CVE-2026-48020

CVE-2026-48020 affects Traefik’s StripPrefix middleware. Prior to fixes, versions 2.11.48, 3.6.19, and 3.7.3 are vulnerable. When a public router uses PathPrefix with StripPrefix, a request path containing .. or %2e%2e can match the public route, then after prefix stripping and path normalization...

CVE-2026-10530 Pie Register < 3.8.4.10 - Unauthenticated Email Verification Bypass via Predictable Token

The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox...

CVE-2026-56299

Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/ endpoint that allows unauthenticated attackers to trigger consistent 500 errors. Remote attackers can send OPTIONS requests to bypass authentication middleware and invoke tusProxy logic with invalid...

EUVD-2026-36914

Unauthenticated Bypass Vulnerability in WpTravelly = 2.1.7 versions...

CVE-2026-42752

Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...

CVE-2026-42655

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP = 4.6.19 versions...

CVE-2026-42662

Unauthenticated Bypass Vulnerability in Event Tickets = 5.27.5 versions...

CVE-2026-27089

Unauthenticated Bypass Vulnerability in WpTravelly = 2.1.7 versions...

EUVD-2026-36838

Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...

CVE-2026-42752 WordPress Stripe Payments plugin <= 2.0.98 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...

EUVD-2026-36827

Unauthenticated Bypass Vulnerability in Event Tickets = 5.27.5 versions...

CVE-2026-42662 WordPress Event Tickets plugin <= 5.27.5 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in Event Tickets = 5.27.5 versions...

CVE-2026-42655 WordPress Best Payments Plugin for WP plugin <= 4.6.19 - Payment Bypass vulnerability

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP = 4.6.19 versions...

CVE-2026-27089

WPTravelly plugin for WordPress, versions

Exploit for CVE-2026-10795

CVE Lab: CVE-2026-10795 - UpdraftPlus UpdraftCentral RPC Authe...

PT-2026-49464

Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...

PT-2026-49446

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP = 4.6.19 versions...

PT-2026-49359

Unauthenticated Bypass Vulnerability in WpTravelly = 2.1.7 versions...

PT-2026-49453

Unauthenticated Bypass Vulnerability in Event Tickets = 5.27.5 versions...

WordPress Login with Salesforce plugin <= 1.0.2 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Login with Salesforce versions = 1.0.2...