Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.4 CVE-2026-9278

Form Builder CP < 1.2.47 - Editor+ Stored XSS via form_structure_CVE-2026-9278

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of ...

Unknown Form Builder CP CVE
HIGH 7.5 CVE-2026-9863

Core Privileged Access Manager (BoKS) upgrade tooling command injection vulnerability_CVE-2026-9863

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installation...

Fortra Core Privileged Access Manager (BoKS) boks-server 8.1.0.0 CVE
CRITICAL 9.8 CVE-2026-9862

Core Privileged Access Manager (BoKS) autoregistration service command injection vulnerability_CVE-2026-9862

Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker ...

Fortra Core Privileged Access Manager (BoKS) boks-server 8.1.0.0 CVE
MEDIUM 5.3 CVE-2026-9595

webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies_CVE-2026-9595

Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR W...

webpack-dev-server webpack-dev-server CVE
MEDIUM 6.5 CVE-2026-8683

Overly long URLs crash the Mattermost Desktop App_CVE-2026-8683

Mattermost Desktop App versions

Mattermost Mattermost CVE
MEDIUM 5.3 CVE-2026-5038

multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads_CVE-2026-5038

Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malf...

multer multer 2.0.0-alpha.1 CVE
MEDIUM 4.8 CVE-2026-10634

Use-after-free in Zephyr native TCP net_tcp_foreach() due to dropping tcp_lock during the callback_CVE-2026-10634

Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CONTAINER_SAF...

zephyrproject zephyr 2.5.0 CVE
MEDIUM 6.5 CVE-2025-15659

WordPress Elizaibots plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability_CVE-2025-15659

Contributor Cross Site Scripting (XSS) in Elizaibots

liseperu Elizaibots n/a CVE
MEDIUM 5.9 CVE-2025-15658

WordPress WP Emmet plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability_CVE-2025-15658

Administrator Cross Site Scripting (XSS) in WP Emmet

rewish WP Emmet n/a CVE
HIGH 7.5 THN:0C053FA1B9E...

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files_THN:0C053FA1B9E28CFF8B119BFB93E9A94A

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgH3B8zgsVZmHEyLi8McE-eOrGvwf6Uh3zyqWrttvaEddXJCot7sybI1o-Ly5Q1TtuEJx9BzXol3oaXSFdzFi...

N/A N/A THN