CVE-2026-42192

Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting XSS vulnerability exists in the campaign management feature, where the email body content created by authenticated project members is stored and later rendered in the admin...

CVE-2026-42571

Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2, there is a a privilege escalation vulnerability affecting Pelican's Web User Interface WebUI. This attack allows any user...

CVE-2021-47950

Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulating the semotion parameter. Attackers can submit POST requests to admin.php with JavaScript code in...

SUSE-SU-2026:1821-1 Security update for NetworkManager

This update for NetworkManager fixes the following issue: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359...

CVE-2026-6710

The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the SkysaAppsAdminAppPage function. This makes it possible for unauthenticated attackers to trick a site...

CVE-2026-6709 Coinbase Commerce for Contact Form 7 <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification via 'cccf7_api_key' Parameter

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...

CVE-2026-6709 Coinbase Commerce for Contact Form 7 <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification via 'cccf7_api_key' Parameter

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...

CVE-2026-6709

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...

CVE-2026-6709

CVE-2026-6709 affects the WordPress plugin Coinbase Commerce for Contact Form 7 in versions up to and including 1.1.2. Root cause: missing capability check and nonce verification in the save_settings() function registered on the admin_post_cccf7_save_settings hook. Impact: authenticated attackers...

CVE-2026-7616

The CVE-2026-7616 entry concerns the WordPress Zawgyi Embed plugin (versions up to 2.1.1). The root cause is missing or incorrect nonce validation in the zawgyi_adminpage function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to modify the plugin’s zawgyi_forceCSS se...

CVE-2026-7561 Tm – WordPress Redirection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

CVE-2026-2993

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query in the getListForTbl function. This makes...

CVE-2026-7437 AzonPost <= 1.3 - Reflected Cross-Site Scripting

The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the editposhidden parameter in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2026-7562

This CVE concerns the WP-Redirection plugin for WordPress (versions

CVE-2026-7562 WP-Redirection <= 1.0.3 - Cross-Site Request Forgery to Settings Update

The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form and the lack of any nonce verification via checkadminreferer or wpverifynonce in the...

CVE-2026-7562

The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form and the lack of any nonce verification via checkadminreferer or wpverifynonce in the...

CVE-2026-7562 WP-Redirection <= 1.0.3 - Cross-Site Request Forgery to Settings Update

The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form and the lack of any nonce verification via checkadminreferer or wpverifynonce in the...

CVE-2026-7257

UNSUPPORTED WHEN ASSIGNED An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file...

EUVD-2026-29367

Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modif...

CVE-2026-7257

CVE-2026-7257 affects Zyxel WRE6505 v2 firmware V1.00(ABDV.3)C0. The issue is insecure storage of sensitive information in the device’s configuration backup file, allowing a local administrator to download and decrypt the backup configuration. The documents do not provide exploit details, affecte...