CVE-2026-3296

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize on stored entry meta...

openldap: slapd crash on NOOP control operation on entry in bdb storage

The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service crash via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability...