Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007031)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007031 advisory. In the Linux kernel, the following vulnerability has been resolved: nfsd: handle getclientlocked failure in nfsd4setclientidconfirm Lei Lu recently reported that...

CVE-2026-33516

A flaw was found in xrdp, an open-source Remote Desktop Protocol RDP server. A remote, unauthenticated attacker can exploit an out-of-bounds read vulnerability by sending a specially crafted Confirm Active PDU during the RDP capability exchange. This issue occurs when memory is accessed without...

📄 ChurchCRM SQL Injection

ChurchCRM versions prior to 6.5.3 suffer from a remote SQL injection vulnerability in ConfirmReportEmail.php. CVE-2025-68400: ChurchCRM vulnerable to time-based blind SQL Injection in ConfirmReportEmail.php Overview | Field | Details | |---|---| | CVE ID | CVE-2025-68400 | | Severity | CRITICAL |...

CVE-2026-5263 URI nameConstraints not enforced in ConfirmNameConstraints()

URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...

CVE-2026-39341

ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006703)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006703 advisory. In the Linux kernel, the following vulnerability has been resolved: nfsd: handle getclientlocked failure in nfsd4setclientidconfirm Lei Lu recently reported that...

EUVD-2026-19843

ChurchCRM is an open-source church management system. Prior to 7.1.0, The application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...

Synthetic Trust Attacks: Modeling How Generative AI Manipulates Human Decisions in Social Engineering Fraud

Imagine receiving a video call from your CFO, surrounded by colleagues, asking you to urgently authorise a confidential transfer. You comply. Every person on that call was fake, and you just lost $25 million. This is not a hypothetical. It happened in Hong Kong in January 2024, and it is becoming...

CVE-2026-3903 Modular Connector <= 2.5.1 - Cross-Site Request Forgery via postConfirmOauth

The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing nonce validation on the postConfirmOauth function. This makes it possible for unauthenticated attacker...

CVE-2026-3903 Modular Connector <= 2.5.1 - Cross-Site Request Forgery via postConfirmOauth

The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing nonce validation on the postConfirmOauth function. This makes it possible for unauthenticated attacker...

WordPress Modular Connector plugin <= 2.5.1 - Cross-Site Request Forgery via postConfirmOauth vulnerability

Cross-Site Request Forgery via postConfirmOauth vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Modular DS versions = 2.5.1...

CVE-2026-1833

The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-1833

The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-1833 WaMate Confirm <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Phone Number Blocking/Unblocking

The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-1833

CVE-2026-1833 describes a vulnerability in the WordPress WaMate Confirm – Order Confirmation plugin (versions

CVE-2026-1833 WaMate Confirm <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Phone Number Blocking/Unblocking

The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-1833

The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

WordPress plugin WaMate Confirm – Order Confirmation 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress WaMate Confirm plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Phone Number Blocking/Unblocking vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Phone Number Blocking/Unblocking vulnerability discovered by Legion Hunter in WordPress Plugin WaMate Confirm versions = 2.0.1...

CVE-2025-69564

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirmpassword, Role, Branch, and Activate parameters...