CVE-2026-27329 WordPress YITH WooCommerce Wishlist plugin <= 4.12.0 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0...

CVE-2026-27329

The CVE concerns WordPress YITH WooCommerce Wishlist plugin (versions

WordPress YITH WooCommerce Wishlist plugin <= 4.12.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by PPzzAArr in WordPress Plugin YITH WooCommerce Wishlist versions = 4.12.0...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues Updated to Mozilla Thunderbird 140.10.1: MFSA 2026-34 bsc1262230: CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. CVE-2026-6747: Use-after-free in the WebRTC component. CVE-2026-6748: Uninitialized memory in the...

SUSE-SU-2026:1741-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues Updated to Mozilla Thunderbird 140.10.1: MFSA 2026-34 bsc1262230: - CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. - CVE-2026-6747: Use-after-free in the WebRTC component. - CVE-2026-6748: Uninitialized memory in the...

CVE-2026-41586 ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without...

CVE-2026-41586

CVE-2026-41586 affects Hyperledger Fabric’s deprecated fabric-sdk-java (Channel.java) where readObject() is invoked on untrusted bytes without an ObjectInputFilter, enabling Java deserialization RCE. Exploitation requires crafted serialized Channel data processed by deSerializeChannel(), with hig...

Improper Isolation or Compartmentalization

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through the globalPromise.prototype.then onFulfilled wrapper in the Promise bridge. An attacker can supply...

NPM: vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary

NPM: vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

GHSA-MPF8-4HX2-7CJG vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary

Summary A sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the sandbox .then callback preserves host identity. This...

vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary

Summary A sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the sandbox .then callback preserves host identity. This...

CVE-2026-41201

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated vi...

UBUNTU-CVE-2026-41673

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...

vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape

Summary vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet and otherReflectDefineProperty, which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate...

NPM: vm2 Access to Host Object Enables Sandbox Escape

NPM: vm2 Access to Host Object Enables Sandbox Escape vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

GHSA-47X8-96VW-5WG6 vm2 Access to Host Object Enables Sandbox Escape

Summary It is possible to obtain the host Object, https://github.com/patriksimek/vm2/commit/ebcfe94ad2f864f0bc35e78cff1d921107cfd160 added some protections, but the implementation is incomplete. Details There are various ways to use the host Object, to escape the sandbox, one example would be usi...

vm2 Access to Host Object Enables Sandbox Escape

Summary It is possible to obtain the host Object, https://github.com/patriksimek/vm2/commit/ebcfe94ad2f864f0bc35e78cff1d921107cfd160 added some protections, but the implementation is incomplete. Details There are various ways to use the host Object, to escape the sandbox, one example would be usi...

CVE-2026-41673

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...

CVE-2026-41672

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating or...

SUSE CVE-2026-43106

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefilescull The patch mentioned below changed cachefilesburyobject to expect 2 references to the 'rep' dentry. Three of the callers were changed to use startremovingdentry which tak...