CVE-2026-4280

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

CVE-2026-4128

The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The deleteterm function, which handles the 'tpmcatttdeleteterm' AJAX action, does not perform any capability check e.g., currentusercan to verify the...

CVE-2026-4128 TP Restore Categories And Taxonomies <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Taxonomy Deletion via 'tpmcattt_delete_term' AJAX Action

The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The deleteterm function, which handles the 'tpmcatttdeleteterm' AJAX action, does not perform any capability check e.g., currentusercan to verify the...

CVE-2026-6396 Fast & Fancy Filter – 3F <= 1.2.2 - Cross-Site Request Forgery to Settings Modification via fff_save_settins AJAX Action

The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce verification in the saveFields function, which handles the fffsavesettins AJAX action. This makes it possible for unauthenticated...

CVE-2026-4140 Ni WooCommerce Order Export <= 3.1.6 - Cross-Site Request Forgery to Settings Update via ni_order_export_action AJAX Action

The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the niorderexportaction AJAX handler function. The handler processes settings updates when the 'page' parameter is...

CVE-2026-4140 Ni WooCommerce Order Export <= 3.1.6 - Cross-Site Request Forgery to Settings Update via ni_order_export_action AJAX Action

The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the niorderexportaction AJAX handler function. The handler processes settings updates when the 'page' parameter is...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013735)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013735 advisory. In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interru...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013838)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013838 advisory. In the Linux kernel, the following vulnerability has been resolved: mfd: pcf50633-adc: Fix potential memleak in pcf50633adcasyncread req is allocated in...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the leakage of SKBs during asynchronous encryption with espintcp, potentially leading to memory...

PT-2026-34291

The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The delete term function, which handles the 'tpmcattt delete term' AJAX action, does not perform any capability check e.g., current user can to verify...

CVE-2026-40590 FreeScout's Customer AJAX Create Modifies Hidden Existing Customer

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a “Create a new customer” flow via POST /customers/ajax with action=create. Under limited visibility, the endpoint drops unique-email validation. If the supplied email already...

MINE-CYBERSECURITY-PROJECT-1

MINE-CYBERSECURITY-PROJECTS This repository contains advanced...

CVE-2026-6703

The CVE concerns the WordPress plugin “Responsive Blocks – Page Builder for Blocks & Patterns” (versions up to 2.2.1). The root cause is improper authorization verification, allowing authenticated attackers with contributor-level access or higher to modify global site-wide plugin configuration op...

CVE-2026-6703 Responsive Blocks <= 2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via AJAX Actions

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013359)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013359 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011040)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011040 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix possible use-after-free in async command interface mlx5cmdcleanupasyncctx should...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011205)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011205 advisory. In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running...

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained security vulnerabilities. These vulnerabilities stemmed from a weak AJAX path for the savedraft function when th...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011163)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011163 advisory. In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interru...

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained security vulnerabilities. These vulnerabilities stemmed from the fact that restrictions were only applied to...