EUVD-2026-34191

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

EUVD-2026-34190

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

CVE-2026-8653

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

CVE-2026-8653 MasterStudy LMS Pro Plus <= 4.8.20 - Authenticated (Instructor+) SQL Injection via 'columns' Parameter

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

CVE-2026-10737 SP Project & Document Manager <= 4.71 - Missing Authorization to Unauthenticated Arbitrary File Information Disclosure via view_file() Function

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is affected up to version 4.71 by an access control flaw in view_file that allows unauthenticated attackers to read file metadata and obtain download links for files stored in project folders. The authorization gate uses a negated nonce check...

PT-2026-46111

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view file function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links...

PT-2026-46129

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

Moderate: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Moderate: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

CVE-2025-15656

CVE-2025-15656 is an Incorrect Privilege Assignment vulnerability affecting the WordPress School Management plugin (the CVE entry and related records list affected scope as WordPress School Management up to version 93.2.0). The underlying issue is privilege escalation via improper privilege assig...

CVE-2025-15655

The CVE-2025-15655 entry pertains to a SQL Injection in the WordPress School Management plugin (

CVE-2025-15655 WordPress School Management plugin <= 93.2.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0...

CVE-2025-15654 WordPress Prague plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8...

CVE-2025-15654 WordPress Prague plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8...

CVE-2025-15654

CVE-2025-15654 describes a Reflected XSS in the Fox-themes Prague WordPress plugin (≤ 2.2.8). The root cause is improper neutralization of input during web page generation. Affected software is the Prague plugin, with vulnerable versions listed as up to 2.2.8; the issue is classified with CVSS 3....

Moderate: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...