CVE-2026-3079 LearnDash LMS <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter

The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filtersorderbyorder' parameter in the 'learndashpropaneltemplate' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack o...

WordPress plugin WP DSGVO Tools (GDPR) 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin LearnDash LMS SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Reconx

🔍 reconx - Modular Penetration Testing Framework !Python 3...

WordPress Build App Online plugin <= 1.0.23 - Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action vulnerability

Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action vulnerability discovered by WordFence in WordPress Plugin Build App Online versions = 1.0.23...

WordPress Punnel plugin <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update via 'punnel_save_config' AJAX Action vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update via 'punnelsaveconfig' AJAX Action vulnerability discovered by Poli - CMC Global in WordPress Plugin Punnel – Landing Page Builder versions = 1.3.1...

CVE-2026-1969 ThemeREX Addons < 2.38.5 - Unauthenticated Arbitrary File Upload

The trxaddons WordPress plugin before 2.38.5 does not correctly validate file types in one of its AJAX action, allowing unauthenticated users to upload arbitrary file. This is due to an incorrect fix of CVE-2024-13448...

ROS-20260323-73-0024

A vulnerability in the atm component of the Linux operating system kernel is related to improper memory freeing before deleting the last link. Exploitation of the vulnerability allows an attacker to cause a denial of service...

PT-2026-27252

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational posts search function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and...

WordPress plugin trx_addons 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

Security update for the Linux Kernel (Live Patch 66 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.250 fixes various security issues The following security issues were fixed: CVE-2022-50423: ACPICA: Fix use-after-free in acpiutcopyipackagetoipackage bsc1250785. CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant...

CVE-2026-3651

The CVE affects the Build App Online WordPress plugin (

[SECURITY] Fedora 43 Update: libsoup3-3.6.6-2.fc43

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

EUVD-2026-13924

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when combined, allow any authenticated user to modify admin-level plugin settings. First, the...

PT-2026-26868

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callback search function and insufficient input validation that allows shortcode syntax...

CVE-2026-3567 RepairBuddy <= 4.1132 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via wc_rep_shop_settings_submission AJAX Action

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when combined, allow any authenticated user to modify admin-level plugin settings. First, the...

CVE-2026-32887

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

EUVD-2026-13818

Effect AsyncLocalStorage context lost/contaminated inside Effect fibers under concurrent load with RPC...

PT-2026-26723

The Keep Backup Daily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the backup title alias val parameter in the update kbd bkup alias AJAX action in all versions up to, and including, 2.1.2. This is due to insufficient input sanitization and output escaping. While sanitize...

Huawei EulerOS: Security Advisory for libwebsockets (EulerOS-SA-2026-1404)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...