WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Media Deletion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin User Registration versions = 5.1.5...

WordPress Meta Field Block – Display custom fields in the Block Editor without coding plugin <= 1.5.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary User Meta Exposure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary User Meta Exposure vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Meta Field Block versions = 1.5.1...

EUVD-2026-32007

Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earlier, a prototype pollution vulnerability was discovered in velocityjs. This issue occurs during the processing of set directives in Velocity templates. If an application renders a template controll...

CVE-2026-44966 Velocity.js: Prototype Pollution in #set path assignment

Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earlier, a prototype pollution vulnerability was discovered in velocityjs. This issue occurs during the processing of set directives in Velocity templates. If an application renders a template controll...

CVE-2026-44966 Velocity.js: Prototype Pollution in #set path assignment

Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earlier, a prototype pollution vulnerability was discovered in velocityjs. This issue occurs during the processing of set directives in Velocity templates. If an application renders a template controll...

CVE-2026-42335

MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch chat/api/oss/geturl endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse...

CVE-2026-44843

LangChain CVE-2026-44843 affects LangChain-core runtimes prior to 0.3.85 and 1.3.3, which use older code paths with broad object allowlists that can revive trusted LangChain-serializable objects via load()/loads() calls. This may let attacker-controlled serialized constructor dictionaries instant...

CVE-2026-44776 Kavita: IDOR in /api/Download/*

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

CVE-2026-38587

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

WordPress Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin <= 26.5 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by NumeX in WordPress Plugin Yoast SEO versions = 26.5...

CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

JLSEC-2026-527

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...

CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

CVE-2026-45247 Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

CVE-2026-45247

Summary: CVE-2026-45247 affects Mirasvit Full Page Cache Warmer for Magento 2 (pre‑1.11.12). The vulnerability arises from an unsafe PHP deserialization: a crafted serialized object placed in the CacheWarmer cookie is passed to PHP’s unserialize() without class restrictions, enabling unauthentica...

EUVD-2026-31837

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

CVE-2026-45247 Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

CVE-2026-9541

A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...

WordPress Entrepreneur - Booking for Small Businesses WordPress Theme theme <= 3.1.3 - PHP Object Injection vulnerability

WordPress Entrepreneur - Booking for Small Businesses WordPress Theme theme = 3.1.3 - PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Theme Entrepreneur - Booking for Small Businesses WordPress Theme versions = 3.1.3...

WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Plumbing versions = 1.6...