22574 matches found
CVE-2026-39441 WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerability
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...
CVE-2026-25425
CVE-2026-25425 concerns the WordPress plugin User Registration (versions ≤ 5.1.2). The connected sources confirm an Unauthenticated Broken Access Control vulnerability in this plugin, affecting its ability to restrict access to certain functions or data. The CVE entry explicitly lists the issue a...
CVE-2026-25425 WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...
CVE-2026-9595 webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies
Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...
Claude Fable 5 and Mythos 5 “abruptly disabled” after US gov. ban
Anthropic has been ordered by the US government to cut off its newest Claude Fable 5 and Mythos 5 models for fear of abuse by adversaries. Reuters reports that Anthropic said it will "abruptly disable" its most advanced AI models for all users after the US government ordered it to suspend access...
EUVD-2026-36723
Subscriber Broken Access Control in Really Simple SSL = 9.5.9 versions...
Handala Hacking Group Claims Breach of California Water Service
The Handala hacking group claims it has targeted California Water Service, leaking 5GB of customer database and GPS network files in its latest infrastructure attack...
Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143
Summary IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143. Although the vulnerability is generally rated low to medium severity due to the specific conditions required for exploitation, it can become more impactful in complex multi-layered architectures where consistent URL...
PT-2026-49518
Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...
PT-2026-49521
Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...
PT-2026-49301
Name of the Vulnerable Software and Affected Versions Kandji Agent versions prior to 4.7.55374 Description A client validation gap in the software allows a local attacker to escalate privileges and invoke restricted agent functionality. Recommendations Update to version 4.7.55374 or later...
PT-2026-49445
Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...
PT-2026-49480
Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...
PT-2026-49403
Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...
PT-2026-49424
Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...
PT-2026-49347
Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...
PT-2026-49547
Name of the Vulnerable Software and Affected Versions Canon EOS Network Setting Tool versions prior to 1.5.1 Description The software employs weak SSH cryptographic algorithms, which are encryption methods used to secure communication over the Secure Shell SSH protocol that are no longer consider...
CVE-2026-38065
Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionimsonwithapn via the imsapn parameter...
PT-2026-49398
Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...
PT-2026-49449
Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...