🚨 CVE-2026-22339
Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
🎖@cveNotify
Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress WPJobster Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-22342
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
🎖@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
🎖@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress WordPress Dating Theme Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-22343
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress WordPress Dating Theme Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-24575
Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.
🎖@cveNotify
Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress WishList Member X Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-25446
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
🎖@cveNotify
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
🎖@cveNotify
Patchstack
Arbitrary File Upload in WordPress WishList Member X Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-25470
Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion.
This issue affects ACPT (Pro) - Custom Post Types Plugin for WordPress: from n/a through 2.0.47.
🎖@cveNotify
Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion.
This issue affects ACPT (Pro) - Custom Post Types Plugin for WordPress: from n/a through 2.0.47.
🎖@cveNotify
Patchstack
Remote Code Execution (RCE) in WordPress ACPT (Pro) - Custom Post Types Plugin for WordPress Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-27041
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
🎖@cveNotify
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
🎖@cveNotify
Patchstack
Arbitrary File Upload in WordPress Unlimited Elements for Elementor (Premium) Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-27410
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
🎖@cveNotify
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
🎖@cveNotify
Patchstack
Deserialization of untrusted data in WordPress Slimstat Analytics Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-28575
In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
🎖@cveNotify
In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
🎖@cveNotify
🚨 CVE-2026-28576
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
🎖@cveNotify
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
🎖@cveNotify
🚨 CVE-2026-28587
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
🎖@cveNotify
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
🎖@cveNotify
🚨 CVE-2026-32966
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes the issue.
🎖@cveNotify
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes the issue.
🎖@cveNotify
🚨 CVE-2026-32967
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes the issue.
🎖@cveNotify
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes the issue.
🎖@cveNotify
🚨 CVE-2026-34888
Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
🎖@cveNotify
Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
🎖@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Bricksforge Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.