CVE-2026-0920 LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajaxregisterhandle' function not restricting what user roles a user can register with. This makes it possible for...

CVE-2026-0920

CVE-2026-0920 affects the WordPress plugin “LA-Studio Element Kit for Elementor” (≤ 1.5.6.3). The root cause is a missing role restriction in the AJAX registration handler (ajax_register_handle), which lets unauthenticated users supply the lakit_bkrole parameter and create an administrator accoun...

PT-2026-3919

Name of the Vulnerable Software and Affected Versions LA-Studio Element Kit for Elementor versions through 1.5.6.3 Description The LA-Studio Element Kit for Elementor plugin for WordPress is susceptible to unauthorized administrative user creation. This occurs because the ajax register handle...

WordPress plugin LA-Studio Element Kit for Elementor has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

CVE-2026-21930

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Filesystems. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes ...

MAL-2026-446 Malicious code in code-transfering-4 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f49b12f95d153280889b4da45b5de3017f21159ad06622092779705ad22e855c Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter vulnerability

Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakitbkrole parameter vulnerability discovered by WordFence in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.5.6.3...

20,000 WordPress Sites Affected by Backdoor Vulnerability in LA-Studio Element Kit for Elementor WordPress Plugin

On January 12th, 2026, we received a submission for a Backdoor vulnerability in the LA-Studio Element Kit for Elementor, a WordPress plugin with more than 20,000+ active installations. This vulnerability makes it possible for an unauthenticated attacker to create malicious administrator users...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in Oct 2025, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTIO...

context_compaction

Google ADK Context Compaction POC A proof of concept demonstr...

EUVD-2026-3730

Malicious code in shroom-kit npm...

Malicious Package

Overview shroom-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in shroom-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12ce31b267373b04b6db8fa70688917b146c9cf34f2d548b58890a950af4f32a The package shroom-kit was found to contain malicious code. Source: ghsa-malware df93160efafaee42f3f1c238618282cd6845e4fea4f6b0804f5e759934e60f71 Any...

MAL-2026-428 Malicious code in shroom-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12ce31b267373b04b6db8fa70688917b146c9cf34f2d548b58890a950af4f32a The package shroom-kit was found to contain malicious code. Source: ghsa-malware df93160efafaee42f3f1c238618282cd6845e4fea4f6b0804f5e759934e60f71 Any...

EUVD-2026-3579

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Filesystems. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes ...

EUVD-2026-3576

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17...

VulnCheck KEV: CVE-2026-0920

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajaxregisterhandle' function not restricting what user roles a user can register with. This makes it possible for...

CVE-2026-21930

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Filesystems. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes ...

CVE-2026-21930

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Filesystems. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes ...

MiracleLinux 8 : java-21-openjdk-21.0.3.0.9-1.el8.ML.1 (AXSA:2024-7709:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7709:07 advisory. OpenJDK: long Exception message leading to crash 8319851 CVE-2024-21011 OpenJDK: integer overflow in C1 compiler address generation 8322122...