π¨ CVE-2026-54837
Unauthenticated Broken Access Control in Intranet & Private Site – All-In-One Intranet <= 1.8.1 versions.
π@cveNotify
Unauthenticated Broken Access Control in Intranet & Private Site – All-In-One Intranet <= 1.8.1 versions.
π@cveNotify
Patchstack
Broken Access Control in WordPress Intranet & Private Site β All-In-One Intranet Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-56010
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.
π@cveNotify
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.
π@cveNotify
Patchstack
Privilege Escalation in WordPress Abandoned Cart Pro for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-56029
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions.
π@cveNotify
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions.
π@cveNotify
Patchstack
Broken Authentication in WordPress CorvusPay WooCommerce Payment Gateway Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-56035
Unauthenticated Multiple Vulnerabilities in BitFire Security <= 5.0.3 versions.
π@cveNotify
Unauthenticated Multiple Vulnerabilities in BitFire Security <= 5.0.3 versions.
π@cveNotify
Patchstack
Multiple Vulnerabilities in WordPress BitFire Security Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-56043
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Customer Reviews for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-56069
Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions.
π@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions.
π@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress Toolset Forms Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57315
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.
π@cveNotify
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.
π@cveNotify
Patchstack
Remote Code Execution (RCE) in WordPress Blocksy Companion Pro Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
β€1
π¨ CVE-2026-57322
Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress weMail Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57617
Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.
π@cveNotify
Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress SeedProd Pro Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57630
Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions.
π@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions.
π@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress Blocksy Companion Pro Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57655
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
π@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
π@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Child Theme Wizard Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57661
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
π@cveNotify
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
π@cveNotify
Patchstack
Broken Access Control in WordPress WPComplete Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-23581
The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application.
π@cveNotify
The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application.
π@cveNotify
π¨ CVE-2026-38639
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parsing a crafted input.
π@cveNotify
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parsing a crafted input.
π@cveNotify
GitHub
pocs/redox/CVE-2026-38639 at master Β· Marsman1996/pocs
to show pocs found. Contribute to Marsman1996/pocs development by creating an account on GitHub.
π¨ CVE-2026-38641
An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library.
π@cveNotify
An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library.
π@cveNotify
GitHub
pocs/redox/CVE-2026-38641 at master Β· Marsman1996/pocs
to show pocs found. Contribute to Marsman1996/pocs development by creating an account on GitHub.
π¨ CVE-2026-39031
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a single SHA-1 hash and RC4 decryption operation, with no brute force required.
π@cveNotify
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a single SHA-1 hash and RC4 decryption operation, with no brute force required.
π@cveNotify
GitHub
GitHub - user6400/cve-2026-39031-lansweeper-lsrunase2-lsencrypt2: CVE-2026-39031 β offline plaintext password recovery for Lansweeperβ¦
CVE-2026-39031 β offline plaintext password recovery for Lansweeper lsrunase 2.0 / lsencrypt 2.0 via a hardcoded RC4 key. PoC + technical advisory. - user6400/cve-2026-39031-lansweeper-lsrunase2-ls...