Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-53902

Privilege Escalation in MCO_CVE-2026-53902

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated...

MyComplianceOffice MCO 25.3.3.1 CVE
HIGH 8.8 CVE-2026-5136

Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation_CVE-2026-5136

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. Thi...

Red Hat Red Hat Satellite 6 CVE
HIGH 8.8 THN:45DBF678A05...

AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android_THN:45DBF678A05E043F3FDBB5FE129695AB

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4BJdHYquuxXoz8n0LhMEmm9KPcWcMC57w4LnqbMNCPXMAFdS95ys3zE6F5jZOvSKwsVWp6t3z8pVImRJ3Nv...

N/A N/A THN
HIGH 8.1 E4BC4653-1B76-

harfbuzz-stch-oob-write_E4BC4653-1B76-59F0-83C7-DDDABD36A472

HarfBuzz applystch — Integer Overflow → Heap OOB Write Crash harness, trigger font, and browser PoC for the integer overflow in HarfBuzz's applystc...

N/A N/A GITHUBEXPLOIT
HIGH 8.1 D7683152-09DF-

Exploit for Cross-Site Request Forgery (CSRF) in Apple Safari_D7683152-09DF-5A98-A55B-3490F8CFF60E

CVE-2026-43735 WebKit cross-domain information leakage. Safari = 26.5.2: PATCHED NavigateEvent.sourceElement is null...

N/A N/A GITHUBEXPLOIT
HIGH 7.5 CVE-2026-20458

CVE-2026-20458_CVE-2026-20458

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has conne...

MediaTek, Inc. MediaTek chipset MT2716 CVE
HIGH 7.2 CVE-2026-11883

WebAuthn Provider for Two Factor < 2.5.6 - 2FA Bypass_CVE-2026-11883

The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing ...

Unknown WebAuthn Provider for Two Factor CVE
HIGH 8.1 CVE-2026-11794

Advanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role Mapping_CVE-2026-11794

The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it crea...

Unknown Advanced Form Integration — Connect Forms to 200+ Apps CVE
HIGH 7.5 CVE-2026-11568

Product Configurator for WooCommerce < 1.7.3 - Unauthenticated Private/Draft Product Data Disclosure via pc_get_data_CVE-2026-11568

The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning Woo...

Unknown Product Configurator for WooCommerce CVE
HIGH 8.1 CVE-2026-10750

Royal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP Tools_CVE-2026-10750

The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allow...

Unknown Royal MCP CVE