CVE-2026-39546

This CVE concerns the WordPress plugin MultiLoca (WooCommerce Multi-Locations Inventory Management) up to version 4.2.15, with a Subscriber Privilege Escalation vulnerability. The vulnerability is described as enabling a subscriber to escalate privileges, indicating a potential elevation from a l...

CVE-2026-39546 WordPress MultiLoca plugin <= 4.2.15 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...

CVE-2025-69179

Technical details (affected plugin version

CVE-2025-69179 WordPress Support Ticket Management System plugin <= 1.9 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Support Ticket Management System = 1.9 versions...

CVE-2025-69138

Technical details about CVE-2025-69138 are not provided in the supplied documents. Please monitor official advisories for affected versions, impact, and remediation.

CVE-2025-69138 WordPress Genemy theme <= 1.6.6 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Genemy = 1.6.6 versions...

CVE-2025-59563

CVE-2025-59563 is a Privilege Escalation vulnerability in the WordPress Sonaar theme, affecting versions up to 4.27.4. The issue is described as an Authenticated (Subscriber+) privilege escalation with CVSS v3.1 base score 8.8 (High). The vulnerability is exploitable with low privileges and no us...

CVE-2025-59563 WordPress Sonaar theme <= 4.27.4 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...

CVE-2026-12165

CVE-2026-12165 affects the WordPress plugin “Contest Gallery” (versions

CVE-2026-12165 Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

Vulnerabilities present in Oracle MySQL products

Oracle has identified vulnerabilities in Oracle MySQL Shell for VS Code, MySQL Router, MySQL NDB Cluster, and MySQL Server. These vulnerabilities exist in various Oracle MySQL products and versions. In MySQL Shell for VS Code versions 2026.2.0+9.6.1, attackers with low privileges and network acce...

CVE-2026-27868 PUBLICATION OF SENSITIVE INFORMATION ON REGESTA SMART HD-PLC OF TELDAT

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a...

CVE-2026-27868

CVE-2026-27868 concerns the Regesta Smart HD-PLC (TLDPH16D2: 11.02.05.10.02). An attacker with network access to the device could disclose privilege information by calling the Version command through /upgrade/query.php?cmd=p+3&3Bversion, leading to information disclosure. The CVSS metrics indicat...

CVE-2026-0063

In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0063

CVE-2026-0063 affects the Android framework component PhoneInterfaceManager.java, where a logic error in setAllowedCarriers could disable carrier restrictions, enabling local privilege escalation with no additional privileges and no user interaction required. The issue is cataloged as an Elevatio...

CVE-2026-0063

In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-28615

In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-28615

CVE-2026-28615 affects Telecomm and is described as a permissions bypass that could allow initiating an unauthorized phone call, leading to local elevation of privilege without any additional execution privileges or user interaction. Technical details across sources confirm the vulnerability is l...

CVE-2026-28615

In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...