CVE-2026-54066

Technical details for CVE-2026-54066 are not publicly available in the provided documents. No affected products, vulnerable components, or remediation information are disclosed. Monitor for updates.

CVE-2026-55878

Technical details for CVE-2026-55878 are not publicly available in the provided documents. This entry is reserved; monitor for updates as more information becomes available.

CVE-2026-55877

Technical details for CVE-2026-55877 are not publicly available in the provided documents. Monitoring for updates is advised.

CVE-2026-3640

The STRABL WordPress plugin (versions

CVE-2026-6798

The CVE-2026-6798 entry concerns the WordPress plugin “2Download Connector for 2DL Hosted Checkout.” According to connected sources, all versions up to and including 0.1.5 are vulnerable to unauthorized access due to insufficient authorization checks, enabling unauthenticated attackers to view se...

CVE-2026-9822

The CVE-2026-9822 entry concerns the WP Hotel Booking WordPress plugin prior to version 2.3.1. Root cause: missing capability checks in several AJAX handlers. Impact: authenticated users with Subscriber-level access can read other users’ booking line items, enumerate active coupons, and read pric...

CVE-2026-54414

CVE-2026-54414 affects FileRise prior to 3.16.0. The vulnerability is a path traversal in the shared-folder upload endpoint (/api/folder/uploadToSharedFolder.php) that enables arbitrary file write and, under certain conditions, administrator account takeover. Root cause: uploaded filenames are va...

CVE-2026-7515

CVE-2026-7515 affects the BetterDocs Pro WordPress plugin (

CVE-2025-7737

CVE-2025-7737 is a DoS vulnerability in the 10G iSCSI interface of Hitachi Virtual Storage Platform. The connected records enumerate affected families (E990/E1090/E1090H; E390/E590/E790/E390H/E590H/E790H; G130/G150/G350/G370/G700/G900/F350/F370/F700/F900; G100/G200/G400/G600/G800/F400/F600/F800; ...

CVE-2026-12644

The CVE affects ts-deepmerge before version 8.0.0. The vulnerability stems from improper handling of built-in Object.prototype methods (e.g., toString, valueOf) during merging. If user-controlled input supplies these keys with non-function values, the merged object can break and throw a TypeError...

CVE-2026-10720

CVE-2026-10720 affects Canonical MicroCeph versions on squid and tentacle tracks. A path traversal in the remote-import API allows holders of a trusted cluster mTLS certificate or a join token to manipulate files inside the imported remote cluster confined at /var/snap/microceph, potentially caus...

CVE-2026-12430

The CVE-2026-12430 entry concerns the Blocksy Companion WordPress plugin (

CVE-2026-10034

The CVE concerns the WordPress plugin WP DSGVO Tools (GDPR) with versions up to and including 3.1.39. The core issue is improper authorization verification on the subject-access-request (SAR) AJAX endpoints (process_now and is_ajax), enabling unauthenticated attackers to supply a victim email and...

CVE-2026-8118

The CVE concerns the WordPress plugin Royal Addons for Elementor – Addons and Templates Kit for Elementor (versions 1.7.1058–1.7.1059). A flaw in wpr_get_csv_handle(), introduced in 1.7.1058, allows an authenticated attacker with Contributor+ privileges to cause Arbitrary File Read by abusing set...

CVE-2026-8713

The CVE-2026-8713 vulnerability affects Avada (Fusion) Builder for WordPress up to version 3.15.3, where the maybe_delete_files() path handling allows path traversal to delete files (e.g., wp-config.php) via a form entry value. An unauthenticated attacker can submit a crafted payload through the ...

CVE-2026-11989

The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is affected by a Server-Side Request Forgery in versions

CVE-2026-9013

CVE-2026-9013 affects the WordPress Bogo plugin (

CVE-2026-4328

The WordPress Advanced Import plugin (versions ≤ 1.4.6) is vulnerable to Server-Side Request Forgery (SSRF). In demo_download_and_unzip(), the plugin passes the user-supplied demo_file from $_POST through sanitize_text_field() and then invokes wp_remote_get() when demo_file_type is 'url', without...

