CVE-2026-46734

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

CVE-2026-47154

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observe...

CVE-2026-47153

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

CVE-2026-47152

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

CVE-2026-47151

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock...

CVE-2026-47150

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the...

CVE-2026-47149

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...

CVE-2026-47148

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

CVE-2026-46732

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of...

CVE-2026-47147

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the...

CVE-2026-47146

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

CVE-2026-47145

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

CVE-2026-56050

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...

CVE-2026-56122

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...

CVE-2026-4526

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

CVE-2026-41120

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

CVE-2026-2815

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys...

CVE-2026-54848

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...

CVE-2026-54829

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...

CVE-2026-49506

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

CVE-2026-46733

Dell Display and Peripheral Manager DDPM Windows, versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

CVE-2026-54836

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5...

CVE-2026-42389

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

CVE-2026-54842

Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...

CVE-2026-12755

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

CVE-2026-56071

Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...

CVE-2026-57429

Contributor Broken Access Control in Slim SEO = 4.6.2 versions...

CVE-2026-56054

Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...

CVE-2026-56051

Unauthenticated Cross Site Scripting XSS in TablePress = 3.3.1 versions...

CVE-2026-56053

Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...

CVE-2026-56049

Contributor Remote Code Execution RCE in Post Snippets = 4.0.19 versions...

CVE-2026-56023

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...

CVE-2026-56042

Customer Cross Site Scripting XSS in Advanced Order Export For WooCommerce = 4.0.9 versions...

CVE-2026-56014

Unauthenticated Cross Site Scripting XSS in Master Slider = 3.11.2 versions...

CVE-2026-56013

Unauthenticated Insecure Direct Object References IDOR in License Manager for WooCommerce = 3.0.15 versions...

CVE-2026-56006

Unauthenticated Cross Site Scripting XSS in H5P = 1.17.6 versions...

CVE-2026-56005

Subscriber Cross Site Scripting XSS in WP Activity Log = 5.6.3.1 versions...

CVE-2026-54849

Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...

CVE-2026-54845

Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...

CVE-2026-54844

Unauthenticated Broken Access Control in CheckView Automated Testing = 2.1.0 versions...

CVE-2026-54843

Unauthenticated SQL Injection in MDTF = 1.3.7 versions...

CVE-2026-54841

Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...

CVE-2026-54838

Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...

CVE-2026-54828

Unauthenticated Broken Access Control in Motors = 1.4.109 versions...

CVE-2026-54830

Unauthenticated Broken Access Control in Five Star Restaurant Reservations = 2.7.19 versions...

CVE-2026-54823

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

CVE-2026-54822

Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...

CVE-2026-54821

Subscriber Sensitive Data Exposure in Visual Link Preview = 2.3.1 versions...

CVE-2026-27366

Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...

CVE-2026-57619

Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...