CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by sorawautsukushiii in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.5...

CVE-2026-9018 Easy Elements for Elementor – Addons & Website Templates <= 1.4.5 - Unauthenticated Privilege Escalation via 'custom_meta' Parameter

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the easyelhandleregister function. This is due to the wpajaxnopriveelregister AJAX handler iterating the attacker-controlled...

EUVD-2026-31410

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the easyelhandleregister function. This is due to the wpajaxnopriveelregister AJAX handler iterating the attacker-controlled...

CVE-2026-9018

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the easyelhandleregister function. This is due to the wpajaxnopriveelregister AJAX handler iterating the attacker-controlled...

CVE-2026-9018 Easy Elements for Elementor – Addons & Website Templates <= 1.4.5 - Unauthenticated Privilege Escalation via 'custom_meta' Parameter

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the easyelhandleregister function. This is due to the wpajaxnopriveelregister AJAX handler iterating the attacker-controlled...

GO-2026-5025 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

PT-2026-42729

Name of the Vulnerable Software and Affected Versions Easy Elements for Elementor – Addons & Website Templates versions prior to 1.4.6 Description An issue exists in the easyel handle register function where the wp ajax nopriv eel register AJAX handler processes the custom meta POST array. The...

9front 安全漏洞

9front is an open-source class Unix distributed operating system based on Plan 9. 9front has a security vulnerability, which stems from respecting the default values provided by the website for HTML file upload forms. This vulnerability could allow attackers to create websites with malicious...

WordPress plugin Easy Elements for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Ankit Patel in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.4...

PT-2026-42444

Name of the Vulnerable Software and Affected Versions MediaArea MediaInfoLib affected versions not specified Description A heap-based buffer overflow occurs during the parsing of LXF elements. A heap-based buffer overflow is a memory corruption issue that happens when an application writes more...

PT-2026-42695

Name of the Vulnerable Software and Affected Versions Plonky3 versions prior to 0.4.3 Plonky3 versions prior to 0.5.3 Description An attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This...

MediaArea MediaInfo 安全漏洞

MediaArea MediaInfo is an application developed by MediaArea Corporation that displays technical information related to video and audio files. MediaArea MediaInfo has a security vulnerability, which stems from a heap buffer overflow issue during the parsing of LXF elements...

EUVD-2026-31153

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0...

CVE-2026-9082

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0...

Malicious code in @riskine-frontend/design-elements (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 307db7b976bd8c59b1e8e8247fee9f91ab6a353bf0ae6aa129ceb8e552d6814c @riskine-frontend/[email protected] is a near-empty package whose only effect on install is to pull an external dependency. index.js contains ju...

MAL-2026-4425 Malicious code in @riskine-frontend/design-elements (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 307db7b976bd8c59b1e8e8247fee9f91ab6a353bf0ae6aa129ceb8e552d6814c @riskine-frontend/[email protected] is a near-empty package whose only effect on install is to pull an external dependency. index.js contains ju...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: A integer overflow has been fixed in aie2queryctxstatusarray. The unpublished smatch static checker reported a warning. In drivers/accel/amdxdna/aie2pci.c, line 904 of aie2queryctxstatusarray: warn: Potential...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtw89 – fixed a potential leak in rtw89.AppendProbeReqie. Replace goto out with kfreeskbnew to prevent potential leaks...