Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.7 CVE-2026-20463

CVE-2026-20463_CVE-2026-20463

In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious ...

MediaTek, Inc. MediaTek chipset MT2716 CVE
MEDIUM 6.7 CVE-2026-20462

CVE-2026-20462_CVE-2026-20462

In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious ...

MediaTek, Inc. MediaTek chipset MT6739 CVE
MEDIUM 5.9 CVE-2026-20461

CVE-2026-20461_CVE-2026-20461

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service, if a UE has connected...

MediaTek, Inc. MediaTek chipset MT2737 CVE
MEDIUM 5.9 CVE-2026-20460

CVE-2026-20460_CVE-2026-20460

In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE ha...

MediaTek, Inc. MediaTek chipset MT2735 CVE
MEDIUM 5.9 CVE-2026-20459

CVE-2026-20459_CVE-2026-20459

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to ...

MediaTek, Inc. MediaTek chipset MT2716 CVE
MEDIUM 4.3 CVE-2026-11887

Salon Booking System < 10.30.20 - Subscriber+ Booking Approval Bypass_CVE-2026-11887

The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authe...

Unknown Salon Booking System CVE
MEDIUM 4.2 CVE-2026-11570

User Submitted Posts < 20260608 - Unauthenticated Stored XSS via Author Name_CVE-2026-11570

The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display te...

Unknown User Submitted Posts CVE
MEDIUM 4.3 CVE-2026-11562

WS Form LITE < 1.11.8 - Subscriber+ Arbitrary Settings Update_CVE-2026-11562

The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated use...

Unknown WS Form LITE CVE
MEDIUM 6.5 CVE-2026-14258

Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling_CVE-2026-14258

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a ze...

Red Hat Red Hat Enterprise Linux 10 CVE
MEDIUM 6.4 CVE-2026-10095

WP Photo Album Plus <= 9.1.13.005 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'subtext' Shortcode Attribute_CVE-2026-10095

The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtext' parameter in all versions up to, and in...

opajaap WP Photo Album Plus CVE