Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.3 CVE-2026-12472

Kirki <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) via 'emailBody' and 'emailSubject' Parameters_CVE-2026-12472

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, a...

themeum Kirki – Freeform Page Builder, Website Builder & Customizer CVE
MEDIUM 4.3 CVE-2026-12134

JoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification via season_groupedit AJAX action_CVE-2026-12134

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to...

beardev JoomSport – for Sports: Team & League, Football, Hockey & more CVE
MEDIUM 5.3 CVE-2026-12122

Kirki <= 6.0.11 - Missing Authorization to Unauthenticated Sensitive Information Exposure via kirki_post_apis_nopriv AJAX Action_CVE-2026-12122

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all version...

themeum Kirki – Freeform Page Builder, Website Builder & Customizer CVE
MEDIUM 5.3 CVE-2026-11896

My Calendar <= 3.7.14 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'vcal' Parameter_CVE-2026-11896

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and includ...

joedolson My Calendar – Accessible Event Manager CVE
MEDIUM 4.4 CVE-2026-10104

Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter_CVE-2026-10104

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom_thumbnail Parameter in all v...

nikhilgadhiya Product Video Gallery for Woocommerce CVE
NONE 81CC3931-A102-

sec-poc_81CC3931-A102-53DE-8AD8-B340E00AFF22

sec-poc...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 34CCFAD0-8C43-

Exploit for CVE-2021-27877_34CCFAD0-8C43-5B1F-B129-EC944F9BD546

CVE-2021-27877 Proof of Concept This repository contains a modified version of the original Rapid7 Metasploit module for CVE-2021-27877 affecting t...

N/A N/A GITHUBEXPLOIT
NONE D21BCA5D-CD24-

blindSQLi_D21BCA5D-CD24-5D1A-BDA7-AFFB29C63D11

blindSQLi A python based blind SQL injection exploitation script This script can be adapted to any SQL injectable url by simply changing the url in...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 THN:545A87363DE...

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack_THN:545A87363DEA6B47B61F5465E5995230

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirfJNnWRTyyKkXeatZdtLvMsQhba-L0J9yuyASwy4T-6nlbGWnkEl0FUBVO8wS6je9Hc9wPdu01JJ0TETOa1...

N/A N/A THN
NONE 2F37FB50-1C17-

Poc_2F37FB50-1C17-5CF9-B22D-FCF5E9C8EBC5

No description provided...

N/A N/A GITHUBEXPLOIT