π¨ CVE-2025-69134
Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress β Helper <= 1.1.4 versions.
π@cveNotify
Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress β Helper <= 1.1.4 versions.
π@cveNotify
Patchstack
Arbitrary Content Deletion in WordPress OpenAI Chatbot for WordPress β Helper Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-69152
Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding Photography WordPress <= 2.2.2 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding Photography WordPress <= 2.2.2 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Artale | Wedding Photography WordPress Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-69153
Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Trendy Travel Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-69154
Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress SpaLab | Beauty Salon WordPress Theme Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-69155
Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Fitness Zone WordPress Theme Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-69156
Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Kids Zone - Children WordPress Theme Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-11946
An unauthenticated remote attacker can exhaust
server memory via the GetEndpoints Discovery Service in open62541. The
endpointUrl field of GetEndpointsRequest is not validated for length. An
attacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32
length field) delivered across intermediate chunks without ever sending the
final chunk. The server buffers all chunks in RAM indefinitely until the
SecureChannel times out. The attack is
pre-session and bypasses all encryption configurations.
The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.
π@cveNotify
An unauthenticated remote attacker can exhaust
server memory via the GetEndpoints Discovery Service in open62541. The
endpointUrl field of GetEndpointsRequest is not validated for length. An
attacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32
length field) delivered across intermediate chunks without ever sending the
final chunk. The server buffers all chunks in RAM indefinitely until the
SecureChannel times out. The attack is
pre-session and bypasses all encryption configurations.
The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.
π@cveNotify
GitHub
GitHub - open62541/open62541: Open source implementation of OPC UA (OPC Unified Architecture) aka IEC 62541 licensed under Mozillaβ¦
Open source implementation of OPC UA (OPC Unified Architecture) aka IEC 62541 licensed under Mozilla Public License v2.0 - open62541/open62541
π¨ CVE-2026-14449
u5CMS through v12.8.8 is vulnerable to reflected XSS via the βthanksβ parameter in multiple form components
π@cveNotify
u5CMS through v12.8.8 is vulnerable to reflected XSS via the βthanksβ parameter in multiple form components
π@cveNotify
GitHub
Release u5cms-12.8.9 Β· u5cms/u5cms
What's Changed
This release fixes CVE-2026-14449.
Thanks xss fix by @stemind in #177
Full Changelog: v12.8.8...v12.8.9
This release fixes CVE-2026-14449.
Thanks xss fix by @stemind in #177
Full Changelog: v12.8.8...v12.8.9
π¨ CVE-2026-27060
Contributor PHP Object Injection in ARMember Premium <= 7.0 versions.
π@cveNotify
Contributor PHP Object Injection in ARMember Premium <= 7.0 versions.
π@cveNotify
Patchstack
PHP Object Injection in WordPress ARMember Premium Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-27408
Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress NativeChurch Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-27412
Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.
π@cveNotify
Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.
π@cveNotify
Patchstack
Local File Inclusion in WordPress Pearl - Corporate Business Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-27425
Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Automotive Listings Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-27426
Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Automotive Car Dealership Business Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-27430
Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress TheFox Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-27433
Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.
π@cveNotify
Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.
π@cveNotify
Patchstack
Broken Access Control in WordPress Motors Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-27436
Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.
π@cveNotify
Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.
π@cveNotify
Patchstack
Arbitrary Code Execution in WordPress Five Star Business Profile and Schema Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-39448
Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.
π@cveNotify
Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.
π@cveNotify
Patchstack
Broken Access Control in WordPress NOWPayments for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.