PT-2026-49479

Unauthenticated Cross Site Scripting XSS in MW WP Form = 5.1.3 versions...

PT-2026-49445

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

PT-2026-49444

Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.6.7 versions...

PT-2026-49488

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...

PT-2026-49547

Name of the Vulnerable Software and Affected Versions Canon EOS Network Setting Tool versions prior to 1.5.1 Description The software employs weak SSH cryptographic algorithms, which are encryption methods used to secure communication over the Secure Shell SSH protocol that are no longer consider...

PT-2026-49301

Name of the Vulnerable Software and Affected Versions Kandji Agent versions prior to 4.7.55374 Description A client validation gap in the software allows a local attacker to escalate privileges and invoke restricted agent functionality. Recommendations Update to version 4.7.55374 or later...

CVE-2026-38065

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionimsonwithapn via the imsapn parameter...

PT-2026-49398

Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...

PT-2026-49518

Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...

PT-2026-49314

Name of the Vulnerable Software and Affected Versions flatnotes version 5.5.4 Description An arbitrary file upload issue exists in the attachment handling component. This allows attackers to execute arbitrary code by uploading a specially crafted HTML or SVG file. Recommendations At the moment,...

PT-2026-49449

Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...

PT-2026-49480

Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...

CVE-2026-38062

Summary: CVE-2026-38062 affects Tenda 5G03 (V05.03.02.04, Version 1.0). The issue is a command injection in the function action_set_rat_mode via the ratMode parameter. Multiple trusted sources (NVD, EUVD, CVE lists, vuln enrichment) describe this vulnerability with the same root cause. The CVSS v...

PT-2026-49407

Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...

PT-2026-49403

Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...

PT-2026-49356

Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...

PT-2026-49521

Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...

CVE-2026-39118

An issue in Iru, Inc Kandji Agent before v.4.7.55374 allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality...

PT-2026-49442

Unauthenticated Broken Access Control in Classified Listing = 5.3.8 versions...

PT-2026-49516

Name of the Vulnerable Software and Affected Versions Dokan versions prior to 5.0.3 Description A privilege escalation issue exists that allows a user with customer privileges to gain higher access levels. Recommendations Update to a version later than 5.0.2...