๐จ CVE-2026-11581
The Kali Forms โ Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a column header on the administrator form-entries screen, allowing users with Contributor-level access or above to store JavaScript that executes in an administrator's session. A missing capability check in the Kali Forms โ Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13's post-duplication action additionally lets the Contributor publish the malicious form so an administrator renders it.
๐@cveNotify
The Kali Forms โ Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a column header on the administrator form-entries screen, allowing users with Contributor-level access or above to store JavaScript that executes in an administrator's session. A missing capability check in the Kali Forms โ Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13's post-duplication action additionally lets the Contributor publish the malicious form so an administrator renders it.
๐@cveNotify
WPScan
Kali Forms < 2.4.13 - Contributor+ Stored XSS via Form Field Caption
See details on Kali Forms < 2.4.13 - Contributor+ Stored XSS via Form Field Caption CVE 2026-11581. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2026-11589
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript (such as HTML or SVG) to a publicly accessible location, leading to Stored Cross-Site Scripting attacks against site users and administrators.
๐@cveNotify
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript (such as HTML or SVG) to a publicly accessible location, leading to Stored Cross-Site Scripting attacks against site users and administrators.
๐@cveNotify
WPScan
WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Stored XSS via File Upload
See details on WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Stored XSS via File Upload CVE 2026-11589. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2026-11590
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks.
๐@cveNotify
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks.
๐@cveNotify
WPScan
WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated SQL Injection via filter[elements] Array Keys
See details on WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated SQL Injection via filter[elements] Array Keys CVE 2026-11590. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2026-12240
The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). Successful exploitation requires an administrator to trigger a user data export while a subscriber-level (or higher) user has stored a crafted serialized XLSXWriter object payload as their display name.
๐@cveNotify
The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). Successful exploitation requires an administrator to trigger a user data export while a subscriber-level (or higher) user has stored a crafted serialized XLSXWriter object payload as their display name.
๐@cveNotify
๐จ CVE-2026-12818
Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling (CWE-770) within their Modbus TCP service.
๐@cveNotify
Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling (CWE-770) within their Modbus TCP service.
๐@cveNotify
๐จ CVE-2026-12819
Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions.
๐@cveNotify
Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions.
๐@cveNotify
๐จ CVE-2026-14164
A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of the same memory region, resulting in a double-free condition. Successful exploitation may cause applications using the vulnerable libarchive API to terminate unexpectedly, leading to a denial of service.
๐@cveNotify
A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of the same memory region, resulting in a double-free condition. Successful exploitation may cause applications using the vulnerable libarchive API to terminate unexpectedly, leading to a denial of service.
๐@cveNotify
๐จ CVE-2026-56137
RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, arbitrary OS command may be executed.
๐@cveNotify
RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, arbitrary OS command may be executed.
๐@cveNotify
jvn.jp
JVN#69681784: RPG MAKER MV and MZ vulnerable to OS command injection
Japan Vulnerability Notes
๐จ CVE-2026-56808
DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected product.
๐@cveNotify
DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected product.
๐@cveNotify
jvn.jp
JVN#28979424: DGM3103SCT vulnerable to OS command injection
Japan Vulnerability Notes
๐จ CVE-2026-56809
Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses Web Image Monitor.
๐@cveNotify
Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses Web Image Monitor.
๐@cveNotify
ใชใณใผใฐใซใผใไผๆฅญใปIRใตใคใ
่ๅผฑๆงใใจใฎๆ
ๅ ฑใชในใ | ใชใณใผใฐใซใผใ ไผๆฅญใปIR | RICOH
2022ๅนด10ๆ1ๆฅไปฅ้ใฏ่ๅผฑๆงๆ
ๅ ฑใๆฌใใผใธใซๆฒ่ผใใพใใใๅฎขๆงใซใจใฃใฆ้่ฆใจๅคๆญใใๅ ดๅใฏใๅพๆฅใจๅๆงใซใ้่ฆใชใ็ฅใใใใซใๆฒ่ผใใใใพใใ
๐จ CVE-2026-9576
The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII (name, email, phone, address, payment information) from calendar groups they do not own.
๐@cveNotify
The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII (name, email, phone, address, payment information) from calendar groups they do not own.
๐@cveNotify
WPScan
Fluent Booking < 2.1.2 - Calendar Manager+ Sensitive Information Disclosure via Attendee Export
See details on Fluent Booking < 2.1.2 - Calendar Manager+ Sensitive Information Disclosure via Attendee Export CVE 2026-9576. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2026-12578
The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.
๐@cveNotify
The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.
๐@cveNotify
๐จ CVE-2025-24815
Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system.
๐@cveNotify
Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system.
๐@cveNotify
Nokia.com
CVE-2025-24815 | Nokia.com
An unrestricted file upload vulnerability in Nokia MantaRay NM
๐จ CVE-2025-24816
Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges.
๐@cveNotify
Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges.
๐@cveNotify
Nokia.com
CVE-2025-24816 | Nokia.com
An Improper Access Control vulnerability in Nokia MantaRay NM
๐จ CVE-2025-7406
Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts.
๐@cveNotify
Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts.
๐@cveNotify
Nokia.com
CVE-2025-7406 | Nokia.com
A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM
๐จ CVE-2026-10763
PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server.
๐@cveNotify
PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server.
๐@cveNotify
๐จ CVE-2026-12076
Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline. The vulnerability allows a remote, unauthenticated attacker to execute
arbitrary SQL statements against the underlying PostgreSQL database,
leading to full database compromise, including credential extraction.
Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 1.5.2 but may also affect other versions.
๐@cveNotify
Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline. The vulnerability allows a remote, unauthenticated attacker to execute
arbitrary SQL statements against the underlying PostgreSQL database,
leading to full database compromise, including credential extraction.
Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 1.5.2 but may also affect other versions.
๐@cveNotify
cert.pl
Podatnoลฤ w oprogramowaniu Raytha CMS
W oprogramowaniu Raytha CMS wykryto podatnoลฤ typu SQL Injection (CVE-2026-12076).
๐จ CVE-2026-12610
A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit.
๐@cveNotify
A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit.
๐@cveNotify
๐จ CVE-2026-6954
Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victimโs browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, display phishing interfaces, or perform actions on the userโs behalf.
๐@cveNotify
Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victimโs browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, display phishing interfaces, or perform actions on the userโs behalf.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Intermark IT's WebControl CMS
INCIBE has coordinated the disclosure of two medium-severity vulnerabilities affecting Intermark ITโs
๐จ CVE-2026-8141
The Ajax Load More - Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'taxonomy_include_children' parameter in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
The Ajax Load More - Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'taxonomy_include_children' parameter in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
Ajax Load More
Facet Filtering with Ajax Load More | Add-ons | Ajax Load More
The Filter add-on provides front-end and admin functionality for building and managing Ajax Load More filter blocks - no coding required!
๐จ CVE-2026-9711
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress (full) is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database, granted the "Enable additional search queries" setting is enabled and at least one published event exists.
๐@cveNotify
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress (full) is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database, granted the "Enable additional search queries" setting is enabled and at least one published event exists.
๐@cveNotify