CVE-2026-56013

The CVE describes an unauthenticated Insecure Direct Object References (IDOR) in the WordPress License Manager for WooCommerce plugin, affected versions up to 3.0.15. The vulnerability stems from insecure direct object references that could allow unauthenticated access to license data. Connected ...

EUVD-2026-39376

Unauthenticated Insecure Direct Object References IDOR in License Manager for WooCommerce = 3.0.15 versions...

Reprise License Manager 14.2 - Cross-Site Scripting

Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/loginprocess 'username' parameter via GET, whereby no authentication is required. id: CVE-2022-28363 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: Akincibor severity: medi...

CVE-2026-55762

Rocket.Chat CVE-2026-55762 concerns an unauthenticated mis-authorization on POST /api/v1/fingerprint. Prior to fixed versions, authenticated users could call the endpoint with {"setDeploymentAs": "new-workspace"} to permanently deregister the workspace from Rocket.Chat Cloud, wiping cloud credent...

PT-2026-52118

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

CVE-2026-48089

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create,...

CVE-2026-48089 DevGuard has improper authorization on public assets

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create,...

WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin License Manager for WooCommerce versions = 3.0.15...

CVE-2026-11357

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...

CVE-2026-11357

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress (versions up to and including 3.7.5) contains a Sensitive Information Exposure flaw in editor_assets_variables. Authenticated attackers with contributor-level access can extract license key, license owner email, a...

CVE-2026-11357 Kadence Blocks <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor proData Localization

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...

EUVD-2026-37843

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...

CVE-2026-10748

Nexus Repository 3 is affected by CVE-2026-10748: an authenticated user with nx-licensing-create can upload a crafted license file to trigger remote code execution as the Nexus process user. Vulnerable in versions before 3.92.0. Remediation: upgrade to 3.92.0 or later according to Sonatype releas...

Openfire Administration Console - Authentication Bypass

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

VulnAnalyzer

🔍 VulnAnalyzer 2.1 A comprehensive automated vulnerability...

EUVD-2026-32590

Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign...

Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign

Summary /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders builder.apps set but builder.global unset. The controller th...

WordPress Feeds for YouTube plugin < 2.6.4 - Subscriber+ License Data Deletion vulnerability

Subscriber+ License Data Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Feeds for YouTube versions 2.6.4...

Enhanced License Plate Tracking

The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers ALPRs that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique identifiers of mobile phones, wearables, and...

CVE-2025-62851

A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: License...