CVE-2026-12157

CVE-2026-12157 affects the WordPress plugin BetterDocs (Knowledge Base Docs & FAQ Solution for Elementor & Block Editor). Versions up to 4.5.3 are vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block. Root cause: CategorySlate...

CVE-2026-7547

CVE-2026-7547 affects the WordPress plugin Woosa – Marktplaats for WooCommerce. Versions up to 2.0.4 are vulnerable to Arbitrary File Read via path traversal in render_logs_ui(), which accepts a base64-encoded log_file name and concatenates it with the log directory without validating the final p...

CVE-2026-1856

Summary: CVE-2026-1856 affects the WordPress plugin “Appointment Booking Calendar” (Creavi Booking Service)

CVE-2026-11752

Armeria-xds versions 1.38.0–1.39.0 contain a vulnerability in DataSourceStream where control-plane-supplied filenames and environment_variable fields from SDS secrets are resolved without any allow-list or base-directory confinement. A semi-trusted or compromised xDS control plane (or an attacker...

CVE-2026-10779

CVE-2026-10779 affects the WordPress Classified Listing plugin (versions

CVE-2026-56132

CVE-2026-56132 affects libexpat prior to 2.8.2, where a heap-based buffer overflow occurs in doProlog within xmlparse.c due to mishandled reallocation of the scaffold backing array when data-structure sharing occurs across parsers. The CVSS metrics indicate a high impact on confidentiality and in...

CVE-2026-56131

CVE-2026-56131 affects libexpat prior to 2.8.2, where handler call depth tracking is missing for XML_ResumeParser calls made from within handlers during a policy violation. This leads to a use-after-free condition as described (similar to CVE-2026-50219). The Connected documents identify the affe...

CVE-2026-8806

The CVE-2026-8806 entry concerns Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module (FX5-ENET/IP), with all versions affected. The vulnerability is described as an Expected Behavior Violation that could allow a remote attacker to cause a DoS by flooding the Ethernet port with a hi...

CVE-2026-11775

The CVE-2026-11775 entry affects the WordPress plugin User Admin Simplifier (up to version 3.0.0). It suffers from a Cross-Site Request Forgery due to missing or incorrect nonce validation on the useradminsimplifier_options_page function. This allows unauthenticated attackers to reset and permane...

CVE-2026-8805

CVE-2026-8805 affects the MELSEC iQ-F Series EtherNet/IP module FX5-EIP (versions 1.000 and prior). The bug is an integer overflow/wraparound in the EtherNet/IP function that can be triggered remotely by rapidly opening many TCP connections, causing a DoS through an inconsistency in internal conn...

CVE-2026-53489

Technical details for CVE-2026-53489 are not publicly provided in the supplied documents. No affected product, impact, or remediation is listed. Monitor for updates as additional information becomes available.

CVE-2026-47262

Technical details for CVE-2026-47262 are not publicly available in the provided documents. No affected products, versions, or impact are specified. Monitor for updates.

CVE-2026-53488

Technical details for CVE-2026-53488 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-50195

Technical details about CVE-2026-50195 are not publicly available in the provided documents; no affected product, vulnerability type, or remediation is described. Monitor for updates.

CVE-2026-53492

Technical details for CVE-2026-53492 are not publicly provided in the supplied documents; no affected products, impact, or remediation are specified. Monitor for updates.

CVE-2342-2026

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-55192

Technical details for CVE-2026-55192 are not publicly available in the provided documents. Monitor for updates as no affected products, impact, or remediation are specified here.

CVE-2025-62821

CVE-2025-62821 affects Microsoft HEIF Image Extensions 1.2.22.0. The issue is an out-of-bounds read caused by CHEIFItemInfoEntry_GetDataSize returning success while reporting data size as 0, leading to a 1-byte allocation. Later, CopyPixels computes copy_size = stride * abs(roi_height) without va...

