CVE-2026-12602

Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive...

EUVD-2025-210251

Unauthenticated Cross Site Scripting XSS in Avante 3.0.5 versions...

CVE-2026-49113

Subscriber Arbitrary Code Execution in Cornerstone 7.8.8 versions...

CVE-2026-39582

Unauthenticated Local File Inclusion in Hitek 1.8.3 versions...

CVE-2026-34894

Unauthenticated Local File Inclusion in Integrio Core 1.2.8 versions...

DEBIAN-CVE-2026-12446

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2025-69161

Unauthenticated Local File Inclusion in Snowy = 1.13 versions...

CVE-2025-69140 WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in SweetDate Core 1.1.5 versions...

CVE-2026-49107

CVE-2026-49107 concerns unauthenticated PHP Object Injection in the WordPress Thrive Apprentice plugin for versions below 10.8.10.2. The vulnerability is described as an unauthenticated PHP Object Injection, affecting Thrive Apprentice, with a CVSS v3.1 base score of 9.8 (CRITICAL) and an attack ...

CVE-2026-49084

JetEngine (WordPress plugin) versions earlier than 3.8.9.1 are affected by unauthenticated SQL Injection. The vulnerability is described as a high-severity (CVSS 3.1: 9.3) issue with network access and no required privileges, impacting confidentiality. A fix is available in 3.8.9.1 and later; upg...

CVE-2026-34895

The CVE covers WordPress Softlab Core plugin, versions prior to 1.2.11, affected by an unauthenticated Local File Inclusion. The root cause is an LFI flaw in Softlab Core

CVE-2026-27395 WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Support Board 3.8.9 versions...

EUVD-2026-36977

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

EUVD-2026-36954

Subscriber Broken Access Control in Motors 1.4.107 versions...

CVE-2026-42662

Unauthenticated Bypass Vulnerability in Event Tickets = 5.27.5 versions...

CVE-2026-40793

CVE-2026-40793 concerns the WordPress Groundhogg plugin (versions earlier than 4.4.1) with a Broken Access Control vulnerability. The public description identifies the issue as a subscriber-level access control flaw in Groundhogg &lt; 4.4.1. The connected documents corroborate that the vulnerabil...

CVE-2026-39515

The WordPress Motors plugin for WordPress, versions prior to 1.4.107, contains a Broken Access Control vulnerability that involves the Subscriber role. The issue enables unauthorized actions due to access control weaknesses in Motors

EUVD-2026-36718

Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

CVE-2026-43958 affecting package rrdtool for versions less than 1.8.0-3

CVE-2026-43958 affecting package rrdtool for versions less than 1.8.0-3. A patched version of the package is available...

CVE-2026-10846 affecting package ldns for versions less than 1.8.3-3

CVE-2026-10846 affecting package ldns for versions less than 1.8.3-3. A patched version of the package is available...