๐จ CVE-2026-56070
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
๐@cveNotify
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
๐@cveNotify
Patchstack
SQL Injection in WordPress Advance Product Search Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-56072
Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress WoodMart Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57317
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Simply Schedule Appointments Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57323
Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions.
๐@cveNotify
Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress Flash & HTML5 Video Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57324
Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions.
๐@cveNotify
Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress GIFT4U Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57618
Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.
๐@cveNotify
Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Neve PRO Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57632
Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions.
๐@cveNotify
Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress Email Marketing for WooCommerce by Omnisend Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57645
newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.
๐@cveNotify
newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress Newsletters Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57651
Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.
๐@cveNotify
Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Ghost Kit Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57657
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
๐@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
๐@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Gmail SMTP Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57663
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.
๐@cveNotify
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.
๐@cveNotify
Patchstack
SQL Injection in WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2025-11919
The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code.
๐@cveNotify
The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code.
๐@cveNotify
GitHub
vulnerability-wolfram-cloud-14.2/disclosure.md at main ยท PeterRoberge/vulnerability-wolfram-cloud-14.2
Multi-Tenant Classpath Injection Vulnerability in Wolfram Cloud - PeterRoberge/vulnerability-wolfram-cloud-14.2
๐จ CVE-2026-0685
Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.
๐@cveNotify
Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.
๐@cveNotify
GitHub
GitHub - edgewall/genshi: Python toolkit for generation of output for the web
Python toolkit for generation of output for the web - edgewall/genshi
๐จ CVE-2026-0828
Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes.
๐@cveNotify
Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes.
๐@cveNotify
Safetica
Safetica | Data Loss Prevention and Insider Risk Management
Safetica protects businesses against insider threats, offers data loss protection, and supports regulatory compliance.
๐จ CVE-2025-32394
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in AITextSummarizerBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume 50G of memory, eventually causing memory resources to be exhausted, resulting in DoS. This vulnerability is fixed in 0.6.32.
๐@cveNotify
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in AITextSummarizerBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume 50G of memory, eventually causing memory resources to be exhausted, resulting in DoS. This vulnerability is fixed in 0.6.32.
๐@cveNotify
GitHub
Quadratic memory amplification in AITextSummarizerBlock chunking (DoS via attacker-controlled max_tokens/overlap)
### Summary
There is a DoS vulnerability in AITextSummarizerBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume 50G of m...
There is a DoS vulnerability in AITextSummarizerBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume 50G of m...
๐จ CVE-2025-32423
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in ExtractTextInformationBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume 50G of memory, eventually causing memory resources to be exhausted, resulting in DoS. This vulnerability is fixed in 0.6.32.
๐@cveNotify
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in ExtractTextInformationBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume 50G of memory, eventually causing memory resources to be exhausted, resulting in DoS. This vulnerability is fixed in 0.6.32.
๐@cveNotify
GitHub
User-controlled regex in ExtractTextInformationBlock produces O(n^2) output, enabling memory-exhaustion DoS
### Summary
There is a DoS vulnerability in `ExtractTextInformationBlock`. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume ...
There is a DoS vulnerability in `ExtractTextInformationBlock`. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume ...
๐จ CVE-2026-11779
An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.
๐@cveNotify
An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.
๐@cveNotify
Fluidattacks
PayloadCMS 3.84.1 - Authenticated account lockout bypass through default unlock access | Fluid Attacks
CVE-2026-11779: An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.