CVE-2026-9643

WP Meta SEO for WordPress insert(). This allows injection of arbitrary scripts that execute when an administrator visits the 404 & Redirects admin page (/wp-admin/admin.php?page=metaseo_broken_link). Exploitation details are not provided beyond the generic flow; no fixes, mitigations, or exploita...

EUVD-2026-38387

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for...

CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

Astra Linux – Vulnerability in Tomcat9

When responding to new H2C connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, and 8.5.0 to 8.5.61 may duplicate request headers and a limited amount of request body from one request to another. This means that user A and user B may both see the results of user A’...

EUVD-2026-37676

Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...

CVE-2025-69170

Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...

EUVD-2026-37690

Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...

EUVD-2025-210266

Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...

CVE-2026-46884

Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM component: Marketing. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attac...

CVE-2026-46857

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Oracle Management Service. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

CVE-2026-46855

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Metadata Plugin. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle...

CVE-2026-46832

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Discovery Framework. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise...

CVE-2026-49079 WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetSearch = 3.5.17 versions...

CVE-2026-48055

Streambert (Electron-based desktop app) has a Zip Slip vulnerability in its subtitle extraction logic affecting versions up to 2.4.0. The code concatenates raw archive entry names to a temporary directory, enabling path traversal and arbitrary file writes if a malicious ZIP with traversal sequenc...

EUVD-2026-37060

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin chains three independent flaws that together allow an authenticated Agent Agent+ to overwrite a...

PT-2026-50101

Unauthenticated Local File Inclusion in Aperitif = 1.5 versions...

EUVD-2026-36972

Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...

CVE-2026-48872

Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...

CVE-2026-40732

Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...

CVE-2026-49083

Summary: CVE-2026-49083 affects the WordPress LatePoint plugin and is a privilege-escalation vulnerability in versions ≤ 5.5.1. What’s affected: WordPress LatePoint plugin (versions up to and including 5.5.1). Impact (as per provided metrics): CVSS 3.1 base score 7.5 (High), with network attack v...