CVE-2026-7870 IBM i is Affected by Privilege Escalation []

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

CVE-2026-46559 ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions...

CVE-2026-49938

A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via...

CVE-2026-41850 Spring Framework Algorithmic Denial of Service via SpEL Expressions

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

CVE-2026-8843

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

WordPress ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...

CVE-2026-5074 ARMember Premium <= 7.3.1 - Authenticated (Subscriber+) SQL Injection via 'sSortDir_0' Parameter

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir0' parameter of the getprivatecontentdata AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into...

CVE-2026-40181 React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation

React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...

CVE-2026-34077

React Router upstream vulnerability CVE-2026-34077 affects versions 7.7.0–7.13.1 where, when using unstable React Server Components APIs, the RSC redirect handling can lead to a client-side XSS if redirects come from untrusted sources. The issue does not impact non-RSC applications. A fix is avai...

CVE-2026-33244

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

CVE-2026-48208

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...

WordPress LiteSpeed Cache plugin <= 7.7 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin LiteSpeed Cache versions = 7.7...

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux 6.8, 6.17, and 7.0 versions contain security vulnerabilities. These vulnerabilities stem from incorrect sleep behavior when holding spin locks, which may lead to kernel panic ...

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux versions 6.8, 6.17, and 7.0 have security vulnerabilities. These vulnerabilities stem from potential null pointer dereferencing during the processing of AppArmor notifications...

Exploit for CVE-2026-4885

CVE-2026-4885 Piotnet Addons for Elementor Pro Note: The...

CVE-2026-3829 WP Encryption - One Click SSL & Force HTTPS <= 7.8.5.10 - Missing Authorization to Authenticated (Subscriber+) SSL Setup Tampering

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wplebasicgetrequests' function in all versions up to, and including, 7.8.5.10. This makes...

CVE-2026-44547

CVE-2026-44547 affects ChurchCRM 7.2.0–7.2.2, where an incomplete fix for CVE-2026-4058 left the public login path exploitable. The hardening commit was merged but silently stripped from src/api/routes/public/public-user.php before any 7.2.x tag was cut, so all 7.2.x releases remain vulnerable. T...

GROWI 路径遍历漏洞

GROWI is an enterprise-level open-source knowledge base/Wiki system built using Node.js and React by GROWI Inc. GROWI versions 7.5.0 and earlier have a path traversal vulnerability. This vulnerability allows attackers to execute arbitrary EJS templates on the server...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44199 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44199 Source advisory: OSV:GHSA-PWM3-7FV4-G6XX...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44197 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44197 Source advisory: SNYK:PYTHON-WAGTAIL-16624541...