CVE-2026-24781

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been...

CVE-2026-32883

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0...

CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

WordPress Visualizer Plugin <= 3.10.15 is vulnerable to SQL Injection

Software Visualizer Type Plugin Vulnerable versions = 3.10.15 Fixed in 3.11.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-3750 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6418115de830 Credits Krzysztof Zając Required privilege Subscriber...

WordPress FunnelKit Checkout Plugin <= 3.10.3 is vulnerable to Settings Change

Software FunnelKit Checkout Type Plugin Vulnerable versions = 3.10.3 Fixed in 3.11.0 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2023-51671 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f63332e6c6a9 Credits Dave Jong Patchstack Required...