WordPress Realtyna Organic IDX plugin plugin <= 5.1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by ParkHyunWoo in WordPress Plugin Realtyna Organic IDX plugin versions = 5.1.0...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: s390: Avoid using a global register for the currentstackpointer The commit 30de14b1884b “s390: The currentstackpointer should not be a function” changed the currentstackpointer to a global register variable, as is common on many...

WordPress InfusedWoo Pro plugin <= 5.1.2 - Unauthenticated Missing Authorization to Arbitrary Post Deletion vulnerability

Unauthenticated Missing Authorization to Arbitrary Post Deletion vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin InfusedWoo Pro versions = 5.1.2...

CVE-2026-42856 Network-AI: Missing authentication on MCP HTTP endpoint allows unauthenticated privileged tool calls

Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind address is 0.0.0.0. ...

CVE-2026-41654

Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo...

CVE-2026-3601 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the embedformaction function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level acce...

WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification vulnerability

Missing Authorization to Authenticated Contributor+ Limited Page Content Modification vulnerability discovered by Hunter Jensen skid in WordPress Plugin User Registration versions = 5.1.4...

CVE-2026-7705

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-42652 WordPress User Registration plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through = 5.1.5...

CVE-2026-1726

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1...

CVE-2026-1726

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1...

CVE-2026-4300 Robo Gallery <= 5.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'Loading Label' Setting

The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom |...| marker pattern in its fixJsFunction method to embed raw JavaScript function references within JSON-encoded...

CVE-2026-3124

The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to complete arbitrary...

CVE-2025-25277

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios...

CVE-2026-25361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magepeopleteam WpEvently mage-eventpress allows Reflected XSS.This issue affects WpEvently: from n/a through = 5.1.4...

OpenHarmony 缓冲区错误漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony prior to v5.1.0 contained a buffer error vulnerability. This vulnerability stems from out-of-bounds writing, which could allow local attackers to execute...

CVE-2026-32356

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a through = 5.1.2...

CVE-2026-32356 WordPress Robo Gallery plugin <= 5.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a through = 5.1.2...

PT-2026-25203

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a through = 5.1.2...

CVE-2026-3179 A path traversal vulnerability was found in the FTP Backup on the ADM.

The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path...