π¨ CVE-2026-57329
Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.
π@cveNotify
Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress WooCommerce Designer Pro Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57330
Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.
π@cveNotify
Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress MasterStudy LMS Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57331
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
π@cveNotify
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
π@cveNotify
Patchstack
Arbitrary File Deletion in WordPress Paid Videochat Turnkey Site Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57332
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
π@cveNotify
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
π@cveNotify
Patchstack
Broken Access Control in WordPress Wallet System for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57333
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Link Whisper Free Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57334
Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.
π@cveNotify
Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.
π@cveNotify
Patchstack
Broken Access Control in WordPress WP User Frontend Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57335
Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions.
π@cveNotify
Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions.
π@cveNotify
Patchstack
Broken Access Control in WordPress Ads by WPQuads Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57336
Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Jobify Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57337
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Landing Page Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57338
Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress ARForms Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57339
Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions.
π@cveNotify
Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions.
π@cveNotify
Patchstack
Broken Access Control in WordPress Business Directory Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57340
Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions.
π@cveNotify
Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions.
π@cveNotify
Patchstack
Broken Access Control in WordPress Japanized For WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57341
Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : MΓ©thodes de livraison pour WooCommerce <= 2.9.0 versions.
π@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : MΓ©thodes de livraison pour WooCommerce <= 2.9.0 versions.
π@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress Colissimo Officiel : MΓ©thodes de livraison pour WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-13580
A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
lavender-bicycle-a5a on Notion
EDIMAX-EW-7478APC-formQoS | Notion
Overview
π¨ CVE-2026-13582
A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
lavender-bicycle-a5a on Notion
EDIMAX-EW-7478APC-formUSBAccount | Notion
Overview
π¨ CVE-2026-13583
A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
lavender-bicycle-a5a on Notion
EDIMAX-EW-7478APC-formUSBFolder | Notion
Overview
π¨ CVE-2026-13587
A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parse_by_block_type of the file light_pcapng.c of the component LightPcapNg Parser. Performing a manipulation of the argument captured_packet_length results in heap-based buffer overflow. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been made public and could be used.
π@cveNotify
A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parse_by_block_type of the file light_pcapng.c of the component LightPcapNg Parser. Performing a manipulation of the argument captured_packet_length results in heap-based buffer overflow. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been made public and could be used.
π@cveNotify
GitHub
GitHub - seladb/PcapPlusPlus: PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets.β¦
PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most p...
π¨ CVE-2026-13742
Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends updating to the most recent version of this product, service, or offering [V27 SP1, V28 SP1]
π@cveNotify
Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends updating to the most recent version of this product, service, or offering [V27 SP1, V28 SP1]
π@cveNotify
π¨ CVE-2026-12912
A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT_8BITABGR output format and a specific stride value, leading to a heap-based buffer overflow. This could potentially result in arbitrary code execution or a denial of service (DoS).
π@cveNotify
A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT_8BITABGR output format and a specific stride value, leading to a heap-based buffer overflow. This could potentially result in arbitrary code execution or a denial of service (DoS).
π@cveNotify
π¨ CVE-2026-13588
A vulnerability was determined in seladb PcapPlusPlus 25.05. The impacted element is the function pcpp::SSLClientHelloMessage::getHandshakeVersion of the file Packet++/src/SSLHandshake.cpp of the component TLS Hello Handler. Executing a manipulation of the argument handshakeVersion can lead to heap-based buffer overflow. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. This patch is called 98e671010bc7c87b95898c22ae289220ae92542b. It is best practice to apply a patch to resolve this issue.
π@cveNotify
A vulnerability was determined in seladb PcapPlusPlus 25.05. The impacted element is the function pcpp::SSLClientHelloMessage::getHandshakeVersion of the file Packet++/src/SSLHandshake.cpp of the component TLS Hello Handler. Executing a manipulation of the argument handshakeVersion can lead to heap-based buffer overflow. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. This patch is called 98e671010bc7c87b95898c22ae289220ae92542b. It is best practice to apply a patch to resolve this issue.
π@cveNotify
GitHub
GitHub - seladb/PcapPlusPlus: PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets.β¦
PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most p...
π¨ CVE-2026-13589
A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit is publicly available and might be used. The identifier of the patch is 98e671010bc7c87b95898c22ae289220ae92542b. It is recommended to apply a patch to fix this issue.
π@cveNotify
A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit is publicly available and might be used. The identifier of the patch is 98e671010bc7c87b95898c22ae289220ae92542b. It is recommended to apply a patch to fix this issue.
π@cveNotify
GitHub
GitHub - seladb/PcapPlusPlus: PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets.β¦
PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most p...