Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-40720

WordPress Royal Elementor Addons Pro plugin < 1.7.1041 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40720

Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.

Royal Elementor Addons Royal Elementor Addons Pro n/a CVE
HIGH 8.1 CVE-2026-39590

WordPress Atomlab theme <= 2.4.5 - Local File Inclusion vulnerability_CVE-2026-39590

Unauthenticated Local File Inclusion in Atomlab

ThemeMove Atomlab n/a CVE
HIGH 8.1 CVE-2026-39576

WordPress SingleMalt theme <= 1.5 - PHP Object Injection vulnerability_CVE-2026-39576

Unauthenticated PHP Object Injection in SingleMalt

Elated-Themes SingleMalt n/a CVE
HIGH 8.1 CVE-2026-39560

WordPress Hiroshi theme <= 1.5.1 - PHP Object Injection vulnerability_CVE-2026-39560

Unauthenticated PHP Object Injection in Hiroshi

Select-Themes Hiroshi n/a CVE
HIGH 8.1 CVE-2026-39559

WordPress Uppercase theme < 1.2.2 - Local File Inclusion vulnerability_CVE-2026-39559

Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.

codesupplyco Uppercase n/a CVE
HIGH 8.1 CVE-2026-39556

WordPress Konsept theme <= 1.9 - PHP Object Injection vulnerability_CVE-2026-39556

Unauthenticated PHP Object Injection in Konsept

Elated-Themes Konsept n/a CVE
HIGH 8.1 CVE-2026-39523

WordPress Solene Core plugin <= 2.3.2 - Local File Inclusion vulnerability_CVE-2026-39523

Unauthenticated Local File Inclusion in Solene Core

Elated-Themes Solene Core n/a CVE
HIGH 8.1 CVE-2026-39445

WordPress Alukas theme < 3.0.0 - PHP Object Injection vulnerability_CVE-2026-39445

Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.

PressLayouts Alukas n/a CVE
HIGH 8.1 CVE-2026-39442

WordPress PressMart theme <= 1.2.26 - PHP Object Injection vulnerability_CVE-2026-39442

Unauthenticated PHP Object Injection in PressMart

PressLayouts PressMart n/a CVE
HIGH 7.1 CVE-2026-10641

Out-of-bounds write in Bluetooth HFP Hands-Free CIND indicator parsing (cind_handle_values)_CVE-2026-10641

Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/classic/hfp_hf.c) contains an out-of-bounds write...

zephyrproject zephyr 1.7.0 CVE