Jeg Elementor Kit < 2.5.7 - Unauthenticated Settings Update

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

WP Directory Kit <= 1.4.4 - Authentication Bypass

The WP Directory Kit plugin for WordPress version 1.4.4 and below contains an authentication bypass vulnerability in its auto-login functionality. The vulnerability allows unauthenticated attackers to gain administrative access by exploiting a cryptographically weak token generation mechanism tha...

WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure

WP Directory Kit plugin for WordPress = 1.4.9 contains a sensitive information exposure caused by improper access control in wdkpublicaction AJAX handler, letting unauthenticated attackers extract email addresses of users with Directory Kit-specific roles. id: CVE-2025-13920 info: name: WP...

CVE-2026-57651

Contributor Cross Site Scripting XSS in Ghost Kit = 3.6.0 versions...

CVE-2026-57651

The CVE-2026-57651 entry documents a Cross Site Scripting (XSS) vulnerability in the WordPress Ghost Kit plugin versions ≤ 3.6.0. The issue is described consistently across sources as Ghost Kit XSS, with a CVSS v3.1 base score of 6.5 (Medium) and an attack vector of Network, user interaction requ...

CVE-2026-57651 WordPress Ghost Kit plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Ghost Kit = 3.6.0 versions...

EUVD-2026-39766

Contributor Cross Site Scripting XSS in Ghost Kit = 3.6.0 versions...

WordPress Ghost Kit plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Ghost Kit versions = 3.6.0...

CVE-2026-6432

Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage...

MAL-2026-6459 Malicious code in easy-string-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb77d96cfd133340395df1765df2426f8414d80158e62ee5832ab6d4a18e803 package.json declares a postinstall lifecycle script that automatically runs on npm install and executes roughly 25 curl POST requests harvesting...

Malicious code in easy-string-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb77d96cfd133340395df1765df2426f8414d80158e62ee5832ab6d4a18e803 package.json declares a postinstall lifecycle script that automatically runs on npm install and executes roughly 25 curl POST requests harvesting...

CVE-2026-10753

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access such as Editors to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0...

CVE-2026-10753 Site Kit by Google < 1.176.0 - Editor+ Email Reporting Settings Update

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access such as Editors to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0...

EUVD-2026-38695

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access such as Editors to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0...

CVE-2026-10753

CVE-2026-10753 concerns Site Kit by Google for WordPress prior to 1.176.0. A REST API write endpoint is not properly restricted to administrators, allowing lower-privileged users (e.g., Editors with dashboard sharing access) to modify a site-wide setting that should be admin-only. Impact: potenti...

Important: Red Hat Security Advisory: .NET 8.0 security update

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

EUVD-2026-38272

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

Astra Linux – Vulnerability in opensc

A vulnerability was discovered in OpenSC, OpenSC tools, the PKCS11 module, minidrivers, and CTK. The issue arises from the lack of initialization of variables that should be initialized as arguments to other functions, etc...

Astra Linux – Vulnerability in edk2

Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure through network access...

Astra Linux – Vulnerability in PackageKit

PackageKit’s apt backend mistakenly treats all local deb files as trustworthy. The apt security model is based on repository trust, not the contents of individual files. On sites where PolicyKit rules are configured, this could allow users to install malicious packages...