Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.3 CVE-2026-54831

WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability_CVE-2026-54831

Unauthenticated SQL Injection in GeoDirectory

Paolo GeoDirectory n/a CVE
CRITICAL 9.3 CVE-2026-54827

WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability_CVE-2026-54827

Unauthenticated SQL Injection in Real Estate 7

contempoinc Real Estate 7 3.5.9 CVE
HIGH 7.6 CVE-2026-54826

WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-54826

Subscriber Insecure Direct Object References (IDOR) in SupportCandy

PSM Plugins SupportCandy n/a CVE
CRITICAL 9.3 CVE-2026-54825

WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability_CVE-2026-54825

Unauthenticated SQL Injection in wpDataTables

wpDataTables wpDataTables n/a CVE
HIGH 7.5 CVE-2026-54824

WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability_CVE-2026-54824

Unauthenticated Sensitive Data Exposure in Ads by WPQuads

Ads WPQuads Ads by WPQuads n/a CVE
CRITICAL 9.3 CVE-2026-54820

WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability_CVE-2026-54820

Unauthenticated SQL Injection in JetBooking

Crocoblock. Jetimpex Inc. JetBooking n/a CVE
MEDIUM 6.5 CVE-2026-52701

WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability_CVE-2026-52701

Unauthenticated Broken Access Control in User Registration

Themegrill User Registration n/a CVE
MEDIUM 6.5 CVE-2026-4339

SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server_CVE-2026-4339

Mattermost versions 10.11.x

Mattermost Mattermost 10.11.0 CVE
HIGH 7.8 CVE-2026-45257

Arbitrary file overwrite via the KTLS receive path_CVE-2026-45257

The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assump...

FreeBSD FreeBSD 15.0-RELEASE CVE
MEDIUM 5.5 CVE-2026-45256

Missing permission check in thr_kill2(2)_CVE-2026-45256

When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not ...

FreeBSD FreeBSD 15.0-RELEASE CVE