🚨 CVE-2026-54802
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
🎖@cveNotify
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
🎖@cveNotify
Patchstack
Broken Authentication in WordPress SMS Alert Order Notifications Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54803
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
🎖@cveNotify
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
🎖@cveNotify
Patchstack
Privilege Escalation in WordPress SMS Alert Order Notifications Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-55706
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.
🎖@cveNotify
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.
🎖@cveNotify
🚨 CVE-2025-15657
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
🎖@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
🎖@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress School Management Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2025-60231
Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection.
This issue affects The Hospital: from n/a through 1.8.1.
🎖@cveNotify
Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection.
This issue affects The Hospital: from n/a through 1.8.1.
🎖@cveNotify
Patchstack
PHP Object Injection in WordPress The Hospital Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2025-60236
Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection.
This issue affects Creatify: from n/a through 1.5.
🎖@cveNotify
Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection.
This issue affects Creatify: from n/a through 1.5.
🎖@cveNotify
Patchstack
PHP Object Injection in WordPress Creatify Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2025-66391
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account.
🎖@cveNotify
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account.
🎖@cveNotify
🚨 CVE-2025-69128
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal.
This issue affects JobCareer: from n/a through 7.3.
🎖@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal.
This issue affects JobCareer: from n/a through 7.3.
🎖@cveNotify
Patchstack
Arbitrary File Deletion in WordPress JobCareer Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2025-69140
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
🎖@cveNotify
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress SweetDate Core Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.