EUVD-2026-38905

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix deadlock in hidpostreset You can build a USB device that includes a HID component and a storage or UAS component. The components can be reset only together. That means that hidprereset and hidpostreset are in the...

CVE-2026-53946

Ghost (Node.js CMS) is affected in versions 6.19.4–6.21.1. During post re-render, Ghost fetches image dimensions by issuing an outbound HTTP request to the URL stored on an image card, without restricting allowed hosts. An authenticated staff user who can create or edit posts could point an image...

CVE-2026-56121

creationtimestamp| type| source ---|---|--- 2026-06-24 17:02:50+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3mp2fgb4nax2n 2026-06-24 18:05:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp2ivxcg222z...

CVE-2025-71354

creationtimestamp| type| source ---|---|--- 2026-06-24 13:34:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mozzrnjger2y 2026-06-24 14:28:38+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mp24sjeu6h2r 2026-06-24 17:14:52+00:00| seen|...

CVE-2026-4983

creationtimestamp| type| source ---|---|--- 2026-06-24 11:40:04+00:00| seen| https://bsky.app/profile/cybersecinsight.bsky.social/post/3moztf4hs7n2y...

CVE-2026-56052

creationtimestamp| type| source ---|---|--- 2026-06-24 11:09:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mozrolt35i2m...

CVE-2026-7761

creationtimestamp| type| source ---|---|--- 2026-06-24 08:29:44+00:00| seen| https://bsky.app/profile/suriq.io/post/3moziqqecbx2r 2026-06-24 13:29:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mozzioqcpk2s...

CVE-2026-8628

creationtimestamp| type| source ---|---|--- 2026-06-24 08:16:22+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mozhyueuiw2q...

CVE-2026-12417

creationtimestamp| type| source ---|---|--- 2026-06-24 08:03:09+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3mozhba5qeo2p 2026-06-24 10:30:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mozpiorzoj2l 2026-06-24 10:30:38+00:00| seen|...

CVE-2026-12416

creationtimestamp| type| source ---|---|--- 2026-06-24 08:03:01+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3mozhayscl62p 2026-06-24 09:00:33+00:00| seen| https://infosec.exchange/users/offseq/statuses/116804264395356312 2026-06-24 09:00:35+00:00| seen|...

CVE-2026-8688

The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-10749

The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's double-serialization protection, allowing users with Contributor-level access and above to inject a PHP...

CVE-2026-7761 Ultimate Member <= 2.11.4 - Authenticated (Contributor+) Account Takeover via Password Reset Link Disclosure

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in getdirectorybyhash that allows any post to be used as a member directory ...

CVE-2026-12849

creationtimestamp| type| source ---|---|--- 2026-06-24 06:28:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mozbycv5rt25...

CVE-2026-10749

CVE-2026-10749 affects the Post Duplicator WordPress plugin (pre-3.0.15). The vulnerability arises from improper handling of custom metadata during post duplication, storing attacker-supplied serialized values without the WordPress meta API double-serialization protection, enabling PHP Object inj...

CVE-2026-10749 Post Duplicator < 3.0.15 - Contributor+ PHP Object Injection via customMetaData

The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's double-serialization protection, allowing users with Contributor-level access and above to inject a PHP...

EUVD-2026-38694

The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's double-serialization protection, allowing users with Contributor-level access and above to inject a PHP...

CVE-2026-9620

CVE-2026-9620 concerns the WordPress plugin WP Latest Posts (≤ 5.0.11). It enables a Stored Cross-Site Scripting (XSS) via crafted image src attributes in post content. The root cause is insufficient output escaping in the plugin’s field() and loop() functions, which extract the raw src from img ...

EUVD-2026-38685

The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-10092 Cincopa video and media plug-in <= 1.163 - Unauthenticated Stored Cross-Site Scripting via cincopa Shortcode in Post Comments

The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cincopa Shortcode in Post Comments in all versions up to, and including, 1.163 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...