CVE-2026-1937

CVE-2026-1937 affects the YayMail – WooCommerce Email Customizer WordPress plugin up to version 4.3.2. The root cause is a missing capability check on the yaymail_import_state AJAX action, allowing authenticated attackers with Shop Manager-level access or higher to modify arbitrary WordPress opti...

GHSA-W54X-R83C-X79Q Pepr Has Overly Permissive RBAC ClusterRole in Admin Mode

Severity: LOW Target: /workspace/pepr/src/lib/assets/rbac.ts Endpoint: Kubernetes RBAC configuration Method: Deployment Response / Rationale Pepr defaults to rbacMode: "admin" because the initial experience is designed to be frictionless for new users. This mode ensures that users can deploy and...