WordPress Child theme Wizard plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Child Theme Wizard versions = 1.4...

EUVD-2026-35091

phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing...

UBUNTU-CVE-2026-54516

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

EUVD-2026-38590

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

CVE-2026-45840 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-45840 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-46068 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46068 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

PT-2026-50801

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.4 Description Missing authorization in the public API allows users to bypass role permission checks. The system only verifies a shared API key header via the hasValidToken function instead of validating individua...

EUVD-2025-210253

Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...

EUVD-2026-37592

Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...

CVE-2026-48869

Unauthenticated Cross Site Scripting XSS in Enfold = 7.1.4 versions...

CVE-2026-40723

Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...

CVE-2026-35265

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: Security. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successfu...

CVE-2025-69122

CVE-2025-69122 affects WordPress SeaFood Company theme versions up to 1.4. It describes an unauthenticated PHP Object Injection vulnerability with a CVSS v3.1 base score of 9.8 (NETWORK, NONE/LOW ACCESS, HIGH impact on confidentiality, integrity, and availability). The connected documents confirm...

CVE-2026-39574

Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...

PT-2026-50113

Unauthenticated PHP Object Injection in Roisin = 1.4 versions...

PT-2026-50081

Unauthenticated PHP Object Injection in SeaFood Company = 1.4 versions...

PT-2026-49510

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...

CVE-2026-46540

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

CVE-2026-10553

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFootnotesoptionssubpanel function. This makes it possible for unauthenticated attackers to update th...

CVE-2026-46541

CVE-2026-46541 (Nimiq network-libp2p): Before 1.4.0, DHT handling in handle_dht_get() sometimes did not initialize the DhtResults accumulator if the first DHT record failed verification. This caused all subsequent valid records to be discarded with “DHT inconsistent state” errors, enabling potent...