PT-2026-49104

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

PT-2026-49107

https://t.co/IW3KHXK4Hc CVE-2026-49085 cf7-insightly CVSS Score 8.1 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomicedge …...

PT-2026-49105

In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

PT-2026-49111

A new vulnerability with increased severity was disclosed for Comma AI Openpilot CVE-2026-12191 https://t.co/PFz30AwDSj...

PT-2026-49114

https://t.co/10sEWRUxJA CVE-2026-49081 user-registration-stripe CVSS Score 5.3 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking …...

PT-2026-49117

https://t.co/48KSBDojzs CVE-2026-9691 cf7-active-campaign CVSS Score 8.1 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity at…...

PT-2026-49115

https://t.co/RAZnKBCICk CVE-2026-49104 cf7-infusionsoft CVSS Score 8.1 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomic…...

PT-2026-49112

A severe vulnerability was disclosed for GALAYOU Y4 CVE-2026-12192 https://t.co/eKIcZaJANO...

PT-2026-49116

https://t.co/vJsFa6H0jX CVE-2026-49112 shared-files CVSS Score 5.3 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomicedge …...

PT-2026-49113

The severity is increased for this new vulnerability affecting VS Revo RevoUninstaller CVE-2026-12193 https://t.co/dseB2cd1uQ...

PT-2026-49106

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

PT-2026-49135

LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqtt unpack publish response function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session -...

PT-2026-49134

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pam userdb module's plaintext-password comparison path in modules/pam userdb/pam userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover...

PT-2026-49136

driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle 0x27 SecurityAccess function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer by sending a...

PT-2026-49133

nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recv msg header function of the Modbus/TCP server that allows remote unauthenticated attackers to write one attacker-controlled byte past the end of the 260-byte receive buffer by sending a crafted MBAP frame whose Length...

PT-2026-49109

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in make filehandle. Config::IniFiles:: make filehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd",...

PT-2026-49110

A severe vulnerability was disclosed for GL.iNet GL-MT3000 CVE-2026-12187 https://t.co/u98YU9Fi7e...

PT-2026-49137

The severity is increased for this new vulnerability affecting Yealink SIP-T46U CVE-2026-12221 https://t.co/oQ62lCuBBZ...

PT-2026-49138

We have just added an important vulnerability affecting Yealink SIP-T46U CVE-2026-12222 https://t.co/x4Ur9ZbUqm...

PT-2026-49140

https://t.co/ZOGahg11lj CVE-2026-49082 chatway-live-chat CVSS Score 4.3 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity at…...

PT-2026-49143

https://t.co/fv3edYsdpW CVE-2026-8385 wp-google-maps CVSS Score 5.3 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomiced…...

PT-2026-49139

https://t.co/JGfJRrFLp3 CVE-2026-49079 jet-search CVSS Score 7.5 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomicedge cyber…...

PT-2026-49141

https://t.co/6mAVIoxHog CVE-2026-49083 latepoint CVSS Score 8.8 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomicedge cybersec…...

PT-2026-49142

https://t.co/ZpNU5whYl0 CVE-2026-49766 wp-user-manager CVSS Score 8.1 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomice…...

PT-2026-49144

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replace country in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The explo...

PT-2026-49077

The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter s in versions up to, and including, 6.0.4 The plugin hooks WordPress's posts request filter with wp ticket com posts request, which calls emd author search results when the current request i...

PT-2026-49076

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

PT-2026-49074

A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DD OPEN READONLY and calls dd chown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allo...

PT-2026-49072

The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combine current css function trusting values harvested from page HTML and converting same-site URLs to absolute filesyst...

PT-2026-49073

A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package...

PT-2026-49078

We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...

PT-2026-49085

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

PT-2026-49086

🔒 Security patch out for API Platform Core CVE-2026-54164: a type-confusion bug let writable relations accept a wrong-type IRI. Upgrade to 4.1.30 / 4.2.26 / 4.3.12+. Details: https://t.co/zRkVBEfHqh...

PT-2026-49084

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayer save content AJAX handler allowing users with basic post-edit capability to persist pagelayer contact...

PT-2026-49080

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary .php files from the server, including configuration files that contain database credentials and authentication keys...

PT-2026-49081

The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API Translation Storage in all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping...

PT-2026-49079

The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

PT-2026-49090

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/save shortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...

PT-2026-49089

Name of the Vulnerable Software and Affected Versions Model Context Protocol versions prior to 0.25.0 Description Servers fail to validate the "Origin" header on incoming connections, which may allow DNS rebinding attacks. DNS rebinding is a method of bypassing the Same-Origin Policy to interact...

PT-2026-49091

Name of the Vulnerable Software and Affected Versions Bookly versions prior to 27.3 Description The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping...

PT-2026-49092

Glances 4.5.5 is release ! https://preview.redd.it/nr4odffe827h1.png?width=1909&format=png&auto=webp&s=5d337a845f700576ab19a9becce3e49de1cd1391 Quick test with uvx: uvx -U glances Bugs corrected: /api/4/containers stays 4-5s with 60 Docker containers 3559 Crash when using --sparkline 3547 VMs...

PT-2026-49094

Glances 4.5.5 is release ! https://preview.redd.it/nr4odffe827h1.png?width=1909&format=png&auto=webp&s=5d337a845f700576ab19a9becce3e49de1cd1391 Quick test with uvx: uvx -U glances Bugs corrected: /api/4/containers stays 4-5s with 60 Docker containers 3559 Crash when using --sparkline 3547 VMs...

PT-2026-49096

Glances 4.5.5 is release ! https://preview.redd.it/nr4odffe827h1.png?width=1909&format=png&auto=webp&s=5d337a845f700576ab19a9becce3e49de1cd1391 Quick test with uvx: uvx -U glances Bugs corrected: /api/4/containers stays 4-5s with 60 Docker containers 3559 Crash when using --sparkline 3547 VMs...

PT-2026-49093

Glances 4.5.5 is release ! https://preview.redd.it/nr4odffe827h1.png?width=1909&format=png&auto=webp&s=5d337a845f700576ab19a9becce3e49de1cd1391 Quick test with uvx: uvx -U glances Bugs corrected: /api/4/containers stays 4-5s with 60 Docker containers 3559 Crash when using --sparkline 3547 VMs...

PT-2026-49095

Glances 4.5.5 is release ! https://preview.redd.it/nr4odffe827h1.png?width=1909&format=png&auto=webp&s=5d337a845f700576ab19a9becce3e49de1cd1391 Quick test with uvx: uvx -U glances Bugs corrected: /api/4/containers stays 4-5s with 60 Docker containers 3559 Crash when using --sparkline 3547 VMs...

PT-2026-49097

SQL Injection in reports/catalogue out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary...

PT-2026-49099

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability CWE-287 in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 administrator in response to any HTTP POST request that supplie...

PT-2026-49101

A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack is possible to be carried out...

PT-2026-49118

These are all security issues fixed in the python311-tornado6-6.5.7-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-49087

Name of the Vulnerable Software and Affected Versions Canvas plugin for WordPress versions prior to 2.5.3 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject arbitrary...