PT-2026-47059

We just found and disclosed CVE-2026-10753 in Google's Site Kit, the official Google plugin running on 5M+ WordPress sites. Our team caught a broken access control flaw that slipped past everyone else. One REST API write endpoint checked for view level access when it should have required admin...

PT-2026-46899

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog aka the communication log administration view...

PT-2026-47049

Name of the Vulnerable Software and Affected Versions Arista Edge Threat Management - Arista Next Generation Firewall NGFW affected versions not specified Description An administrative cross-site scripting XSS issue exists in the web user interface dashboard layout. Unvalidated user-supplied...

PT-2026-47065

Name of the Vulnerable Software and Affected Versions Admin Columns versions prior to 7.0.19 Description The plugin is subject to PHP Object Injection, which can lead to Remote Code Execution. This occurs because the get ids from string function in the IdsToCollection class uses unserialize witho...

CVE-2026-36500

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

PT-2026-47054

Name of the Vulnerable Software and Affected Versions Altium Enterprise Server Collaboration Service affected versions not specified Description A path traversal issue exists due to improper handling of user-supplied filenames within the MCAD and Simulation file download flows. An authenticated...

PT-2026-47041

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An improper session termination issue exists where authentication tokens remain valid after a user logs out. This allows an attacker who possesses a valid token to maintain persistent access to...

WordPress Admin Columns plugin <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution vulnerability

Authenticated Contributor+ PHP Object Injection to Remote Code Execution vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Admin Columns versions = 7.0.18...

PT-2026-47026

Name of the Vulnerable Software and Affected Versions Hippoo Mobile App for WooCommerce versions prior to 1.9.5 Description An authentication bypass exists that allows for administrator account takeover. The issue stems from a logic conflation in the get user permissions function within...

PT-2026-46968

A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file dashboard page/admin page.php of the component Admin Interface. The manipulation of the argument...

PT-2026-46977

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage user. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

Linux Distros Unpatched Vulnerability : CVE-2026-50592

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog aka the communication log administration view. CVE-2026-50592...

CVE-2026-10877

CVE-2026-10877 concerns SourceCodester Ship Ferry Ticket Reservation System (up to 1.0) with an issue in the Admin Login component. The vulnerability resides in the /admin/login.php handling of the Username argument, enabling a SQL injection. The flaw is exploitable remotely, and the exploit has ...

CVE-2026-10877

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack can be executed...

CVE-2026-10877 SourceCodester Ship Ferry Ticket Reservation System Admin Login login.php sql injection

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack can be executed...

CVE-2026-10877 SourceCodester Ship Ferry Ticket Reservation System Admin Login login.php sql injection

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack can be executed...

CVE-2026-10876

A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available...

CVE-2026-10876 SourceCodester Ship Ferry Ticket Reservation System admin improper authorization

A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available...

CVE-2026-10876 SourceCodester Ship Ferry Ticket Reservation System admin improper authorization

A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available...

CVE-2026-10874

A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...