Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.3 CVE-2026-12902

Kadence Blocks <= 3.7.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Attachment Creation via kadence_import_process_pattern/kadence_import_process_data AJAX Actions_CVE-2026-12902

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, an...

stellarwp Kadence Blocks — Page Builder Toolkit for Gutenberg Editor CVE
MEDIUM 6.4 CVE-2026-12135

FV Flowplayer Video Player <= 7.5.51.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'video_player' Shortcode_CVE-2026-12135

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'video_player' shortcode 'align' attribute...

foliovision FV Flowplayer Video Player CVE
MEDIUM 4.3 CVE-2026-12133

JoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Deletion via season_groupdel AJAX action_CVE-2026-12133

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group D...

beardev JoomSport – for Sports: Team & League, Football, Hockey & more CVE
MEDIUM 5.3 CVE-2026-12127

WPForms <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via Reply-To Display Name_CVE-2026-12127

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutra...

smub WPForms – AI Form Builder for WordPress – Contact Forms, Payment Forms, Survey Form, Quiz & More CVE
MEDIUM 4.3 CVE-2026-12113

Appointment Booking Calendar <= 1.4.02 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure_CVE-2026-12113

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.02 ...

codepeople Appointment Booking Calendar CVE
HIGH 8.8 THN:FE09861FDCE...

Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service_THN:FE09861FDCE8BC6B6F921CB252CBE830

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkaU5jHNUkuBuH0Obx-gU_L4wSKOWP9bPwZeyD8tY1hIHShQozXYO2UckRTb2z5SwreXgHxLzePWkBfixNzY...

N/A N/A THN
NONE 1982C445-A0DC-

sftp-poc-monorepo_1982C445-A0DC-5AFB-83E3-957529DA1061

SFTP POC This repo now includes a complete local SFTP proof of concept: - sftp-server-go/ — Go SFTP server - scripts/poc-upload.sh — OpenSSH client...

N/A N/A GITHUBEXPLOIT
MEDIUM 4.8 CVE-2026-14154

CVE-2026-14154_CVE-2026-14154

Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious ex...

Google Chrome 150.0.7871.47 CVE
MEDIUM 5.3 CVE-2026-14153

CVE-2026-14153_CVE-2026-14153

Inappropriate implementation in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific U...

Google Chrome 150.0.7871.47 CVE
MEDIUM 4.2 CVE-2026-14144

CVE-2026-14144_CVE-2026-14144

Incorrect security UI in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gest...

Google Chrome 150.0.7871.47 CVE