CVE-2026-47646

Technical details for CVE-2026-47646 are not publicly available in the provided documents. Monitor for updates; no affected products, vectors, or impact are specified.

CVE-2026-12527

CVE-2026-12527 affects Shenzhen Liandian Communication Technology LTD V380 IP Camera firmware AppFHE1_V1.0.6.020230803. Root cause: broken authorization boundary in the RTSP media delivery pipeline. This enables unauthenticated network actors to bypass the device’s credential-enforced live-view w...

CVE-2026-55669

CVE-2026-55669 (connected to GHSA-g5h5-m4hm-xjrr) : ZITADEL’s external JWT Identity Provider (IdP) implementation fails to validate the audience (aud) claim when verifying tokens from a trusted issuer. The system still validates the token signature and issuer, enabling an attacker with a valid to...

CVE-2026-55672

CVE-2026-55672 is not detailed in the initial description, but the connected advisory GHSA-XQXV-4JC2-X56X (ZITADEL) documents a flaw in Zitadel’s OAuth2/OIDC CodeExchange and RefreshToken flows: missing client binding validation allows an attacker to exchange authorization codes or use refresh to...

CVE-2026-12539

Docker Sandboxes (sbx) ICMP egress restriction can be bypassed after daemon restart. The issue arises because the authorizer is applied only at network creation and is not re-applied to networks rebuilt from disk on restart, allowing a restart-surviving sandbox to forward ICMP to arbitrary hosts....

CVE-2026-54843

CVE-2026-54843 is not expanded in the initial document; connected data shows a concrete issue: WordPress MDTF plugin, versions ≤ 1.3.7, suffers a SQL Injection vulnerability. The vulnerability was identified in the MDTF WordPress plugin (≤1.3.7) according to PatchStack, with Roll credited for dis...

CVE-2026-12039

Docker Sandboxes (sbx) expose a DNS resolution bypass: the per-network embedded DNS server forwards queries to the host resolver when the network is internet-connected, ignoring the HTTP/S egress allowlist. This enables a workload treated as untrusted to encode data in DNS labels for an attacker-...

CVE-2026-42488

CVE-2026-42488 concerns the Xen hypervisor. Some shadow paging error paths can switch page-tables without updating the running vCPU reference, causing a mismatch between loaded page-tables and mapcache metadata and potentially leading to mapcache corruption. Affected products/versions are implied...

CVE-2026-42490

CVE-2026-42490 : The supplied documents describe a vulnerability in Xen domctl lock handling. When XSM/Flask is in use, certain domctl operations acquire the system-wide lock before performing permission checks, meaning lock acquisition may occur ahead of authorization. The root cause is a non-fa...

CVE-2026-42489

CVE-2026-42489 / 42490 (Xen) : The Xen domctl mechanism used to create/manage guests relies on a system-wide lock whose acquisition lacks fairness. In environments using XSM/Flask, some operations may acquire this lock before permission checks, creating a potential abuse window. Documents do not ...

CVE-2026-42487

CVE-2026-42487 concerns the Xen hypervisor’s handling of x86 HVM I/O port list traversal. The root cause stated in the sources is that traversal of the linked list used for guest I/O port accesses requires synchronization with updates to the translation/mapping (XEN_DOMCTL_ioport_mapping), but th...

CVE-2026-54842

CVE-2026-54842 is linked to a Broken Access Control vulnerability in the WordPress plugin Royal MCP (versions ≤ 1.4.25). The issue was discovered by damdham . The connected document does not provide specifics on affected endpoints, root cause mechanisms, exploitability, impact scope, or remediati...

CVE-2026-54841

WordPress Vitepos plugin

CVE-2026-55806

CVE-2026-55806 is a reserved candidate with no public details in the Initial Description; however, connected documents provide concrete information about related vulnerabilities in Drupal core. The OSV entry DRUPAL-CORE-2026-007 describes Drupal core’s rebuild.php front controller, which does not...

CVE-2026-55808

Technical details for CVE-2026-55808 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-55807

Technical details for CVE-2026-55807 are not publicly available in the provided documents. The Initial Description indicates a reserved placeholder; monitor for updates as more information is released.

CVE-2026-55804

CVE-2026-55804 : The connected OSV entry (DRUPAL-CORE-2026-006) describes a vulnerability in Drupal core involving an insecure deserialization gadget chain. The issue is that a chain of methods could be exploitable if an application deserializes untrusted data due to another vulnerability, potent...

