Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.4 CVE-2026-4772

Stored XSS in TR7’s WAF-ASP_CVE-2026-4772

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Store...

TR7 Cyber ​​Defense Inc. WAF-ASP v1.0.324.900 CVE
MEDIUM 4.6 CVE-2026-4770

DOM-Based XSS in TR7’s WAF-ASP_CVE-2026-4770

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. Web Application Fire...

TR7 Cyber ​​Defense Inc. WAF-ASP v1.0.42.239 CVE
CRITICAL 9.8 CVE-2026-4767

Improper Access Control in TR7’s WAF-ASP_CVE-2026-4767

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF...

TR7 Cyber ​​Defense Inc. WAF-ASP v1.0.324.900 CVE
MEDIUM 5.1 CVE-2026-54431

Improper Data Validation in liboauth2_CVE-2026-54431

In liboauth2 the Demonstrating Proof-of-Possession (DPoP) verifier accepts a proof whose JSON Web Key (jwk) header contains private key material. R...

OpenIDC liboauth2 CVE
MEDIUM 5.1 CVE-2026-54430

Server-Site Request Forgery in liboauth2_CVE-2026-54430

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2_jose_jwks_aws_alb_resolve() function. The AWS ALB verifier reads both signer and k...

OpenIDC liboauth2 CVE
HIGH 8.8 CVE-2026-57766

WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57766

Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor

XplodedThemes WPIDE – File Manager & Code Editor n/a CVE
HIGH 8.5 CVE-2026-57765

WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability_CVE-2026-57765

Contributor SQL Injection in WP EasyCart

Levelfourdevelopment WP EasyCart n/a CVE
MEDIUM 6.5 CVE-2026-57764

WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57764

Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode

Surbma Surbma | Yoast SEO Breadcrumb Shortcode n/a CVE
MEDIUM 6.5 CVE-2026-57763

WordPress Structured Content plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57763

Contributor Cross Site Scripting (XSS) in Structured Content

Gordon Böhme Structured Content n/a CVE
MEDIUM 5.9 CVE-2026-57762

WordPress Simple URLs plugin <= 151 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57762

Author Cross Site Scripting (XSS) in Simple URLs

Andrew Fiebert Simple URLs n/a CVE