PT-2026-49445

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

PT-2026-49403

Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...

PT-2026-49444

Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.6.7 versions...

PT-2026-49547

Name of the Vulnerable Software and Affected Versions Canon EOS Network Setting Tool versions prior to 1.5.1 Description The software employs weak SSH cryptographic algorithms, which are encryption methods used to secure communication over the Secure Shell SSH protocol that are no longer consider...

CVE-2026-38065

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionimsonwithapn via the imsapn parameter...

PT-2026-49398

Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...

PT-2026-49449

Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...

PT-2026-49480

Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...

CVE-2026-38062

Summary: CVE-2026-38062 affects Tenda 5G03 (V05.03.02.04, Version 1.0). The issue is a command injection in the function action_set_rat_mode via the ratMode parameter. Multiple trusted sources (NVD, EUVD, CVE lists, vuln enrichment) describe this vulnerability with the same root cause. The CVSS v...

PT-2026-49407

Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...

PT-2026-49356

Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...

CVE-2026-39118

An issue in Iru, Inc Kandji Agent before v.4.7.55374 allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality...

PT-2026-49442

Unauthenticated Broken Access Control in Classified Listing = 5.3.8 versions...

PT-2026-49516

Name of the Vulnerable Software and Affected Versions Dokan versions prior to 5.0.3 Description A privilege escalation issue exists that allows a user with customer privileges to gain higher access levels. Recommendations Update to a version later than 5.0.2...

PT-2026-49488

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...

PT-2026-49378

Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips 5.9.0 versions...

PT-2026-49467

Unauthenticated Other Vulnerability Type in WpEvently = 5.3.3 versions...

PT-2026-49477

Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...

PT-2026-49314

Name of the Vulnerable Software and Affected Versions flatnotes version 5.5.4 Description An arbitrary file upload issue exists in the attachment handling component. This allows attackers to execute arbitrary code by uploading a specially crafted HTML or SVG file. Recommendations At the moment,...

PT-2026-49344

Name of the Vulnerable Software and Affected Versions FV Flowplayer Video Player versions prior to 7.5.51.7212 Description Cross Site Scripting XSS is possible for users with the Subscriber role. This issue allows an attacker to inject malicious scripts into web pages viewed by other users...