CVE-2026-4021 Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...

CVE-2026-4021

The CVE-2026-4021 entry documents an authentication bypass in the Contest Gallery WordPress plugin up through version 28.1.5. The root cause is a mismatch in the email-to-user-ID flow: users-registry-check-after-email-or-pin-confirmation.php uses the email string in a WHERE ID = %s clause instead...

Weblate: Login CSRF : Login Authentication Flaw

Hi Team, Domain: demo.weblate.org In this bug, i have found a way to login any person to the attackers account, therefor when any user login to attackers account, the attacker can see the victims activity inside attackers account such as sensitive information. The issue relies on registration...

Windows website loophole allow anyone to get WIndows 8 in just $14.99

Windows 8 launched in 37 languages and 140 worldwide markets, as the tech giant unveiled the new version of its computer operating system. The OS is now available in over 30 certified devices, and a broad selection of local apps are already available in the onboard Windows Store. It is also...