PT-2026-46040

crypton-x509-validation and crypton-x509 do not enforce X.509 Name Constraints The crypton-x509-validation and crypton-x509 libraries did not enforce the X.509 Name Constraints extension during certificate validation. The Name Constraints extension is a critical X.509 extension that restricts the...

CVE-2026-7524 Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction...

CVE-2026-24554

Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...

CVE-2026-24554 WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...

CVE-2026-24554

Affected software: WordPress WPSubscription plugin (versions up to 1.9.1). Issue: Cross-Site Request Forgery (CSRF) vulnerability as described in CVE-2026-24554. CVSS v3.1 base score: 4.3 (Medium); attack vector NETWORK, attack complexity Low, privileges required None, user interaction Required, ...

CVE-2026-24554 WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...

PT-2026-43138

Name of the Vulnerable Software and Affected Versions WPSubscription versions prior to 1.9.2 Description A Cross-Site Request Forgery CSRF flaw exists in the Convers Lab WPSubscription plugin. This issue allows an attacker to induce a victim to perform unintended actions on the web application by...

UBUNTU-CVE-2026-43826

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

CVE-2026-43826

The CVE-2026-43826 affects the OpenSearch logging provider used with Apache Airflow providers-opensearch. When the host URL includes embedded credentials (for example https://user:password@server:9200), the provider writes the full host URL, including credentials, to task logs. This allows any us...

PT-2026-39579

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

Fedora 44 : containernetworking-plugins (2026-d6b4b4df31)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d6b4b4df31 advisory. - Update to release v1.9.1 - Resolves: rhbz2448053, rhbz2423997, rhbz2424031 - Upstream fixes Tenable has extracted the preceding description block...

Fedora 42 : containernetworking-plugins (2026-7ed700921c)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7ed700921c advisory. Update to release v1.9.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

EUVD-2026-11802

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...

CVE-2026-32329

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...

PT-2026-25177

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...

CVE-2025-60087

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...

CVE-2025-67988

CVE-2025-67988 targets the CozyStay WordPress theme (CozyStay) with an improper control of filenames for include/require statements, yielding a PHP Local File Inclusion. The vulnerability affects CozyStay: from n/a through

WordPress plugin CozyStay 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Extensive VC Addons for WPBakery page builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

PT-2026-21057

Name of the Vulnerable Software and Affected Versions LoftOcean CozyStay versions prior to 1.9.1 Description A flaw exists in LoftOcean CozyStay that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a PHP Remote File...