WordPress Livemesh SiteOrigin Widgets plugin <= 3.9.2 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh SiteOrigin Widgets versions = 3.9.2...

CVE-2026-8195

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...

Important: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2026-39677

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativesPlanet Emphires emphires allows PHP Local File Inclusion.This issue affects Emphires: from n/a through = 3.9...

CVE-2026-39677 WordPress Emphires theme <= 3.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativesPlanet Emphires emphires allows PHP Local File Inclusion.This issue affects Emphires: from n/a through = 3.9...

EUVD-2026-15534

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in G5Theme Handmade Framework handmade-framework allows Reflected XSS.This issue affects Handmade Framework: from n/a through = 3.9...

CVE-2026-22520

CVE-2026-22520 pertains to the WordPress Handmade Framework plugin (handmade-framework) with versions through 3.9. It describes a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation. The issue affects Handmade Framework: from n/a t...

PT-2026-27838

Name of the Vulnerable Software and Affected Versions G5Theme Handmade Framework versions through 3.9 Description The software contains a flaw related to improper input handling during web page creation, leading to a Reflected Cross-Site Scripting XSS condition. This allows an attacker to inject...

EUVD-2026-11872

Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through = 3.9.0...

CVE-2026-32373

Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through = 3.9.0...

CVE-2026-0672 affecting package python3 for versions less than 3.9.19-18

CVE-2026-0672 affecting package python3 for versions less than 3.9.19-18. A patched version of the package is available...

RLSA-2026:1478 Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

CVE-2026-1375 Tutor LMS <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References IDOR in all versions up to, and including, 3.9.5. This is due to missing object-level authorization checks in the courselistbulkaction, bulkdeletecourse, and...

WordPress plugin Tutor LMS 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-22764

Dell OpenManage Network Integration

CVE-2026-22696 dcap-qvl has Missing Verification for QE Identity

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

Fedora 43 : python3.9 (2026-975a15098b)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-975a15098b advisory. Security fix for CVE-2025-12084 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

PT-2026-2983

Name of the Vulnerable Software and Affected Versions Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress versions up to and including 1.3.9.2 Description The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is susceptible to unauthorized...

WordPress OneLife theme <= 3.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme OneLife versions = 3.9...

CVE-2020-10243

An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype...