CVE-2026-25962 MarkUs: Zip bomb in config upload enables DoS

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip...

CVE-2026-27807

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities e.g., assignment settings. These YAML files are parsed with aliases enabled. This issue has been patch...

PT-2026-23723

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.3.7 Description Snipe-IT instances running versions prior to 8.3.7 are susceptible to unauthorized modification of user account details due to insufficient protection of sensitive user attributes against mass...

PT-2026-23627

Name of the Vulnerable Software and Affected Versions MarkUs versions prior to 2.9.4 Description MarkUs is a web application used for submitting and grading student assignments. Before version 2.9.4, the application extracted zip files without limitations on file size or the number of entries...

PT-2026-23788

Flowise and Affected Versions Flowise versions prior to 3.0.13 Description Flowise is a drag & drop user interface to build a customized large language model flow. A mass assignment issue exists in the /api/v1/leads endpoint, allowing unauthenticated users to control internal entity fields id,...

CVE-2026-28781

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...

CVE-2026-21425

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

EUVD-2026-9653

Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through = 1.0.4...

EUVD-2026-9651

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through = 2.2.6...

EUVD-2026-9602

Incorrect Privilege Assignment vulnerability in ameliabooking Amelia ameliabooking allows Privilege Escalation.This issue affects Amelia: from n/a through = 1.2.38...

CVE-2026-27983

Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through = 1.0.4...

CVE-2026-27541

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through = 2.2.6...

CVE-2026-24963

Incorrect Privilege Assignment vulnerability in ameliabooking Amelia ameliabooking allows Privilege Escalation.This issue affects Amelia: from n/a through = 1.2.38...

CVE-2026-27541

CVE-2026-27541 pertains to the WordPress plugin Wholesale Suite (woocommerce-wholesale-prices)

CVE-2026-27541

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through = 2.2.6...

CVE-2026-27983 WordPress LMS Elementor Pro plugin <= 1.0.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through = 1.0.4...

CVE-2026-27541 WordPress Wholesale Suite plugin <= 2.2.6 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through = 2.2.6...

CVE-2026-27541 WordPress Wholesale Suite plugin <= 2.2.6 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through = 2.2.6...

CVE-2026-27983

Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through = 1.0.4...

CVE-2026-27983 WordPress LMS Elementor Pro plugin <= 1.0.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through = 1.0.4...