CVE-2026-46331

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints

Summary Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without verifying that the authenticated requester owns the targeted resource. Any authenticated...

CVE-2026-10831 Improper Authorization of Break Signal Commands in Devices

A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network...

HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection

A flaw was found in the HP Linux Imaging and Printing Software HPLIP. This vulnerability may allow a local attacker to achieve escalation of privileges and/or arbitrary code execution through operating system command injection. This could lead to an attacker gaining unauthorized control over the...

BIT-PARSE-2026-53726 Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1, a relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting client by...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-48907link is external Widget Factory Joomla Content Editor Improper Access Control Vulnerability This type of vulnerability is a frequent attack vector for...

HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection

A flaw was found in the HP Linux Imaging and Printing Software HPLIP. This vulnerability may allow a local attacker to achieve escalation of privileges and/or arbitrary code execution through operating system command injection. This could lead to an attacker gaining unauthorized control over the...

CVE-2026-52714

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO = 12.4.16 versions...

CVE-2026-54190

Unauthenticated Broken Access Control in Envira Photo Gallery = 1.12.5 versions...

CVE-2026-40809

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1...

CVE-2026-39490

Unauthenticated Broken Access Control in JupiterX Core = 4.14.1 versions...

CVE-2025-68045

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...

EUVD-2026-37058

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1...

CVE-2026-40809 WordPress Metro Magazine theme <= 1.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1...

CVE-2026-40809

CVE-2026-40809 concerns the WordPress Metro Magazine theme (versions

EUVD-2026-37052

Unauthenticated Broken Access Control in Envira Photo Gallery = 1.12.5 versions...

CVE-2026-54190 WordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Envira Photo Gallery = 1.12.5 versions...

CVE-2026-54190

CVE-2026-54190 : Unauthenticated Broken Access Control affects the WordPress plugin Envira Photo Gallery versions up to and including 1.12.5 . The available sources describe an unauthenticated access control flaw in this plugin, with the vulnerability present in the affected release range. The co...

CVE-2026-52714 WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO = 12.4.16 versions...

EUVD-2026-37050

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO = 12.4.16 versions...