Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.8 CVE-2026-5136

Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation_CVE-2026-5136

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. Thi...

Red Hat Red Hat Satellite 6 CVE
HIGH 8.8 THN:45DBF678A05...

AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android_THN:45DBF678A05E043F3FDBB5FE129695AB

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4BJdHYquuxXoz8n0LhMEmm9KPcWcMC57w4LnqbMNCPXMAFdS95ys3zE6F5jZOvSKwsVWp6t3z8pVImRJ3Nv...

N/A N/A THN
HIGH 8.1 E4BC4653-1B76-

harfbuzz-stch-oob-write_E4BC4653-1B76-59F0-83C7-DDDABD36A472

HarfBuzz applystch — Integer Overflow → Heap OOB Write Crash harness, trigger font, and browser PoC for the integer overflow in HarfBuzz's applystc...

N/A N/A GITHUBEXPLOIT
HIGH 8.1 D7683152-09DF-

Exploit for Cross-Site Request Forgery (CSRF) in Apple Safari_D7683152-09DF-5A98-A55B-3490F8CFF60E

CVE-2026-43735 WebKit cross-domain information leakage. Safari = 26.5.2: PATCHED NavigateEvent.sourceElement is null...

N/A N/A GITHUBEXPLOIT
HIGH 7.5 CVE-2026-20458

CVE-2026-20458_CVE-2026-20458

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has conne...

MediaTek, Inc. MediaTek chipset MT2716 CVE
HIGH 7.2 CVE-2026-11883

WebAuthn Provider for Two Factor < 2.5.6 - 2FA Bypass_CVE-2026-11883

The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing ...

Unknown WebAuthn Provider for Two Factor CVE
HIGH 8.1 CVE-2026-11794

Advanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role Mapping_CVE-2026-11794

The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it crea...

Unknown Advanced Form Integration — Connect Forms to 200+ Apps CVE
HIGH 7.5 CVE-2026-11568

Product Configurator for WooCommerce < 1.7.3 - Unauthenticated Private/Draft Product Data Disclosure via pc_get_data_CVE-2026-11568

The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning Woo...

Unknown Product Configurator for WooCommerce CVE
HIGH 8.1 CVE-2026-10750

Royal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP Tools_CVE-2026-10750

The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allow...

Unknown Royal MCP CVE
HIGH 8.8 CVE-2026-13228

LatePoint <= 5.6.3 - Authenticated (Custom+) Privilege Escalation to Administrator via 'order[customer_id]' Parameter_CVE-2026-13228

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in ...

latepoint LatePoint – Calendar Booking Plugin for Appointments and Events CVE