Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.4 CVE-2026-7830

UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception_CVE-2026-7830

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth). In rfb/dh.cpp the Diffi...

uvnc UltraVNC CVE
HIGH 7.2 CVE-2026-7829

UltraVNC repeater authenticated out-of-bounds write in rule parser via oversized token_CVE-2026-7829

UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:2...

uvnc UltraVNC CVE
HIGH 7.2 CVE-2026-7517

Custom Payment Gateways for WooCommerce <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting via 'alg_wc_cpg_input_fields' Parameter_CVE-2026-7517

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alg_wc_cpg_input_fields' par...

dhruvin Custom Payment Gateways for WooCommerce CVE
HIGH 7.2 CVE-2026-13731

WPBot <= 8.4.9 - Unauthenticated Stored Cross-Site Scripting via 'conversation' Parameter_CVE-2026-13731

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'co...

quantumcloud WPBot – AI ChatBot for Live Support, Lead Generation, AI Services CVE
HIGH 7.5 CVE-2026-13468

Visualizer <= 4.0.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via /visualizer/v1/action/{chart}/{type}/ REST Endpoint_CVE-2026-13468

The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up t...

themeisle Visualizer – Tables & Charts Manager with Built-in AI Generator CVE
HIGH 7.5 CVE-2026-12923

Video Gallery <= 4.0.3 - Authenticated (Subscriber+) Arbitrary Function Call via 'path' Parameter_CVE-2026-12923

The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficie...

emarket-design Video Gallery – YouTube Gallery, Playlist & Video Grid CVE
HIGH 8.8 THN:FE09861FDCE...

Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service_THN:FE09861FDCE8BC6B6F921CB252CBE830

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkaU5jHNUkuBuH0Obx-gU_L4wSKOWP9bPwZeyD8tY1hIHShQozXYO2UckRTb2z5SwreXgHxLzePWkBfixNzY...

N/A N/A THN
HIGH 7.8 CVE-2026-14191

WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader_CVE-2026-14191

An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) parser in WinRAR and UnRAR (RecVolumes5::ReadHeader in recvol5.cpp). The RecI...

RARLAB WinRAR CVE
HIGH 7.8 296ACC10-E41B-

Exploit for CVE-2026-46331_296ACC10-E41B-5DEC-9F18-8C94AA58D927

CVE-2026-46331 pedit COW – Linux net/sched Packet-Editor Page-Cache Poisoning Vulnerability Executive Summary CVE-2026-46331 nicknamed “pedit COW” ...

N/A N/A GITHUBEXPLOIT
HIGH 8.7 6B3CE709-96E1-

Exploit for CVE-2026-55488_6B3CE709-96E1-5BCB-A0D3-411B7678B06A

CVE-2026-55488 Join/Visit https://t.me/thecodeb0ss to get this PoC...

N/A N/A GITHUBEXPLOIT