Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.2 CVE-2026-5667

Information Disclosure, Information Tampering, or Denial-of-Service (DoS) Vulnerability in Multiple Home Appliances_CVE-2026-5667

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for R...

Mitsubishi Electric Corporation Room Air Conditioners (for Japan) MSZ-BKR2223-W 42.00 and prior CVE
HIGH 8.8 CVE-2026-54805

WordPress Falang multilanguage plugin <= 1.4.2 - Privilege Escalation vulnerability_CVE-2026-54805

Subscriber Privilege Escalation in Falang multilanguage

sbouey Falang multilanguage n/a CVE
HIGH 7.6 CVE-2026-54804

WordPress Melhor Envio plugin <= 2.16.3 - Broken Authentication vulnerability_CVE-2026-54804

Subscriber Broken Authentication in Melhor Envio

melhorenvio Melhor Envio n/a CVE
HIGH 7.5 CVE-2026-54802

WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerability_CVE-2026-54802

Unauthenticated Broken Authentication in SMS Alert Order Notifications

Cozy Vision Technologies Pvt. Ltd. SMS Alert Order Notifications n/a CVE
HIGH 7.1 CVE-2026-54195

WordPress JetFormBuilder plugin <= 3.6.0.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-54195

Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder

Jetmonsters JetFormBuilder n/a CVE
HIGH 7.1 CVE-2026-54192

WordPress Popup box plugin <= 6.2.9 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-54192

Unauthenticated Cross Site Scripting (XSS) in Popup box

Ays Pro Popup box n/a CVE
HIGH 7.1 CVE-2026-54189

WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability_CVE-2026-54189

Unauthenticated Cross Site Scripting (XSS) in JetEngine

Jetimpex Inc. JetEngine n/a CVE
HIGH 7.1 CVE-2026-54188

WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability_CVE-2026-54188

Unauthenticated Cross Site Scripting (XSS) in JetEngine

Jetimpex Inc. JetEngine n/a CVE
HIGH 8.5 CVE-2026-54185

WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability_CVE-2026-54185

Subscriber SQL Injection in Cornerstone < 7.8.8 versions.

THEMECO Cornerstone n/a CVE
HIGH 8.2 CVE-2026-54184

WordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-54184

Unauthenticated Insecure Direct Object References (IDOR) in Clean Login

Alberto Hornero Clean Login n/a CVE