🚨 CVE-2026-54829
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection.
This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.
🎖@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection.
This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.
🎖@cveNotify
Patchstack
SQL Injection in WordPress WP Photo Album Plus Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54842
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Royal MCP: from n/a through 1.4.25.
🎖@cveNotify
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Royal MCP: from n/a through 1.4.25.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Royal MCP Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54848
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data.
This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
🎖@cveNotify
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data.
This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
🎖@cveNotify
Patchstack
Sensitive Data Exposure in WordPress APIExperts Square for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56005
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
🎖@cveNotify
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress WP Activity Log Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56049
Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
🎖@cveNotify
Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
🎖@cveNotify
Patchstack
Remote Code Execution (RCE) in WordPress Post Snippets Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56050
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects PPOM for WooCommerce: from n/a through 33.0.18.
🎖@cveNotify
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects PPOM for WooCommerce: from n/a through 33.0.18.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress PPOM for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56122
Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traverse outside the webroot directory using traversal-prefixed paths in a single HTTP request to read any file accessible to the servlet engine process, including sensitive system files when the service runs with elevated privileges.
🎖@cveNotify
Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traverse outside the webroot directory using traversal-prefixed paths in a single HTTP request to read any file accessible to the servlet engine process, including sensitive system files when the service runs with elevated privileges.
🎖@cveNotify
Gist
Rick Knowles Winstone Servlet Container - Unauthenticated Arbitrary File Read - (CVE-2026-56122)
Rick Knowles Winstone Servlet Container - Unauthenticated Arbitrary File Read - (CVE-2026-56122) - RickKnowles-WinstoneServletContainerAFR.md
🚨 CVE-2026-57619
Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.
🎖@cveNotify
Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.
🎖@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Elementor Website Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-13222
Our payment integration with Oppwa-based payment methods did not
properly validate payment status responses. An attacker could use a
successful payment status response from one payment and supply it to the
system for a different payment, gaining access to multiple valid
tickets with only one payment.
🎖@cveNotify
Our payment integration with Oppwa-based payment methods did not
properly validate payment status responses. An attacker could use a
successful payment status response from one payment and supply it to the
system for a different payment, gaining access to multiple valid
tickets with only one payment.
🎖@cveNotify
pretix.eu
Security release 2026.5.2 of pretix and multiple plugins
Today, we are releasing pretix 2026.6.1 as well as updates for multiple plugins to fix security-relevant bugs, including ones with high severity.
Please make sure to update your pretix installation as soon as possible.
Please make sure to update your pretix installation as soon as possible.
🚨 CVE-2026-13223
Our payment integration with Computop-based payment methods did not
properly validate payment status responses. An attacker could use a
successful payment status response from one payment and supply it to the
system for a different payment, gaining access to multiple valid
tickets with only one payment.
🎖@cveNotify
Our payment integration with Computop-based payment methods did not
properly validate payment status responses. An attacker could use a
successful payment status response from one payment and supply it to the
system for a different payment, gaining access to multiple valid
tickets with only one payment.
🎖@cveNotify
pretix.eu
Security release 2026.5.2 of pretix and multiple plugins
Today, we are releasing pretix 2026.6.1 as well as updates for multiple plugins to fix security-relevant bugs, including ones with high severity.
Please make sure to update your pretix installation as soon as possible.
Please make sure to update your pretix installation as soon as possible.
🚨 CVE-2026-13225
Malicious HTML content could be injected into the email address of an
order, which pretix showed without sanitization on the confirmation page
for individual tickets in that order.
🎖@cveNotify
Malicious HTML content could be injected into the email address of an
order, which pretix showed without sanitization on the confirmation page
for individual tickets in that order.
🎖@cveNotify
pretix.eu
Security release 2026.5.2 of pretix and multiple plugins
Today, we are releasing pretix 2026.6.1 as well as updates for multiple plugins to fix security-relevant bugs, including ones with high severity.
Please make sure to update your pretix installation as soon as possible.
Please make sure to update your pretix installation as soon as possible.
🚨 CVE-2026-13314
Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.
🎖@cveNotify
Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.
🎖@cveNotify
pretix.eu
Security release 2026.5.2 of pretix and multiple plugins
Today, we are releasing pretix 2026.6.1 as well as updates for multiple plugins to fix security-relevant bugs, including ones with high severity.
Please make sure to update your pretix installation as soon as possible.
Please make sure to update your pretix installation as soon as possible.
🚨 CVE-2026-46735
Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
🎖@cveNotify
Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
🎖@cveNotify
🚨 CVE-2026-49319
Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication.
An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).
🎖@cveNotify
Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication.
An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).
🎖@cveNotify
🚨 CVE-2026-57235
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an out-of-bounds read that typically crashes the process; on JRuby it is not memory-unsafe but returns an incorrect node. This vulnerability is fixed in 1.19.4.
🎖@cveNotify
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an out-of-bounds read that typically crashes the process; on JRuby it is not memory-unsafe but returns an incorrect node. This vulnerability is fixed in 1.19.4.
🎖@cveNotify
GitHub
Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`
### Summary
`Nokogiri::XML::NodeSet#[]` (and its alias `#slice`) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index c...
`Nokogiri::XML::NodeSet#[]` (and its alias `#slice`) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index c...
🚨 CVE-2026-57236
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a string containing a null byte) raises an exception, but only after freeing the document's current encoding string without replacing it. The document is left referencing freed memory, so the next call to Document#encoding reads invalid memory, which can cause a segfault or leak freed bytes into a Ruby String. Affects the CRuby (libxml2) implementation only; JRuby is not affected. This vulnerability is fixed in 1.19.4.
🎖@cveNotify
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a string containing a null byte) raises an exception, but only after freeing the document's current encoding string without replacing it. The document is left referencing freed memory, so the next call to Document#encoding reads invalid memory, which can cause a segfault or leak freed bytes into a Ruby String. Affects the CRuby (libxml2) implementation only; JRuby is not affected. This vulnerability is fixed in 1.19.4.
🎖@cveNotify
GitHub
Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception
### Summary
Calling `Document#encoding=` with an invalid encoding (e.g., a non-string, or a string containing a null byte) raises an exception, but only after freeing the document's current en...
Calling `Document#encoding=` with an invalid encoding (e.g., a non-string, or a string containing a null byte) raises an exception, but only after freeing the document's current en...