CVE-2026-22283

Dell PowerFlex Manager before version 4.8 is affected by CVE-2026-22283 (Inclusion of Functionality from Untrusted Control Sphere). An unauthenticated attacker with remote access could trigger information disclosure. Affected product: Dell PowerFlex Manager; vulnerable component/behavior not furt...

CVE-2026-54832

The connected record identifies a concrete vulnerability: WordPress Gutenverse Companion plugin versions

CVE-2026-54831

The Connected document confirms a concrete vulnerability: WordPress GeoDirectory plugin versions

CVE-2026-54810

The CVE-2026-54810 entry concerns the WordPress plugin Nexi XPay (≤ 8.3.1). The vulnerability is described as a Missing Authorization/ Broken Access Control issue caused by incorrectly configured access controls, affecting Nexi XPay on versions from n/a up to 8.3.1. Public metrics indicate a HIGH...

CVE-2026-40641

CVE-2026-40641 affects Dell PowerFlex Manager, version 4.6.0.1. The vulnerability is a Use of a Broken or Risky Cryptographic Algorithm . An unauthenticated attacker with remote access could exploit it to cause information disclosure and information tampering . The CVSS metrics indicate a network...

CVE-2026-54834

Affected software: WordPress Plugin Object Cache 4 everyone (versions

CVE-2026-55748

OpenStack Horizon prior to 25.7.4 can generate scripts for downloading OpenStack RC files where a crafted project name containing shell metacharacters is possible. The description notes this as a security hardening opportunity rather than a vulnerability, and the CVSS 3.1 metrics indicate a MEDIU...

CVE-2024-47477

CVE-2024-47477 affects Dell PowerFlex Manager prior to 4.5.1.1, with an improper certificate validation vulnerability that could allow a remote unauthenticated attacker to perform a man‑in‑the‑middle attack in tandem with DNS cache poisoning. Affected product: PowerFlex Manager. Root cause: insuf...

CVE-2026-55743

OpenHuman desktop agent (before 0.54.0, fixed in 0.56.0) contains two policy flaws in src/openhuman/security/policy.rs that bypass the shell allowlist, enabling remote code execution via indirect prompt injection. First, is_args_safe() blocks -exec and -ok while not blocking -execdir/-okdir (whic...

CVE-2026-54830

The Connected document identifies a Broken Access Control vulnerability in WordPress Plugin Five Star Restaurant Reservations (versions

CVE-2026-54829

The connected patch report identifies a concrete vulnerability: WordPress WP Photo Album Plus plugin versions

CVE-2026-54415

CVE-2026-54415 is a broken access control issue in Azuriom CMS before 1.2.11. An authenticated user with the admin.access permission can abuse server-management routes to create AzLink server tokens and take over non-admin user accounts by changing passwords and emails. The vulnerability exists i...

CVE-2026-11311

CVE-2026-11311 affects NGINX Gateway Fabric when used with NGINX Plus. The vulnerability resides in the NGINX configuration generator: user-supplied values from the NginxProxy CRD serverTokens field and the AuthenticationFilter CRD extraAuthArgs field are rendered directly into NGINX configuratio...

CVE-2026-42055

CVE-2026-42055 affects NGINX Plus and NGINX Open Source via the ngx_http_proxy_v2_module and ngx_http_grpc_module. A remote, unauthenticated attacker can exploit scenarios where proxy_http_version 2 or grpc_pass is used, ignore_invalid_headers is off, and large_client_header_buffers is set to mul...

CVE-2026-42530

Summary : NGINX Open Source’s ngx_http_v3_module vulnerability (CVE-2026-42530) occurs when HTTP/3 QUIC is enabled. A remote unauthenticated attacker can craft an HTTP/3 session to reopen a QPACK encoder stream, causing a Use-after-Free in the NGINX worker process and potentially triggering a res...

CVE-2026-48142

CVE-2026-48142 affects the ngx_http_charset_module in NGINX Plus and NGINX Open Source. When a location block uses both source_charset utf-8 and a charset directive (e.g., charset koi8-r), remote unauthenticated attackers can trigger a heap buffer over-read in the NGINX worker process, causing me...

