Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-9563

CVE-2026-9563_CVE-2026-9563

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of chara...

Eclipse Foundation Eclipse Parsson 1.0.0 CVE
HIGH 8.1 CVE-2026-8147

Authorization Bypass in mlflow/mlflow_CVE-2026-8147

In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators. This al...

mlflow mlflow/mlflow unspecified CVE
HIGH 7.2 CVE-2026-9834

WP Database Backup <= 7.11 - Authenticated (Administrator+) OS Command Injection via 'wp_db_exclude_table' Parameter_CVE-2026-9834

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versi...

databasebackup WP Database Backup – Unlimited Database & Files Backup by Backup for WP CVE
MEDIUM 5.3 CVE-2026-9188

Appointment Bookings for Zoom GoogleMeet and more – Wappointment <= 2.7.6 - Unauthenticated Insecure Direct Object Reference via Predictable 'edit_key' / 'appointmentkey' Parameter_CVE-2026-9188

The Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin for WordPress is vulnerable to Insecure Direct Object Reference in all ...

wappointment Appointment Bookings for Zoom GoogleMeet and more – Wappointment CVE
MEDIUM 6.5 CVE-2026-9145

Database for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrary File Copy/Upload via Elementor Pro Form Upload Field 'raw_value'_CVE-2026-9145

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the create_entry_el() funct...

crmperks Database for Contact Form 7, WPforms, Elementor forms CVE
MEDIUM 4.3 CVE-2026-8482

Information leak in NSRPC client history_CVE-2026-8482

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included) ...

Stormshield Stormshield Network Security 4.3.0 CVE
HIGH 7.5 CVE-2026-8441

WP Review Slider Pro <= 12.7.2 - Unauthenticated SQL Injection via 'notinstring' Parameter_CVE-2026-8441

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprp_load_more_revs AJAX action...

https://wpreviewslider.com/ WP Review Slider Pro CVE
HIGH 8.2 CVE-2026-14336

CVE-2026-14336_CVE-2026-14336

PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer.startswith(' https://ci.eclipse.org ') in is_issuer_known, p...

Eclipse Foundation Eclipse CSI - PIA CVE
MEDIUM 6.5 CVE-2026-14029

Groundhogg <= 4.5.8 - Authenticated (Custom+) SQL Injection via 'select' Parameter_CVE-2026-14029

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter ...

trainingbusinesspros Groundhogg — CRM, Newsletters, and Marketing Automation CVE
MEDIUM 5.3 CVE-2026-13459

JetFormBuilder <= 3.6.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via 'context' Parameter_CVE-2026-13459

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3...

jetmonsters JetFormBuilder — Dynamic Blocks Form Builder CVE