Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-12576

DVP80ES3 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability_CVE-2026-12576

DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability.

deltaww DVP80ES3 CVE
HIGH 7.5 CVE-2026-12575

DVP80ES3 Improper Resource Shutdown or Release Vulnerability_CVE-2026-12575

DVP80ES3 with  Improper Resource Shutdown or Release vulnerability.

deltaww DVP80ES3 CVE
MEDIUM 4.3 CVE-2026-12435

Motors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' Parameter_CVE-2026-12435

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and incl...

stylemix Motors – Car Dealership & Classified Listings Plugin CVE
MEDIUM 4.3 CVE-2026-12408

Slim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' Parameter_CVE-2026-12408

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all ver...

rilwis Slim SEO – A Fast & Automated SEO Plugin For WordPress CVE
HIGH 8.8 CVE-2026-12224

Dokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST Endpoint_CVE-2026-12224

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via update_capabilities REST Endpoint in all versions up to, and including...

wedevs Dokan Pro CVE
HIGH 8.8 CVE-2026-12158

RegistrationMagic <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation via 'rmc_assign_user_role_action' Parameter_CVE-2026-12158

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and ...

metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login 6.0.9.1 CVE
CRITICAL 9.8 CVE-2026-11387

SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset_CVE-2026-11387

The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation...

cozyvision1 SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery 3.9.5 CVE
MEDIUM 5.6 CVE-2026-10540

Weak password hash protection in Control-M/Entreprise Manager_CVE-2026-10540

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attac...

BMC Control-M/Enterprise Manager 9.0.21 CVE
CRITICAL 9.5 CVE-2026-10539

Unauthenticated command injection in Control-M/Server communication command_CVE-2026-10539

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may all...

BMC Control-M/Server 9.0.21.300 CVE
HIGH 8.9 CVE-2026-10538

Improper deserialization handling in Control-M Components_CVE-2026-10538

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out o...

BMC Control-M/Enterprise Manager 9.0.21 CVE