Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-57313

WordPress SureCart plugin <= 4.2.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57313

Subscriber Cross Site Scripting (XSS) in SureCart

SureCart SureCart n/a CVE
MEDIUM 5.8 CVE-2026-56066

WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbitrary File Deletion vulnerability_CVE-2026-56066

Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images

ShortPixel ShortPixel Adaptive Images n/a CVE
MEDIUM 6.5 CVE-2026-56048

WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-56048

Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce

tychesoftwares Payment Gateway Based Fees and Discounts for WooCommerce n/a CVE
MEDIUM 6.5 CVE-2026-56046

WordPress ListingPro theme <= 2.9.11 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56046

Subscriber Cross Site Scripting (XSS) in ListingPro

CridioStudio ListingPro n/a CVE
MEDIUM 6.4 CVE-2026-56026

WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability_CVE-2026-56026

Subscriber Server Side Request Forgery (SSRF) in utm.codes

Chris Carlevato utm.codes n/a CVE
MEDIUM 6.5 CVE-2026-52701

WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability_CVE-2026-52701

Unauthenticated Broken Access Control in User Registration

Themegrill User Registration n/a CVE
MEDIUM 6.5 CVE-2026-4339

SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server_CVE-2026-4339

Mattermost versions 10.11.x

Mattermost Mattermost 10.11.0 CVE
MEDIUM 5.5 CVE-2026-45256

Missing permission check in thr_kill2(2)_CVE-2026-45256

When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not ...

FreeBSD FreeBSD 15.0-RELEASE CVE
MEDIUM 6.5 CVE-2026-30040

CVE-2026-30040_CVE-2026-30040

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the...

n/a n/a n/a CVE
MEDIUM 5.3 CVE-2026-24547

WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability_CVE-2026-24547

Unauthenticated Broken Access Control in SiteGround Email Marketing

SiteGround SiteGround Email Marketing n/a CVE