WordPress MinhNhut Link Gateway plugin <= 3.6.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin MinhNhut Link Gateway versions = 3.6.1...

CVE-2025-48977

creationtimestamp| type| source ---|---|--- 2026-05-28 09:17:24+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mmvot54h5h2m 2026-05-28 12:14:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvypbrv6o2q...

CVE-2026-4377 Use of Weak Credentials in D-Link DWR-X1820 router

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

CVE-2026-4377

The CVE refers to the D-Link DWR-X1820 router, where a weak default password is generated from the IMEI and does not require change by the user. This vulnerability can allow an attacker who knows the password-generation method to crack the default password given the device IMEI. A fix is availabl...

CVE-2026-4377 Use of Weak Credentials in D-Link DWR-X1820 router

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

CVE-2026-9803

creationtimestamp| type| source ---|---|--- 2026-05-28 07:53:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvk5sxddj2t...

CVE-2026-9673

creationtimestamp| type| source ---|---|--- 2026-05-28 07:43:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvjlvvqlf2q...

CVE-2026-9796

creationtimestamp| type| source ---|---|--- 2026-05-28 07:24:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvijedyoo2q...

CVE-2026-9798

creationtimestamp| type| source ---|---|--- 2026-05-28 07:17:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvi4od46s2h...

CVE-2026-9795

creationtimestamp| type| source ---|---|--- 2026-05-28 07:14:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvhxby6g72v...

CVE-2026-9644

creationtimestamp| type| source ---|---|--- 2026-05-28 07:11:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvhsficy22n 2026-05-29 01:24:13+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mmxetw7lxy2i...

CVE-2026-9801

creationtimestamp| type| source ---|---|--- 2026-05-28 07:06:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvhjrk23y2v...

CVE-2026-9794

creationtimestamp| type| source ---|---|--- 2026-05-28 07:04:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvhfwk2vu2e...

CVE-2026-7651 User Registration & Membership <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion via 'profile-pic-url' Parameter

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...

D-Link - Unauthenticated Remote Code Execution

OS command injection vulnerability in soap.cgi soapcgimain in cgibin in D-Link DIR-880L DIR-880LREVAFIRMWAREPATCH1.08B04 and previous versions, DIR-868L DIR868LA1FW112b04 and previous versions, DIR-65L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and...

CVE-2026-7533 Easy Digital Downloads <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking via 'square_tokens' Parameter

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

CVE-2026-6824

creationtimestamp| type| source ---|---|--- 2026-05-28 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-05 2026-05-29 19:00:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmz7upfzmm27 2026-05-29 20:27:22+00:00| seen|...

SUSE CVE-2026-45915

In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect inlink e.g. 2 even though subdirectories exist. rmdir then unconditionally calls dropnlinkdir and can drive inlink...

SUSE CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

SUSE CVE-2026-46027

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...