PT-2026-49963

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Metadata Plugin. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle...

PT-2026-50086

Name of the Vulnerable Software and Affected Versions ACPT Pro - Custom Post Types Plugin for WordPress versions prior to 2.0.48 Description Improper Control of Generation of Code allows for Remote Code Inclusion and unauthenticated Remote Code Execution RCE. This issue enables an attacker to...

PT-2026-49964

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Metadata Plugin. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

PT-2026-50082

Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

PT-2026-49960

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Metadata Plugin. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle...

CVE-2026-11832

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable...

EUVD-2026-36988

Unauthenticated Broken Access Control in WPAdverts = 2.3.0 versions...

EUVD-2026-36989

Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...

EUVD-2026-36975

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

EUVD-2026-36930

Unauthenticated Cross Site Scripting XSS in WP Google Review Slider = 18.0 versions...

EUVD-2026-36950

Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...

EUVD-2026-36921

Unauthenticated Cross Site Scripting XSS in GiveWP = 4.14.2 versions...

EUVD-2026-36922

Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...

EUVD-2026-36919

Subscriber Broken Access Control in Rank Math SEO = 1.0.271 versions...

EUVD-2026-36926

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

EUVD-2026-36799

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...

EUVD-2026-36767

An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request...

EUVD-2026-36794

Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute. Attackers can trigg...

CVE-2026-11832 Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable...

CVE-2026-11832

CVE-2026-11832 affects Dancer2::Plugin::Auth::OAuth for Perl, specifically versions before 0.22. The root cause is a predictable nonce: the default nonce is generated using an MD5 hash of the epoch time, enabling potential predictability in authentication flows. The available documents do not pro...