22467 matches found
CVE-2026-42658 WordPress Classified Listing plugin <= 5.3.8 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...
EUVD-2026-36823
Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...
CVE-2026-42658
The CVE-2026-42658 entry concerns the WordPress Classified Listing plugin, affected versions
CVE-2026-42651 WordPress Classified Listing plugin <= 5.3.9 - Broken Access Control vulnerability
Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...
EUVD-2026-36819
Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...
EUVD-2026-36816
Unauthenticated Broken Access Control in Classified Listing = 5.3.8 versions...
EUVD-2026-36813
Unauthenticated SQL Injection in Order Delivery Date for WooCommerce = 4.5.1 versions...
CVE-2026-40785 WordPress AutomatorWP plugin <= 5.6.7 - Broken Authentication vulnerability
Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...
CVE-2026-39472
The CVE-2026-39472 affects the WordPress WooCommerce PDF Invoices & Packing Slips plugin prior to version 5.9.0, where a PHP Object Injection vulnerability was reported affecting shop manager operations. The root cause is a PHP Object Injection flaw in this plugin version, with CVSS 3.1 base metr...
CVE-2026-39441 WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerability
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...
CVE-2026-25425 WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...
CVE-2026-25425
CVE-2026-25425 concerns the WordPress plugin User Registration (versions ≤ 5.1.2). The connected sources confirm an Unauthenticated Broken Access Control vulnerability in this plugin, affecting its ability to restrict access to certain functions or data. The CVE entry explicitly lists the issue a...
CVE-2026-9595 webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies
Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...
Claude Fable 5 and Mythos 5 “abruptly disabled” after US gov. ban
Anthropic has been ordered by the US government to cut off its newest Claude Fable 5 and Mythos 5 models for fear of abuse by adversaries. Reuters reports that Anthropic said it will "abruptly disable" its most advanced AI models for all users after the US government ordered it to suspend access...
EUVD-2026-36723
Subscriber Broken Access Control in Really Simple SSL = 9.5.9 versions...
Handala Hacking Group Claims Breach of California Water Service
The Handala hacking group claims it has targeted California Water Service, leaking 5GB of customer database and GPS network files in its latest infrastructure attack...
Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143
Summary IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143. Although the vulnerability is generally rated low to medium severity due to the specific conditions required for exploitation, it can become more impactful in complex multi-layered architectures where consistent URL...
PT-2026-49479
Unauthenticated Cross Site Scripting XSS in MW WP Form = 5.1.3 versions...
PT-2026-49445
Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...
PT-2026-49378
Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips 5.9.0 versions...