CVE-2026-52696

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

CVE-2026-34888

Unauthenticated Sensitive Data Exposure in Bricksforge = 3.1.8.4 versions...

CVE-2026-52694

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...

CVE-2026-49056

Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels = 4.9.4 versions...

CVE-2026-42667

Unauthenticated Sensitive Data Exposure in Bookly = 27.4 versions...

CVE-2026-40789

Unauthenticated Sensitive Data Exposure in Amelia = 2.2 versions...

CVE-2026-52695 WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout = 1.8.2 versions...

EUVD-2026-36901

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...

CVE-2026-49066 WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...

CVE-2026-34891

CVE-2026-34891 concerns the WordPress IDPay Payment Gateway for WooCommerce plugin (

PT-2026-49480

Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...

PT-2026-49363

Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce = 2.2.5 versions...

WordPress Ditty – Responsive News Tickers, Sliders, and Lists plugin <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Ditty versions = 3.1.65...

PT-2026-42102

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current url' and 'user name' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes...

WordPress MW WP Form plugin <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Kirasec in WordPress Plugin MW WP Form versions = 5.1.2...

Vulnerabilities in Oracle Identity Manager Connector

Oracle has identified several vulnerabilities in the Oracle Identity Manager Connector version 12.2.1.4.0. These vulnerabilities allow an attacker without authentication to perform unauthorized actions through network access via HTTPS or HTTP, such as creating, deleting, or modifying critical dat...

CVE-2026-34285

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager...

Oracle HTTP Server 安全漏洞

Oracle HTTP Server is a web server component of Oracle’s Fusion Middleware, developed by Oracle Corporation in the United States. Versions 12.2.1.4.0 and 14.1.2.0.0.0 of Oracle HTTP Server contain security vulnerabilities. These vulnerabilities stem from issues with Core components, which may all...

Oracle Database Server 安全漏洞

Oracle Database Server is a relational database management system developed by Oracle Corporation in the United States. This database management system provides features such as data management and distributed processing. Versions of Oracle Database Server from 23.4.0 to 23.26.1 have security...

Oracle多款产品 安全漏洞

Oracle Java SE, among others, are products of Oracle Corporation in the United States. Oracle Java SE is used for developing and deploying Java applications for desktops, servers, embedded devices, and real-time environments. Oracle GraalVM for JDK is a high-performance, multi-language runtime an...