CVE-2026-48117

DroneAware’s CVE-2026-48117 affects the centralized DroneAware server. The issue allowed an attacker to pre-register an account using the victim’s email with an attacker-controlled password before activation; when the legitimate user later activated the account (via email Link or Google SSO), the...

CVE-2026-53765

Technical details for CVE-2026-53765 are not publicly available in the provided documents. Monitor for updates as information is reserved and details will be disclosed when announced.

CVE-2026-54828

The CVE entry is tied to a concrete vulnerability in WordPress Motors plugin versions

CVE-2026-54826

WordPress SupportCandy plugin

CVE-2026-54827

The connected document indicates a concrete vulnerability: WordPress Real Estate 7 theme, versions ≤ 3.5.9, has an SQL Injection flaw reported by Kinorth (João Pedro S Alcântara). The CVE entry itself is currently reserved, but the patchstack record confirms the existence of this SQLi in the affe...

CVE-2026-54809

The CVE-2026-54809 entry concerns the WordPress GIFT4U plugin (VillaTheme GIFT4U)

CVE-2026-54808

The CVE describes an SQL Injection vulnerability in the WordPress WP Travel Gutenberg Blocks plugin (affected: WP Travel Gutenberg Blocks 3.9.4 and earlier). The issue arises from improper handling of user-input in SQL queries, enabling a Blind SQL Injection. Affected component/file is the plugin...

CVE-2025-69189

CVE-2025-69189 describes a Missing Authorization vulnerability in the WordPress JobBank plugin for versions up to 1.2.3, categorized as Broken Access Control. The CVSS vector (Patchstack) indicates a NETWORK attack with LOW confidentiality/integrity/availability impact and no required privileges ...

CVE-2025-69128

Technical details about CVE-2025-69128 are not publicly available in the provided documents. Monitor for updates from vendors/security advisories; the records confirm a path traversal vulnerability in JobCareer

CVE-2025-60236

CVE-2025-60236 corresponds to a deserialization-based PHP Object Injection vulnerability in the WordPress Creatify theme (versions

CVE-2025-60231

CVE-2025-60231 describes a Deserialization of Untrusted Data vulnerability in WordPress The Hospital theme (nrghospital) versions up to 1.8.1. The underlying issue is a PHP Object Injection vulnerability arising from unsafe deserialization, enabling an attacker to potentially achieve high-impact ...

CVE-2026-55738

The CVE covers a stack-based buffer overflow in rxi/microtar 0.1.0 due to using strcpy() on the 100-byte TAR header name and linkname fields in raw_to_header(). The lack of guaranteed null termination allows reading past the 512-byte header and writing past the destination header buffer, causing ...

CVE-2026-54813

CVE-2026-54813 pertains to the WordPress SureDash plugin (versions up to and including 1.8.0). Summary: Improper neutralization of special elements in SQL commands leading to Blind SQL Injection in SureDash. Affected component: SureDash WordPress plugin; vulnerable to SQL injection in its interac...

CVE-2026-9591

CVE-2026-9591 documents a CSRF vulnerability in the SimplCommerce News module. The issue is in the NewsItemApiController and allows an unauthenticated remote attacker to create or modify news items as an administrator by submitting a crafted form to /api/news-items, due to missing anti-CSRF prote...

CVE-2026-54814

The CVE identifies a Local File Inclusion in the WordPress plugin Motors by StylemixThemes, affecting versions up to 1.4.109. The root cause is improper control of filename for include/require in PHP , enabling LFI. Affected scope is listed as Motors from n/a through 1.4.109. The CVSS vector (3.1...

CVE-2026-54815

CVE-2026-54815 affects the WordPress plugin Cargo Shipping Location for WooCommerce (Cargo RD Cargo Shipping Location for WooCommerce) up to version 5.6. The vulnerability is an SQL Injection (blind) caused by improper neutralization of special elements in SQL commands. CVSS v3.1 shows a base sco...

