CVE Notify
19.2K subscribers
4 photos
185K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2026-54836
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection.

This issue affects YMC Filter: from n/a through 3.11.5.

🎖@cveNotify
🚨 CVE-2026-54842
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Royal MCP: from n/a through 1.4.25.

🎖@cveNotify
🚨 CVE-2026-54848
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data.

This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.

🎖@cveNotify
🚨 CVE-2026-56050
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects PPOM for WooCommerce: from n/a through 33.0.18.

🎖@cveNotify
🚨 CVE-2026-56122
Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traverse outside the webroot directory using traversal-prefixed paths in a single HTTP request to read any file accessible to the servlet engine process, including sensitive system files when the service runs with elevated privileges.

🎖@cveNotify