PT-2026-47059

We just found and disclosed CVE-2026-10753 in Google's Site Kit, the official Google plugin running on 5M+ WordPress sites. Our team caught a broken access control flaw that slipped past everyone else. One REST API write endpoint checked for view level access when it should have required admin...

CVE-2026-43510

manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30...

CVE-2026-43510 CISA manage.get.gov insecure portfolio administrative privileges

manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30...

CVE-2026-43510

The CVE concerns the manage.get.gov registrar (CISA) where an organization administrator could assign domain manager privileges for domains not already in another organization. The issue is fixed in version 1.176.0 (on or around 2026-04-30). Affected scope and exact root cause are not detailed be...