🚨 CVE-2026-12375
The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with malicious code after the vendor's uncanny-automator-pro WordPress plugin before 7.3.0.6 update/distribution infrastructure was compromised; the injected backdoor grants unauthenticated attackers an administrator session on affected sites and beacons the site's secret keys and administrator details to attacker-controlled servers.
🎖@cveNotify
The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with malicious code after the vendor's uncanny-automator-pro WordPress plugin before 7.3.0.6 update/distribution infrastructure was compromised; the injected backdoor grants unauthenticated attackers an administrator session on affected sites and beacons the site's secret keys and administrator details to attacker-controlled servers.
🎖@cveNotify
WPScan
Uncanny Automator Pro 7.3.0.5 - Backdoor via Compromised Vendor Update Server
See details on Uncanny Automator Pro 7.3.0.5 - Backdoor via Compromised Vendor Update Server CVE 2026-12375. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2026-4375
The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users.
🎖@cveNotify
The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users.
🎖@cveNotify
WPScan
DoLeads Integrator <= 1.2.2 & wp2epub <= 0.65 - Unauthenticated RCE
See details on DoLeads Integrator <= 1.2.2 & wp2epub <= 0.65 - Unauthenticated RCE CVE 2026-4375. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2026-57867
MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords (OTP) to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3.
🎖@cveNotify
MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords (OTP) to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3.
🎖@cveNotify
GitHub
GitHub - microrealestate/microrealestate: This is an Open Source Real estate management system that helps landlords to manage their…
This is an Open Source Real estate management system that helps landlords to manage their rentals and properties - microrealestate/microrealestate
🚨 CVE-2026-57868
MicroRealEstate is affected by broken object-level access controls in PDF generator functionality.
This issue affects MicroRealEstate: through 1.0.0-alpha3.
🎖@cveNotify
MicroRealEstate is affected by broken object-level access controls in PDF generator functionality.
This issue affects MicroRealEstate: through 1.0.0-alpha3.
🎖@cveNotify
GitHub
GitHub - microrealestate/microrealestate: This is an Open Source Real estate management system that helps landlords to manage their…
This is an Open Source Real estate management system that helps landlords to manage their rentals and properties - microrealestate/microrealestate
🚨 CVE-2026-57869
Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization.
This issue affects MicroRealEstate: through 1.0.0-alpha3.
🎖@cveNotify
Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization.
This issue affects MicroRealEstate: through 1.0.0-alpha3.
🎖@cveNotify
GitHub
GitHub - microrealestate/microrealestate: This is an Open Source Real estate management system that helps landlords to manage their…
This is an Open Source Real estate management system that helps landlords to manage their rentals and properties - microrealestate/microrealestate
🚨 CVE-2026-57870
Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization.
This issue affects MicroRealEstate: through 1.0.0-alpha3.
🎖@cveNotify
Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization.
This issue affects MicroRealEstate: through 1.0.0-alpha3.
🎖@cveNotify
GitHub
GitHub - microrealestate/microrealestate: This is an Open Source Real estate management system that helps landlords to manage their…
This is an Open Source Real estate management system that helps landlords to manage their rentals and properties - microrealestate/microrealestate
🚨 CVE-2026-57871
Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files.
This issue affects MicroRealEstate: through 1.0.0-alpha3.
🎖@cveNotify
Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files.
This issue affects MicroRealEstate: through 1.0.0-alpha3.
🎖@cveNotify
GitHub
GitHub - microrealestate/microrealestate: This is an Open Source Real estate management system that helps landlords to manage their…
This is an Open Source Real estate management system that helps landlords to manage their rentals and properties - microrealestate/microrealestate
🚨 CVE-2026-58315
Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed.
🎖@cveNotify
Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed.
🎖@cveNotify
jvn.jp
JVN#87285119: SEIKO EPSON printers and scanners Web Config vulnerable to cross-site request forgery
Japan Vulnerability Notes
🚨 CVE-2026-5730
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers.
This issue affects Ontime: through 04052026.
🎖@cveNotify
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers.
This issue affects Ontime: through 04052026.
🎖@cveNotify
siberguvenlik.gov.tr
T.C. Siber Güvenlik Başkanlığı
Türkiye Cumhuriyeti Cumhurbaşkanlığı Siber Güvenlik Başkanlığı resmi web sitesi.
🚨 CVE-2026-5799
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers.
This issue affects Ontime: through 04052026.
🎖@cveNotify
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers.
This issue affects Ontime: through 04052026.
🎖@cveNotify
siberguvenlik.gov.tr
T.C. Siber Güvenlik Başkanlığı
Türkiye Cumhuriyeti Cumhurbaşkanlığı Siber Güvenlik Başkanlığı resmi web sitesi.
🚨 CVE-2026-8306
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Stored XSS.
This issue affects Access Control System (GKS): before Version 2.
🎖@cveNotify
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Stored XSS.
This issue affects Access Control System (GKS): before Version 2.
🎖@cveNotify
siberguvenlik.gov.tr
T.C. Siber Güvenlik Başkanlığı
Türkiye Cumhuriyeti Cumhurbaşkanlığı Siber Güvenlik Başkanlığı resmi web sitesi.
🚨 CVE-2026-8309
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Reflected XSS.
This issue affects Access Control System (GKS): before Version 2.
🎖@cveNotify
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Reflected XSS.
This issue affects Access Control System (GKS): before Version 2.
