EUVD-2026-5217

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.5.6.3...

WordPress Royal Elementor Kit plugin <= 1.0.116 - Missing Authorization to Arbitrary Transient Update vulnerability

Missing Authorization to Arbitrary Transient Update vulnerability discovered by Sean Murphy in WordPress Theme Royal Elementor Kit versions = 1.0.116...

Malicious code in tailwindcss-forms-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c160bdf4857d48ea8df8ddf468e5a63432a60ced853eff31cbc5093966a044f The package tailwindcss-forms-kit was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview tailwindcss-forms-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-693 Malicious code in tailwindcss-forms-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c160bdf4857d48ea8df8ddf468e5a63432a60ced853eff31cbc5093966a044f The package tailwindcss-forms-kit was found to contain malicious code. Source: ghsa-malware...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Airplay_Audio_Software_Development_Kit

LiberationPlay-CVE-2025-24...

PT-2026-6220

Name of the Vulnerable Software and Affected Versions LA-Studio Element Kit for Elementor versions prior to 1.5.6.3 Description An issue exists in LA-Studio Element Kit for Elementor related to incorrectly configured access control security levels, potentially allowing unauthorized access. The...

WordPress plugin LA-Studio Element Kit for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

MiracleLinux 9 : java-1.8.0-openjdk-1.8.0.482.b08-1.el9.ML.1 (AXSA:2026-130:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-130:04 advisory. JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945...

CVE-2026-1777

The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output...

WordPress Jeg Elementor Kit plugin <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 2.6.4...

WordPress Jeg Elementor Kit plugin <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Testimonial vulnerability discovered by wesley wcraft in WordPress Plugin Jeg Elementor Kit versions = 2.6.3...

OPENSUSE-SU-2026:20148-1 Security update for dpdk

This update for dpdk fixes the following issues: Update to version 24.11.4. Security issues fixed: - CVE-2025-23259: issue in the Poll Mode Driver PMD allows an attacker on a VM in the system to leak information and cause a denial of service on the network interface bsc1254161. Other issues fixed...

WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin <= 1.6.4 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Ultimate Store Kit Elementor Addons versions = 1.6.4...

WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by stealthcopter in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.3.8.1...

Whispers of Wealth: Red-Teaming Google's Agent Payments Protocol Via Prompt Injection

Large language model LLM based agents are increasingly used to automate financial transactions, yet their reliance on contextual reasoning exposes payment systems to prompt-driven manipulation. The Agent Payments Protocol AP2 aims to secure agent-led purchases through cryptographically verifiable...

WordPress Plugin WP Directory Kit Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WP Directory Kit has an information disclosure vulnerability, the vulnerabilit...

WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin News Kit Elementor Addons versions = 1.4.2...

WordPress WP Directory Kit plugin <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action vulnerability

Unauthenticated Email Exposure via wdkpublicaction vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin WP Directory Kit versions = 1.4.9...

@1upmonster/duel (>=0.1.0 <=0.1.8), @flash_trade/magic-trade-client (>=0.1.0 <=1.0.47) +5 more potentially affected by CVE-2026-22696 via @phala/dcap-qvl-web (>=0.2.7 <=0.3.3)

@phala/dcap-qvl-web NPM version =0.2.7, =0.1.0, =0.1.0, =0.3.6, =0.2.9, =0.1.0, =0.4.1 - magic-trade-client =0.2.0 - nearai-cloud-verifier =0.0.1-alpha.1 Source cves: CVE-2026-22696 Source advisory: OSV:GHSA-796P-J2GH-9M2Q...