CVE-2026-55803

Technical details for CVE-2026-55803 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-54840

WordPress Newsletters plugin version

CVE-2026-55670

CVE-2026-55670 is linked to a GitHub Advisory (GHSA-6X8V-2FQ5-2229) describing a cross-tenant user leakage in ZITADEL due to reused identifiers. The issue allows a recreated user in Org B to be provisioned with lingering mappings from Org A, caused by incomplete history clearing in the event stor...

CVE-2026-55661

The connected advisory documents a concrete vulnerability: TinaCMS rich-text parsing and the default link/image renderers fail to sanitize the url field on Slate nodes, allowing stored XSS via javascript: or data: URLs. Impact is stored XSS against editors and viewers when content is authored or ...

CVE-2026-55617

CVE-2026-55617 is not referenced in the initial description; however, a connected advisory describes a concrete issue in Hydro: insufficient session expiration when recreating sessions. When a session is recreated, Hydro creates a new session token but does not delete the previous server-side tok...

CVE-2026-54839

CVE-2026-54839 is linked to a WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups vulnerability affecting versions ≤ 2.0.9, described as a Sensitive Data Exposure . The connected PatchStack entry confirms the product and issue but does not provide detailed root cause, ex...

CVE-2026-55254

CVE-2026-55254 is linked to the GHSA advisory for NCalc: a DoS vulnerability in the factorial operator can occur with untrusted expressions due to unbounded/non-terminating factorial evaluation, causing excessive CPU usage or non-terminating loops. A fix adds bounds validation and rejects unsuppo...

CVE-2026-55887

CVE-2026-55887 is not a reserved placeholder in connected data. The GitHub advisory GHSA-R2XF-7JW5-PJG6 describes a vulnerability in Docker MCP Gateway where the OCI image label io.docker.server.metadata is YAML-unmarshalled into runtime fields and then passed as docker run flags (e.g., -v, -u, -...

CVE-2026-55886

Jodit (npm) versions

CVE-2026-55229

Gotenberg SSRF via LibreOffice document processing (CVE-like in GHSA-2MRG-35HW-X3X9): In v8.33.0 default configuration, uploading a crafted DOCX to /forms/libreoffice/convert can trigger LibreOffice to fetch external resources, enabling blind outbound HTTP(S) requests from the server (internal ne...

CVE-2026-54837

CVE-2026-54837 is connected to a WordPress vulnerability in the All-In-One Intranet (Intranet & Private Site) plugin, affecting versions

CVE-2026-55671

Summary (concrete details from connected docs): Zitadel contains a Server-Side Request Forgery (SSRF) and denylist bypass vulnerability in outgoing HTTP components (HTTP Notification Channels, OIDC BackChannel Logout, and SAML Metadata URL Fetches). User-provided URLs were not properly validated ...

CVE-2026-54224

UBB.threads is affected by a Denial of Service described in CVE-2026-54224. An authenticated attacker can trigger DoS by issuing multiple concurrent requests to view user profiles on instances with many registered users, exhausting database resources and denying access to the application for othe...

CVE-2026-54223

UBB.threads is vulnerable to path traversal that allows an attacker with template-edit privileges to read/write arbitrary files on the server, resulting in Remote Code Execution. The vulnerability is confirmed in version 7.7.5 and may affect other versions; no remediation details are provided in ...

CVE-2026-54222

UBB.threads is vulnerable to a Blind SQL Injection due to insufficient input sanitization. The vulnerability has been confirmed in version 7.7.5 and may affect other versions. Attack requires access to the Members in Control Panel and can extract data through time-based or boolean-based queries v...

CVE-2026-54221

UBB.threads is affected by a Reflected XSS vulnerability (CVE-2026-54221). The issue is confirmed in version 7.7.5 and may affect other versions. The vulnerability allows an attacker to execute arbitrary JavaScript in a victim’s browser when the user clicks a crafted link, with user interaction r...

CVE-2026-54220

CVE-2026-54220 : uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechanisms, confirmed in version 7.7.5 and possibly earlier. The flaw allows an attacker to trick an authenticated user into performing unintended actions. The CVSS metrics indicate high ...

CVE-2026-54219

UBB.threads is vulnerable to a Stored XSS flaw via user posts and profile fields due to insufficient input sanitization. In the confirmed case, version 7.7.5 is affected, and low-privilege attackers can inject JavaScript that executes in a victim’s browser when viewing content. Other versions may...

