Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.8 CVE-2025-15642

Netskope Client Service Insufficient Access Controls_CVE-2025-15642

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to ...

Netskope Netskope Client CVE
MEDIUM 6.8 CVE-2025-15641

Netskope Client Exposed IOCTL with Insufficient Access Controls_CVE-2025-15641

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can...

Netskope Netskope Client CVE
CRITICAL 9.9 CVE-2026-46765

CVE-2026-46765_CVE-2026-46765

{“lastseen”:””,”description”:””,”published”:”2026-06-16T19:27:13.188Z”,&#82...

Oracle Corporation Oracle WebCenter Portal 12.2.1.4.0 CVE
CRITICAL 9.8 CVE-2026-54194

WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability_CVE-2026-54194

Contributor PHP Object Injection in Fusion Builder

ThemeFusion Fusion Builder n/a CVE
HIGH 8.5 CVE-2026-49113

WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability_CVE-2026-49113

Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.

THEMECO Cornerstone n/a CVE
CRITICAL 9.3 CVE-2026-49080

WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability_CVE-2026-49080

Unauthenticated SQL Injection in wpDataTables

TMS wpDataTables n/a CVE
HIGH 8.5 CVE-2026-49073

WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability_CVE-2026-49073

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL In...

wpWax Directorist Booking n/a CVE
HIGH 7.5 CVE-2026-49057

WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability_CVE-2026-49057

Unauthenticated Broken Access Control in JobSearch

EyeCix Technologies JobSearch n/a CVE
HIGH 7.1 CVE-2026-48869

WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-48869

Unauthenticated Cross Site Scripting (XSS) in Enfold

Kriesi Enfold n/a CVE
MEDIUM 4.8 CVE-2026-48783

Postiz has an unauthenticated billing-enforcement bypass via /public/modify-subscription_CVE-2026-48783

Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and appli...

gitroomhq postiz-app < 2.21.8 CVE