Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.4 CVE-2026-12114

Team Members <= 8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'custom_css' Parameter_CVE-2026-12114

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all...

wpmart Team Members – Multi Language Supported Team Plugin CVE
MEDIUM 4.3 CVE-2026-8944

Plugin for Google Analytics by IO technologies <= 1.1 - Cross-Site Request Forgery via 'ga_id' Parameter_CVE-2026-8944

The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and includin...

engagementanalytics Plugin for Google Analytics by IO technologies CVE
MEDIUM 4.4 CVE-2026-12560

Editorial Rating <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Link URL' Field_CVE-2026-12560

The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all...

wpqode Editorial Rating – Product Review & Rating System CVE
HIGH 7.5 CVE-2026-12243

Path Traversal via Percent-Encoding in nltk.data.find() and nltk.data.load()_CVE-2026-12243

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in ...

nltk nltk/nltk unspecified CVE
HIGH 8.4 CVE-2026-58302

CVE-2026-58302_CVE-2026-58302

rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via d...

LinuxCNC LinuxCNC CVE
MEDIUM 6.2 CVE-2026-10648

NULL-pointer dereference in MCUmgr serial/console SMP transport on buffer-pool exhaustion_CVE-2026-10648

mcumgr_serial_process_frag() in subsys/mgmt/mcumgr/transport/src/serial_util.c calls net_buf_reset() on the result of smp_packet_alloc() before che...

zephyrproject zephyr 4.4.0 CVE
HIGH 7.5 CVE-2026-56018

JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory growth_CVE-2026-56018

JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory growth. In JsMinify (XS.xs...

GTERMARS JavaScript::Minifier::XS CVE
HIGH 7.5 CVE-2026-56017

JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful token of the input is a slash_CVE-2026-56017

JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful token of the input is a slas...

GTERMARS JavaScript::Minifier::XS CVE
MEDIUM 6.5 CVE-2026-43746

CVE-2026-43746_CVE-2026-43746

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tah...

Apple Safari CVE
MEDIUM 6.5 CVE-2026-43745

CVE-2026-43745_CVE-2026-43745

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macO...

Apple Safari CVE