๐จ CVE-2026-54844
Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions.
๐@cveNotify
Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress CheckView Automated Testing Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-54848
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data.
This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
๐@cveNotify
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data.
This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
๐@cveNotify
Patchstack
Sensitive Data Exposure in WordPress APIExperts Square for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-54849
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
๐@cveNotify
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
๐@cveNotify
Patchstack
SQL Injection in WordPress Premmerce Wishlist for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56005
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
๐@cveNotify
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress WP Activity Log Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56006
Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress H5P Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56013
Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions.
๐@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions.
๐@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress License Manager for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56014
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Master Slider Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56023
Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions.
๐@cveNotify
Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress UPI QR Code Payment Gateway for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56042
Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.
๐@cveNotify
Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Advanced Order Export For WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56049
Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
๐@cveNotify
Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
๐@cveNotify
Patchstack
Remote Code Execution (RCE) in WordPress Post Snippets Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56050
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects PPOM for WooCommerce: from n/a through 33.0.18.
๐@cveNotify
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects PPOM for WooCommerce: from n/a through 33.0.18.
๐@cveNotify
Patchstack
Broken Access Control in WordPress PPOM for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56051
Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress TablePress Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56054
Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions.
๐@cveNotify
Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions.
๐@cveNotify
Patchstack
Arbitrary File Deletion in WordPress JS Help Desk Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56071
Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Forminator Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56122
Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traverse outside the webroot directory using traversal-prefixed paths in a single HTTP request to read any file accessible to the servlet engine process, including sensitive system files when the service runs with elevated privileges.
๐@cveNotify
Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traverse outside the webroot directory using traversal-prefixed paths in a single HTTP request to read any file accessible to the servlet engine process, including sensitive system files when the service runs with elevated privileges.
๐@cveNotify
Gist
Rick Knowles Winstone Servlet Container - Unauthenticated Arbitrary File Read - (CVE-2026-56122)
Rick Knowles Winstone Servlet Container - Unauthenticated Arbitrary File Read - (CVE-2026-56122) - RickKnowles-WinstoneServletContainerAFR.md
๐จ CVE-2026-57619
Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.
๐@cveNotify
Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.
๐@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Elementor Website Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-34714
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.
๐@cveNotify
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.
๐@cveNotify
GitHub
patch 9.2.0272: [security]: 'tabpanel' can be set in a modeline ยท vim/vim@664701e
Problem: 'tabpanel' can be set in a modeline
Solution: Set the P_MLE flag for the 'tabpanel' option, disable
autocmd_add()/autocomd_delete() functions in ...
Solution: Set the P_MLE flag for the 'tabpanel' option, disable
autocmd_add()/autocomd_delete() functions in ...
๐จ CVE-2026-49975
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests.
This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
๐@cveNotify
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests.
This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
๐@cveNotify
httpd.apache.org
Apache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project
๐จ CVE-2026-48137
There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially crafted Moniker protobuf message. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially crafted Moniker protobuf message. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
GitHub
Untrusted pointer dereference using monikers in NI grpc-device sideband streaming API
### Impact
There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially res...
There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially res...