🎖@cveNotify
siberguvenlik.gov.tr
T.C. Siber Güvenlik Başkanlığı
Türkiye Cumhuriyeti Cumhurbaşkanlığı Siber Güvenlik Başkanlığı resmi web sitesi.
🚨 CVE-2026-8377
Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Collect Data from Common Resource Locations.
This issue affects Access Control System (GKS): before Version 2.
🎖@cveNotify
Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Collect Data from Common Resource Locations.
This issue affects Access Control System (GKS): before Version 2.
🎖@cveNotify
siberguvenlik.gov.tr
T.C. Siber Güvenlik Başkanlığı
Türkiye Cumhuriyeti Cumhurbaşkanlığı Siber Güvenlik Başkanlığı resmi web sitesi.
🚨 CVE-2026-13199
EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the quality of random numbers or delay booting while sufficient entropy is accumulated from other sources.
🎖@cveNotify
EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the quality of random numbers or delay booting while sufficient entropy is accumulated from other sources.
🎖@cveNotify
GitHub
pieeprom-2026-05-26: 2712: Make Pi 5 use the correct entropy source for kaslr-seed and rng-seed (latest) by timg236 · Pull Request…
Make Pi 5 use the correct entropy source
The kernel looks to Device Tree for the rng-seed and kaslr-seed values as sources of entropy. On Pi 5 the bootsys code enables the HWRNG, but for historical...
The kernel looks to Device Tree for the rng-seed and kaslr-seed values as sources of entropy. On Pi 5 the bootsys code enables the HWRNG, but for historical...
🚨 CVE-2026-58384
A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
🎖@cveNotify
A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
🎖@cveNotify
🚨 CVE-2026-11610
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server
(389-ds-base). After a successful SASL bind with integrity protection (SSF > 0),
an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet
that is copied into a 512-byte heap receive buffer without a bounds check in
sasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of
attacker-controlled data to overflow the buffer, causing a denial of service (server
crash). In FreeIPA and Red Hat Identity Management deployments, any domain user with
a valid Kerberos ticket, any enrolled host, or any service account can trigger this
vulnerability over the network after authenticating via GSSAPI.
The vulnerable code path has existed since approximately 2013 (389-ds-base 1.3.2) and
was not addressed by the CVE-2025-14905 fix, which patched a separate heap overflow
in schema.c only.
🎖@cveNotify
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server
(389-ds-base). After a successful SASL bind with integrity protection (SSF > 0),
an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet
that is copied into a 512-byte heap receive buffer without a bounds check in
sasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of
attacker-controlled data to overflow the buffer, causing a denial of service (server
crash). In FreeIPA and Red Hat Identity Management deployments, any domain user with
a valid Kerberos ticket, any enrolled host, or any service account can trigger this
vulnerability over the network after authenticating via GSSAPI.
The vulnerable code path has existed since approximately 2013 (389-ds-base 1.3.2) and
was not addressed by the CVE-2025-14905 fix, which patched a separate heap overflow
in schema.c only.
🎖@cveNotify
🚨 CVE-2026-14474
A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo privileges on all SSSD-enrolled hosts.
🎖@cveNotify
A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo privileges on all SSSD-enrolled hosts.
🎖@cveNotify
🚨 CVE-2026-14476
A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL configurations with SELinux enforcing, this can be used to inject Kerberos configuration leading to authentication bypass.
🎖@cveNotify
A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL configurations with SELinux enforcing, this can be used to inject Kerberos configuration leading to authentication bypass.
🎖@cveNotify
🚨 CVE-2026-14867
Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials.
Active Directory accounts are not affected by this vulnerability.
🎖@cveNotify
Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials.
Active Directory accounts are not affected by this vulnerability.
🎖@cveNotify
PcVue
Security Bulletins | PcVue
Stay informed with the latest PcVue security bulletins. Review updates, patches, and advisories to keep your system protected and up to date.
🚨 CVE-2026-14868
The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gain privileged access to the PcVue application.
🎖@cveNotify
The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gain privileged access to the PcVue application.
🎖@cveNotify
PcVue
Security Bulletins | PcVue
Stay informed with the latest PcVue security bulletins. Review updates, patches, and advisories to keep your system protected and up to date.
🚨 CVE-2026-48828
The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based `should_hide_value_for_key` check (which triggers on secret-suffixed key names like `*_password` / `*_token` / `*_secret`) could not fire for JSON-decodable variable values. An authenticated UI/API user with bulk Variable read permission could retrieve plaintext values from JSON variables whose key would otherwise trigger redaction. Affects deployments that store sensitive values in JSON-typed Airflow Variables under secret-suffixed key names. Users are advised to upgrade to `apache-airflow` 3.3.0 or later (the fix landed on `main` after 3.2.2; no 3.2.x backport).
🎖@cveNotify
The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based `should_hide_value_for_key` check (which triggers on secret-suffixed key names like `*_password` / `*_token` / `*_secret`) could not fire for JSON-decodable variable values. An authenticated UI/API user with bulk Variable read permission could retrieve plaintext values from JSON variables whose key would otherwise trigger redaction. Affects deployments that store sensitive values in JSON-typed Airflow Variables under secret-suffixed key names. Users are advised to upgrade to `apache-airflow` 3.3.0 or later (the fix landed on `main` after 3.2.2; no 3.2.x backport).
🎖@cveNotify
GitHub
Fix the miss redact in variable Json value by shubhamraj-git · Pull Request #67495 · apache/airflow
When a Variable's key matches the sensitive-key heuristic (e.g. db_password), its value is correctly masked when stored as a plain string but if the value is valid JSON, the redact() call i...