CVE-2026-53657

PT-2026-51023 references CVE-2026-53657 as fixed, but the provided materials do not specify affected product/vendor/component, version, root cause, or exploit details. Public technical details are not present in the connected documents. The only concrete detail is that a fix exists. Monitor for u...

CVE-2026-55191

CVE-2026-55191 has placeholder details in the initial description. Connected documents show that openSUSE Tumbleweed's freerdp package has security fixes in freerdp-3.27.1-1.1, with the GA media containing multiple fixed issues. The exact CVE-to-fix mapping is not provided, and no exploit vectors...

CVE-2026-55648

The connected OSV/PTSecurity entries indicate that the freerdp-3.27.1-1.1 package for openSUSE Tumbleweed fixes security issues on GA media. The initial Description provides no public details. Affected component: freerdp (package for GA media); remediation implied is upgrading to freerdp-3.27.1-1...

CVE-2026-55827

Technical details for CVE-2026-55827 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-55193

CVE-2026-55193 entry is currently reserved with no public details in the Initial document. Connected data show concrete fixes in freerdp-3.27.1-1.1 for openSUSE Tumbleweed (GA media): multiple security issues addressed by this package. The OSV entry and PT/security records corroborate that freerd...

CVE-2026-55194

Technical details for CVE-2026-55194 are not publicly available in the provided documents. Monitor for updates; the included records reference freerdp-3.27.1-1.1 fixes but do not disclose CVE specifics.

CVE-2026-51845

The CVE-2026-51845 entry concerns a stack buffer overflow in Tenda AC7 firmware (v15.03.06.44) specifically in the /goform/AdvSetMacMtuWan interface via the mac parameter. The connected documents provide concrete details of the affected product and the vulnerable component, but do not specify a p...

CVE-2026-51846

CVE-2026-51846 affects Tenda AC7 v15.03.06.44. The vulnerability is a stack buffer overflow in the WAN speed parameter (wanSpeed) of the /goform/AdvSetMacMtuWan route, leading to remote arbitrary code execution. Affected component is the WAN configuration endpoint; root cause is improper handling...

CVE-2026-51844

CVE-2026-51844 affects the Tenda AC7 device running v15.03.06.44. The vulnerability is a stack buffer overflow in the /goform/AdvSetMacMtuWan interface triggered via the cloneType parameter. The impact is described as high/critical, with potential for remote execution or denial of service within ...

CVE-2026-51843

The vulnerability CVE-2026-51843 affects Tenda AC7 devices running v15.03.06.44. Description: a stack buffer overflow in the /goform/AdvSetMacMtuWan interface reachable via the wanMTU parameter. Affected component/function: the wanMTU path of the AdvSetMacMtuWan interface. Root cause: stack-based...

CVE-2026-40624

CVE-2026-40624 affects AVer PTC cameras: PTC500S, PTC115, PTC500+, and PTC115+. The advisory states that improper input validation in these devices may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request. The CVSS metrics indicate a CRI...

CVE-2026-50034

The CVE-2026-50034 entry concerns Apollo Pharmacy’s APG-01 BT Blood Glucose Monitoring System. Affected component: the device’s BLE wireless channel, where the root cause is cleartext transmission of sensitive health data. An attacker inside BLE range can passively eavesdrop traffic, potentially ...

CVE-2026-52866

The CVE-2026-52866 entry concerns the Apollo Pharmacy Blood Glucose Monitoring System APG-01 with BT lacking authorization in BLE. The connected docs provide concrete details: an attacker in BLE range can monopolize the device’s only available BLE connection slot, blocking legitimate users/applic...

CVE-2026-12049

CVE-2026-12049 affects pgAdmin 4. An open redirect vulnerability exists in the MFA flow where the next parameter is not validated against the current origin, allowing an authenticated user to be redirected to an attacker-controlled host via /mfa/validate?next=… This is a trusted-domain redirect r...