CVE-2026-9709 Themeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta Disclosure

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...

CVE-2026-8705 ClearSale Total <= 3.4.2 - Unauthenticated SQL Injection

The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...

CVE-2026-46075 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46075 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-46064 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46064 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

Astra Linux – Vulnerability in Firefox

Memory safety bugs exist in Firefox 114. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 115...

EUVD-2025-210211

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...

EUVD-2025-210212

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all...

CVE-2026-20265 Insecure Default Domain Allowlist in Splunk AI Toolkit

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists...

CVE-2026-41557 WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Kapee 1.7.1 versions...

CVE-2026-22338

CVE-2026-22338 : WordPress EcoBlue theme

PT-2026-50501

Name of the Vulnerable Software and Affected Versions Splunk AI Toolkit versions prior to 5.7.4 Description A low-privileged user without "admin" or "power" Splunk roles can force the application to make outbound HTTP requests to an attacker-controlled server, potentially leading to data...

NPM: n8n: Microsoft SQL Node Prototype Pollution

NPM: n8n: Microsoft SQL Node Prototype Pollution vulnerability discovered by ? in WordPress Npm n8n versions 2.24.0...

NPM: n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

NPM: n8n: NoSQL Injection in MongoDB Node Find And Replace Operation vulnerability discovered by ? in WordPress Npm n8n versions 2.24.0...

Mozilla Firefox < 152.0

The version of Firefox installed on the remote Windows host is prior to 152.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-57 advisory. - Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

CVE-2026-39527

Subscriber Arbitrary File Upload in WpStream 4.11.2 versions...

CVE-2026-40767 WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

CVE-2026-5223 affecting package rust for versions less than 1.90.0-9

CVE-2026-5223 affecting package rust for versions less than 1.90.0-9. A patched version of the package is available...

Linux Distros Unpatched Vulnerability : CVE-2026-7765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message- fetching endpoints to return the dashboard creator's messag...

Veeam Backup and Replication < 12.3.2.4854 (kb4869)

The version of Veeam Backup and Replication installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the kb4869 advisory. - A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...

CVE-2026-7186 Fix stored XSS in URL dashboard widget via dangerous URI schemes

Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...