K000161616: NGINX ngx_http_v3_module vulnerability CVE-2026-42530

Security Advisory Description NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen ...

CVE-2026-54196

Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...

CVE-2026-49080

Unauthenticated SQL Injection in wpDataTables = 7.3.6 versions...

CVE-2026-39522

Unauthenticated Local File Inclusion in Solene = 3.4 versions...

CVE-2026-22339

Unauthenticated Cross Site Scripting XSS in WPJobster = 6.3.5 versions...

CVE-2025-69139

Unauthenticated Arbitrary File Deletion in Car Zone = 3.7 versions...

WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by she11f in WordPress Plugin Visual Link Preview versions = 2.3.1...

EUVD-2026-37685

Unauthenticated PHP Object Injection in Alukas 3.0.0 versions...

CVE-2026-46969

Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financials...

CVE-2026-46916

Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite component: Quality Management Specs. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

RHSA-2026:26187 Red Hat Security Advisory: python3.11 security update

Bulletin has no description...

CVE-2026-54804 WordPress Melhor Envio plugin <= 2.16.3 - Broken Authentication vulnerability

Subscriber Broken Authentication in Melhor Envio = 2.16.3 versions...

CVE-2026-49079 WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetSearch = 3.5.17 versions...

CVE-2026-22340

CVE-2026-22340: Unauthenticated SQL Injection in WordPress WPJobster theme

CVE-2026-46286

A flaw was found in the Linux kernel's qcom-lpg LED driver. This vulnerability, an array overflow, occurs when the driver attempts to select high-resolution values. Due to incorrect indexing, the system may read random data from memory, which could lead to information disclosure or unpredictable...

CVE-2026-8607 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrap' Shortcode Attribute

The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping...

CVE-2026-12442

creationtimestamp| type| source ---|---|--- 2026-06-17 01:56:44+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-google-chrome-56 2026-06-17 04:30:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mohi4jqflv2o 2026-06-17 05:03:16+00:00| seen|...

PT-2026-50439

Name of the Vulnerable Software and Affected Versions NGINX Open Source versions 1.31.0 through 1.31.1 NGINX Ingress Controller affected versions not specified NGINX Gateway Fabric affected versions not specified NGINX Instance Manager affected versions not specified Description A use-after-free...

PT-2026-50359

Unauthenticated PHP Object Injection in WP Activity Log = 5.6.3.1 versions...

PT-2026-50597

Name of the Vulnerable Software and Affected Versions Filament versions 3.0.0 through 3.3.52 Description A disabled RichEditor field renders its raw state without sanitizing HTML. If the data stored in the field's state was not previously sanitized when the form state was filled, an attacker can...