CVE-2026-9320

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

CVE-2025-33128

IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

ROOT-OS-UBUNTU-2404-CVE-2025-68188 CVE-2025-68188 in rootio-linux - Patched by Root

Root has patched CVE-2025-68188 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

Aquatronica Controller System <= 5.1.6 - Information Disclosure

Aquatronica Controller System firmware 5.1.6 and earlier and web interface 2.0 and earlier contain an information disclosure vulnerability caused by unauthenticated access to tcp.php endpoint, letting remote attackers retrieve sensitive configuration data including plaintext credentials, exploit...

CVE-2026-48774

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

CVE-2026-11395

The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.0 via the pullthetrigger. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

EUVD-2026-37647

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

EUVD-2026-37653

Unauthenticated Local File Inclusion in Right Way = 4.0 versions...

CVE-2026-30803

RTI Connext Micro (Core Libraries) is affected by an Integer Underflow (wrap/wraparound) vulnerability that allows overread of buffers. Affected versions are Connext Micro 4.0.0 up to (but not including) 4.3.0. The issue is documented across CVE-2026-30803 entries in NVD and CVE records; no explo...

CVE-2025-69120

Unauthenticated Local File Inclusion in Dazzle = 1.0.0 versions...

CVE-2026-39568

Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...

CVE-2025-69131

Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

EUVD-2026-37699

Unauthenticated Local File Inclusion in Kastell = 2.0 versions...

CVE-2026-40721 WordPress Element Pack Pro plugin <= 9.0.6 - Local File Inclusion vulnerability

Contributor Local File Inclusion in Element Pack Pro = 9.0.6 versions...

CVE-2026-39548 WordPress MagOne theme <= 9.0 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in MagOne = 9.0 versions...

CVE-2025-69103 WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability

Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...

CVE-2026-42089

The CVE concerns yeoman-environment. Vulnerable versions 2.9.0 through 6.0.0 install missing local generator packages from attacker-controlled names without user confirmation, via installLocalGenerators() calling repository.install(). This can cause arbitrary package installation and code executi...

PT-2026-50105

Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...

PT-2026-50100

Unauthenticated Cross Site Scripting XSS in MagOne = 9.0 versions...

PT-2026-50080

Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...