CVE-2026-39587

CVE-2026-39587 affects WordPress WP BASE Booking plugin versions

CVE-2026-39583 WordPress Datalogics Ecommerce Delivery plugin <= 2.6.62 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery = 2.6.62 versions...

CVE-2026-39583

The CVE-2026-39583 entry concerns WordPress plugin Datalogics Ecommerce Delivery (versions

CVE-2026-39579

CVE-2026-39579 affects the WordPress plugin B Blocks up to version 2.0.31 . The vulnerability is a privilege escalation in contributor level, with a high impact (CVE metrics: CVSS 3.1 base score 8.8, scope UNCHANGED, confidentiality/integrity/availability all HIGH). Affected component is the plug...

CVE-2026-39579 WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability

Contributor Privilege Escalation in B Blocks = 2.0.31 versions...

CVE-2026-39579 WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability

Contributor Privilege Escalation in B Blocks = 2.0.31 versions...

CVE-2026-39470

CVE-2026-39470 affects the WordPress plugin WooCommerce Cart Abandonment Recovery, specifically versions earlier than 2.1.0. The issue is a Privilege Escalation that allows a shop manager to gain higher privileges. The reported impact is Confidentiality, Integrity, and Availability at high severi...

CVE-2026-39470 WordPress WooCommerce Cart Abandonment Recovery plugin < 2.1.0 - Privilege Escalation vulnerability

Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery 2.1.0 versions...

CVE-2026-34901 WordPress iControlWP plugin <= 5.5.3 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...

CVE-2026-34901

CVE-2026-34901 affects WordPress iControlWP plugin,

CVE-2026-27407

CVE-2026-27407 concerns the WordPress AI Engine plugin, affected versions

CVE-2026-27407 WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability

Editor Privilege Escalation in AI Engine = 3.4.9 versions...

CVE-2026-50891

Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request...

CVE-2026-50881

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...

CVE-2026-50884

Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components...

CVE-2026-39118

An issue in Iru, Inc Kandji Agent before v.4.7.55374 allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality...

CVE-2026-36213

An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component...

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one...

MGASA-2026-0211 Updated sudo packages fix security vulnerability

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation. CVE-2026-35535...

Updated sudo packages fix security vulnerability

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation. CVE-2026-35535...