CVE-2026-39468

Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework = 5.11.1 versions...

EUVD-2026-32922

TinyMCE Cross-Site Scripting XSS vulnerability using media plugin data-mce-object injection...

CVE-2026-26379

Koha versions up to 25.11 contain a Server-Side Request Forgery SSRF vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times...

UBUNTU-CVE-2026-47759

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization,...

CVE-2026-47762 TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

CVE-2026-47762

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

CVE-2026-47761

Summary: CVE-2026-47761 is a stored XSS vulnerability in TinyMCE’s media plugin, triggered by crafted data-mce-* attributes during content rendering. Affected software: TinyMCE (open source rich text editor); affected version range prior to 5.11.1, 7.9.3, and 8.5.1. Root cause/Vector: Media plugi...

CVE-2026-9673

CVE-2026-9673 affects json-2-csv versions 3.15.0 and earlier up to 5.5.11, vulnerable to CSV Injection via the preventCsvInjection option, which can be bypassed. An attacker can inject formulas into CSV files that execute when opened in spreadsheet apps. The SNYK entry describes a PoC and recomme...

PT-2026-44391

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 Description A stored Cross-Site Scripting XSS issue exists via forged mce:protected comments. This allows attackers to bypass sanitization and...

Unity Linux 20.1060e / 20.1070e Security Update: qt5-qtbase (UTSA-2026-017636)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017636 advisory. An out-of-bounds memory access in the generateDirectionalRuns function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a...

CVE-2025-53444

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through 5.1.11...

PT-2026-33076

Name of the Vulnerable Software and Affected Versions Userpro versions prior to 5.1.11 Description A Cross-Site Request Forgery CSRF flaw in DeluxeThemes Userpro allows an attacker to induce a user to perform actions they did not intend to. CSRF is a technique where a malicious site tricks a user...

CVE-2026-39647

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

EUVD-2026-20309

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

CVE-2026-39647 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

CVE-2026-39647

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

CVE-2026-39647 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

CVE-2026-39647

CVE-2026-39647 describes a Server-Side Request Forgery (SSRF) in the WordPress plugin “MP3 Audio Player for Music, Radio & Podcast by Sonaar”, affected through version 5.11. The connected records confirm the issue is SSRF and affect the plugin with versions up to 5.11. No remediation details are ...

PT-2026-31211

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

Updated python-ujson packages fix security vulnerabilities

CVE-2026-32874 ujson 5.4.0 to 5.11.0 inclusive contains an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. ujson 5.4.0 to 5.11.0 has an integer overflow while handling a large indent which leads to a buffer overflow or infinite loop...