PT-2026-49223

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the uplo...

PT-2026-49413

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...

PT-2026-49375

Editor Remote Code Execution RCE in Responsive Slider by MetaSlider = 3.106.0 versions...

PT-2026-49298

Name of the Vulnerable Software and Affected Versions RuoYi version 4.8.2 Description An issue in the code generation module allows an authenticated attacker with administrative privileges to access sensitive database information. This is possible through a SQL Injection in the...

PT-2026-49474

Name of the Vulnerable Software and Affected Versions Easy Invoice versions prior to 2.1.20 Description An unauthenticated Remote Code Execution RCE flaw allows an attacker to execute arbitrary code on the system without requiring login credentials. Recommendations Update to a version newer than...

CVE-2026-38812

RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information...

PT-2026-49289

Name of the Vulnerable Software and Affected Versions Boyleep K11, y108 version 2.3.0.11291 Description A flaw in the factory test feature allows an attacker with physical proximity to the device to execute arbitrary code. Recommendations At the moment, there is no information about a newer versi...

PT-2026-49314

Name of the Vulnerable Software and Affected Versions flatnotes version 5.5.4 Description An arbitrary file upload issue exists in the attachment handling component. This allows attackers to execute arbitrary code by uploading a specially crafted HTML or SVG file. Recommendations At the moment,...

PT-2026-49282

Name of the Vulnerable Software and Affected Versions Rakuten Send Anywhere File Transfer for Android version 23.2.9 Description An issue in the application allows untrusted apps without permissions to force arbitrary file downloads into the app's scoped storage. These files then appear in the...

PT-2026-49321

Name of the Vulnerable Software and Affected Versions YouTransfer version 1.0.6 Description An issue in the sendmail transport integration component allows attackers to execute arbitrary code by supplying a crafted request. Recommendations At the moment, there is no information about a newer...

PT-2026-49191

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where the application fails to intercept certain dangerous interfaces when executing JavaScript scripts embedded in PDF files within the sandbox...

UBUNTU-CVE-2026-8632

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection...

PT-2026-49237

Name of the Vulnerable Software and Affected Versions WooCommerce PDF Invoice Builder versions prior to 2.0.9 Description Improper Control of Generation of Code allows Remote Code Inclusion, enabling an unauthenticated attacker to perform full code injection via remote file inclusion...

PT-2026-49297

Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...

CVE-2026-36933

The CVE-2026-36933 issue affects Boyleep K11 y108 firmware v2.3.0.11291. A physically proximate attacker can execute arbitrary code via the factory test feature. The impact is described as high for confidentiality, integrity, and availability; the root cause is tied to the factory test feature, w...

CVE-2026-39006

CVE-2026-39006 concerns SNMP4J-Agent 3.8.3 where a remote attacker can execute arbitrary code via the snmp4jCfgStoragePath component. Documented impact is critical (CVSS v3.1: 9.8) with network discovery and no user interaction required; exploitation status is not provided in the supplied sources...

PT-2026-49533

Name of the Vulnerable Software and Affected Versions grpc versions 0.4.0 through 0.9.x Description Deserialization of untrusted data and allocation of resources without limits or throttling allow unauthenticated attackers to crash the BEAM node or achieve remote code execution on the server. The...

CVE-2026-50880

An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request...

PT-2026-49218

WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wp abspath parameter. Attackers can supply path traversal sequences or remote URLs through the wp...

PT-2026-49220

WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest admin.php with malicious action values to include files from the admin directory a...