CVE-2026-54816

CVE-2026-54816 concerns the WordPress plugin Advanced Ads (Monetizemore) with versions up to 2.0.21. The vulnerability is an improper control of code generation allowing Remote Code Inclusion (code injection) that can lead to Remote Code Execution. The CVSS metrics indicate a high-severity, netwo...

CVE-2026-54817

CVE-2026-54817 affects the WordPress MStore API plugin (

CVE-2026-54818

The CVE concerns WordPress Slimstat Analytics plugin (versions up to 5.4.11). The issue is a SQL Injection vulnerability caused by improper neutralization of SQL commands, enabling blind SQL injection. The CVSS 3.1 base score is 8.5 (HIGH) with network exploitability, low attack complexity, and n...

CVE-2026-54825

CVE-2026-54825 is linked to a concrete issue in the WordPress wpDataTables plugin (versions ≤ 7.4). The connected document reports a SQL Injection vulnerability discovered in this plugin, affecting how inputs are handled in wpDataTables and potentially allowing arbitrary SQL execution. No exploit...

CVE-2026-54417

CVE-2026-54417 affects rxi/microtar 0.1.0: mtar_next() uses 32‑bit arithmetic to compute the next record offset, and when header size is a multiple of 512 in 0xFFFFFC01–0xFFFFFE00, the offset addition wraps to 0. This causes mtar_next() to seek the current position instead of advancing, so mtar_f...

CVE-2026-54824

The Connected document identifies a concrete vulnerability: WordPress Ads by WPQuads plugin, versions

CVE-2026-54819

CVE-2026-54819 affects WordPress Listdom plugin (vendor: Webilia Inc.), vulnerable through versions up to 5.4.0 due to improper neutralization of SQL commands, enabling Blind SQL Injection. CVSS 3.1 base score 9.3 (CRITICAL); attack vector NETWORK, attack complexity LOW, privileges NONE, user int...

CVE-2025-60230

The CVE-2025-60230 entry details a PHP Object Injection in WordPress The Barber Shop theme (Themeton)

CVE-2026-10641

Zephyr Bluetooth Classic HFP HF CIND parser (subsys/bluetooth/host/classic/hfp_hf.c) contains an out-of-bounds write during +CIND=?/+CIND: handling. cind_handle_values() writes hf-ind_table[index] = i without verifying index is within the 20-element int8_t ind_table[]. A remote attacker could sen...

CVE-2026-54823

WordPress Widget Options plugin vulnerable to Remote Code Execution (RCE) in versions

CVE-2025-60229

The CVE concerns the WordPress Lagom theme (versions

CVE-2026-49268

The CVE-2026-49268 issue affects Apache Shiro’s DefaultLdapRealm where user input is concatenated into the LDAP DN template without escaping RFC 2253 characters. This LDAP DN injection can alter the bind DN, potentially bypassing authentication or impersonating other users. Technical details conf...

CVE-2026-54822

Affected software: WordPress plugin SALESmanago & Leadoo (versions

CVE-2026-54821

The connected advisory identifies a Sensitive Data Exposure vulnerability in the WordPress Visual Link Preview plugin, affected versions

CVE-2026-54820

The Connected document identifies a SQL Injection vulnerability in WordPress JetBooking plugin versions ≤ 4.0.4.1, discovered by daroo. Affected software: WordPress JetBooking plugin. Vulnerable component: the plugin’s code that handles SQL queries (exact function not specified). Impact: SQL Inje...

CVE-2026-52716

The CVE-2026-52716 entry describes an unauthenticated arbitrary file deletion vulnerability in the WordPress WorkScout-Core plugin versions

CVE-2026-52707

CVE-2026-52707 : Unauthenticated Local File Inclusion in WordPress Kastell theme

CVE-2026-49108

The CVE concerns WordPress Moderno theme versions prior to 1.43, where an unauthenticated PHP Object Injection vulnerability exists in the Moderno theme. The root cause is a PHP object injection flaw within the theme (exploitable without authentication). CVSS details indicate a critical impact (C...