CVE-2026-11719

CVE-2026-11719 describes an authenticated authorization bypass in MCP Toolbox for Databases due to missing scope enforcement on older protocol handlers. The 2025-11-25 protocol version handler enforces per-tool scope restrictions, but older versions (2025-06-18, 2025-03-26, 2024-11-05) omit this ...

CVE-2026-11718

The CVE-2026-11718 entry concerns an authentication bypass in googleapis/mcp-toolbox: during opaque-token validation via an OAuth 2.0 introspection endpoint, the code decodes the response and checks issuer with the condition a.issuer != "" && iss != "". If the introspection response omits iss, is...

CVE-2026-11717

CVE-2026-11717 details an authentication bypass in googleapis/mcp-toolbox, specifically in the validateOpaqueToken path. When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), the toolbox decodes the response into an introspectResp with Active as a *bool. The ...

CVE-2026-8461

The CVE-2026-8461 affects FFmpeg’s libavcodec/magicyuv.c in the MagicYUV decoder. It is a heap out-of-bounds write triggered by an odd slice_height, enabling denial-of-service and, in some cases, remote code execution. Affected software: FFmpeg prior to version 8.1.2; patched in 8.1.2 and later. ...

CVE-2026-11958

ANSSI DFIR-ORC (versions up to 10.2.7) is affected by local privilege escalation via DLLs loaded from a shared temporary directory. An attacker with prior system access can drop a malicious DLL in C:\Windows\Temp and wait for the DFIR-ORC process, which is extracted and executed from that locatio...

CVE-2026-40457

The CVE-2026-40457 entry describes a Reflected XSS in LMS (LAN Management System) prior to commit 9c5651b in the dbrecover.php and netremap.php modules, where unsanitized GET parameters are embedded into HTML output. This enables an attacker to inject arbitrary JavaScript when an authenticated us...

CVE-2026-40456

CVE-2026-40456 affects LMS (LAN Management System). The vulnerability is an OS command injection in the IP address parameter passed to exec() before commit 9fcb4de, enabling arbitrary command execution. Root cause is improper validation of the IP address input. Impact indicators from the provided...

CVE-2026-40455

Affected software: LMS (LAN Management System). Vulnerability: SQL Injection in the tarifflist.php module caused by insufficient sanitization of the POST tg[] parameter; the code concatenates user-supplied array values into an SQL query using implode(). Impact / access: authenticated attackers ca...

CVE-2026-56009

CVE-2026-56009 : Stored XSS in Bricksable for Bricks Builder plugin for WordPress, affected versions from n/a through 1.6.83. Root cause: Improper Neutralization of Input During Web Page Generation. CVSS 3.1 base score 5.9 (MEDIUM); attack vector NETWORK, complexity LOW, privileges required HIGH,...

CVE-2026-54419

PIAF-HMS (PBX-In-A-Flash Hotel Management System) contains multiple unauthenticated SQL injection vulnerabilities. The app has no authentication and passes user-supplied HTTP parameters directly into deprecated mysql_query() calls via string concatenation, without sanitization, escaping, or param...

CVE-2026-44942

CVE-2026-44942 affects libzypp: a path traversal in handling the "path" component of .repo files could allow writing outside the zypp cache. The issue affects the 17.x series (before 17.38.13) and before 16.22.19. OpenSUSE Tumbleweed/ SUSE advisories indicate this vulnerability is fixed in libzyp...

CVE-2026-54838

WordPress WC Vendors Marketplace plugin vulnerability: SQL Injection in versions

CVE-2026-56007

CVE-2026-56007 affects WordPress Ocean Product Sharing plugin versions up to and including 2.2.2. The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation in OceanWP Ocean Product Sharing. The vulnerability impact is limi...

CVE-2026-8024

The CVE-2026-8024 entry describes a deserialization vulnerability in the products ibaPDA and ibaDatCoordinator that can be exploited remotely by an unauthenticated attacker to gain full access to affected systems. The assessment notes a high-impact scenario affecting confidentiality, integrity, a...

CVE-2026-54836

WordPress Filter & Grids plugin ≤ 3.11.5 has an SQL Injection vulnerability discovered by Nguyen Ba Khanh. The connected document confirms the affected software and vulnerability type but provides no remediation details or exploit specifics.