🚨 CVE-2026-47153
In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.
🎖@cveNotify
In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.
🎖@cveNotify
GitHub
GitHub - SiliconLabsSoftware/sisdk-release: Simplicity GA release repo
Simplicity GA release repo. Contribute to SiliconLabsSoftware/sisdk-release development by creating an account on GitHub.
🚨 CVE-2026-47154
In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Simple Metering cluster may be impacted.
🎖@cveNotify
In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Simple Metering cluster may be impacted.
🎖@cveNotify
GitHub
GitHub - SiliconLabsSoftware/sisdk-release: Simplicity GA release repo
Simplicity GA release repo. Contribute to SiliconLabsSoftware/sisdk-release development by creating an account on GitHub.
🚨 CVE-2026-4526
In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed.
🎖@cveNotify
In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed.
🎖@cveNotify
GitHub
GitHub - SiliconLabsSoftware/sisdk-release: Simplicity GA release repo
Simplicity GA release repo. Contribute to SiliconLabsSoftware/sisdk-release development by creating an account on GitHub.
🚨 CVE-2026-54823
Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.
🎖@cveNotify
Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.
🎖@cveNotify
Patchstack
Remote Code Execution (RCE) in WordPress Widget Options Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54829
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection.
This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.
🎖@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection.
This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.
🎖@cveNotify
Patchstack
SQL Injection in WordPress WP Photo Album Plus Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54830
Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Five Star Restaurant Reservations Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54836
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection.
This issue affects YMC Filter: from n/a through 3.11.5.
🎖@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection.
This issue affects YMC Filter: from n/a through 3.11.5.
🎖@cveNotify
Patchstack
SQL Injection in WordPress Filter & Grids Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54842
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Royal MCP: from n/a through 1.4.25.
🎖@cveNotify
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Royal MCP: from n/a through 1.4.25.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Royal MCP Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54844
Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress CheckView Automated Testing Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54848
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data.
This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
🎖@cveNotify
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data.
This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
🎖@cveNotify
Patchstack
Sensitive Data Exposure in WordPress APIExperts Square for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54849
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
🎖@cveNotify
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
🎖@cveNotify
Patchstack
SQL Injection in WordPress Premmerce Wishlist for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56005
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
🎖@cveNotify
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress WP Activity Log Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56013
Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions.
🎖@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions.
🎖@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress License Manager for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56014
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
🎖@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Master Slider Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.