales Representative SQL Injection in Groundhogg = 4.5 versions...

CVE-2026-57658 WordPress TemplateSpare plugin <= 4.2.0 - Arbitrary File Upload vulnerability

Administrator Arbitrary File Upload in TemplateSpare = 4.2.0 versions...

CVE-2026-57658

CVE-2026-57658 concerns the WordPress TemplateSpare plugin, specifically versions

EUVD-2026-39744

Administrator SQL Injection in WP All Import = 4.0.1 versions...

EUVD-2026-39729

Subscriber Sensitive Data Exposure in GetGenie = 4.4.2 versions...

EUVD-2026-39710

Subscriber PHP Object Injection in RealHomes = 4.5.3 versions...

EUVD-2026-39682

Unauthenticated Broken Access Control in Newsletters = 4.13 versions...

CVE-2026-54840 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Newsletters = 4.13 versions...

CVE-2025-68063 WordPress Splash - Sport Club WordPress theme for Basketball, Football, Hockey theme <= 4.4.3 - Local File Inclusion vulnerability

Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey = 4.4.3 versions...

WordPress Groundhogg plugin <= 4.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Baikuya in WordPress Plugin Groundhogg versions = 4.5...

EUVD-2026-39615

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2026-54917

CVE-2026-54917 affects SeaweedFS prior to 4.30. The S3 gateway and Iceberg REST catalog gateway construct routers with mux.NewRouter().SkipClean(true); when path cleaning is disabled, a .. segment in URLs can survive routing (example: GET /bucket-A/../evil-bucket/key) and be parsed as a valid buc...