Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.8 CVE-2026-5524

Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution via 'acceptFileTypes' Parameter_CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and includ...

Divi Engine Divi Form Builder CVE
MEDIUM 5.3 CVE-2026-58653

PraisonAI – Authorization Bypass via Unvalidated project_id in Issue Create/Update_CVE-2026-58653

PraisonAI before 0.1.7 fails to validate that project_id in issue create and update request bodies belongs to the URL workspace. An attacker can cr...

PraisonAI PraisonAI CVE
HIGH 7.7 CVE-2026-58652

luci-app-travelmate – Arbitrary Command Execution via UCI Script Parameter_CVE-2026-58652

luci-app-travelmate (and the travelmate package) contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL...

openwrt luci-app-travelmate 2.4.5-r3 CVE
MEDIUM 5.4 CVE-2026-4772

Stored XSS in TR7’s WAF-ASP_CVE-2026-4772

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Store...

TR7 Cyber ​​Defense Inc. WAF-ASP v1.0.324.900 CVE
MEDIUM 4.6 CVE-2026-4770

DOM-Based XSS in TR7’s WAF-ASP_CVE-2026-4770

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. Web Application Fire...

TR7 Cyber ​​Defense Inc. WAF-ASP v1.0.42.239 CVE
CRITICAL 9.8 CVE-2026-4767

Improper Access Control in TR7’s WAF-ASP_CVE-2026-4767

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF...

TR7 Cyber ​​Defense Inc. WAF-ASP v1.0.324.900 CVE
NONE THN:425C8F77D2E...

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API_THN:425C8F77D2E775E794A788739D4B6222

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMMnC-1ujLiZRcV1xgXbB3qFoIREcbSiGqLCFID8-G-z8GFI3YEY8VniprVEBW4b4TZKJUvoRDg27elntNJW...

N/A N/A THN
NONE SCHNEIER:E75959...

Cybersecurity Mission Creep in the US_SCHNEIER:E759596C7E656DDAABCCFE50B4F0D1BE

Interesting paper: "Cybersecurity Mission Creep." > **Abstract:** Cybersecurity is experiencing mission creep. Policymakers are casting more and m...

N/A N/A SCHNEIER
NONE HACKREAD:E56D6B...

Sysdig Details JADEPUFFER, the First Documented Agentic Ransomware Operation_HACKREAD:E56D6B8E8719F548D5BBEDBAE6A485A9

A new Sysdig report traces how an LLM agent abused a Langflow flaw, stole credentials, reached production MySQL, and destroyed Nacos config data in...

N/A N/A HACKREAD
NONE THN:952025EBFDC...

Identity Lifecycle Management Wasn’t Built for AI Agents _THN:952025EBFDC8E034F24F24D839ADBC97

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwwp0Bf4s6Xp_L13nlIV5Pf2D0awJsA5cDdev6yCr9f7nLVbmJmzqJ01cmdJkO4K0E3KEvdHhK10ZDai_tXV...

N/A N/A THN