Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.5 CVE-2025-69094

WordPress Unicamp theme <= 2.2.2 - SQL Injection vulnerability_CVE-2025-69094

Subscriber SQL Injection in Unicamp

ThemeMove Unicamp n/a CVE
MEDIUM 5.3 CVE-2025-66076

WordPress Woostify Sites Library plugin <= 1.6.2 - Broken Access Control vulnerability_CVE-2025-66076

Unauthenticated Broken Access Control in Woostify Sites Library

dylan ngo Woostify Sites Library n/a CVE
HIGH 8.1 CVE-2025-58902

WordPress Lighthouse theme <= 1.2.12 - Local File Inclusion vulnerability_CVE-2025-58902

Unauthenticated Local File Inclusion in Lighthouse

AncoraThemes Lighthouse n/a CVE
NONE 5F8E44F7-5CCC-

Privilege-Escalation-Writeups_5F8E44F7-5CCC-5631-80C2-269F3AAEA6E7

Privilege Escalation A curated collection of Linux and Windows privilege escalation techniques, methodologies, and practical write-ups for penetrat...

N/A N/A GITHUBEXPLOIT
NONE SECURELIST:EFBE...

Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects_SECURELIST:EFBEB214C8EF3CBBF2A7335775C7EDB0

![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2026/07/02075840/SL-compromise-assessment-featured-990x400.png) The followin...

N/A N/A SECURELIST
CRITICAL 9.8 2CD27041-974C-

Exploit for Eval Injection in Langflow_2CD27041-974C-51E2-A9B6-B17AEB644C15

CVE-2026-33017 - Langflow Unauthenticated RCE ⚠️ DISCLAIMER: This repository is for authorized security testing and educational purposes only. Use ...

N/A N/A GITHUBEXPLOIT
HIGH 7.5 CVE-2026-9563

CVE-2026-9563_CVE-2026-9563

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of chara...

Eclipse Foundation Eclipse Parsson 1.0.0 CVE
HIGH 8.1 CVE-2026-8147

Authorization Bypass in mlflow/mlflow_CVE-2026-8147

In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators. This al...

mlflow mlflow/mlflow unspecified CVE
HIGH 7.2 CVE-2026-9834

WP Database Backup <= 7.11 - Authenticated (Administrator+) OS Command Injection via 'wp_db_exclude_table' Parameter_CVE-2026-9834

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versi...

databasebackup WP Database Backup – Unlimited Database & Files Backup by Backup for WP CVE
MEDIUM 5.3 CVE-2026-9188

Appointment Bookings for Zoom GoogleMeet and more – Wappointment <= 2.7.6 - Unauthenticated Insecure Direct Object Reference via Predictable 'edit_key' / 'appointmentkey' Parameter_CVE-2026-9188

The Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin for WordPress is vulnerable to Insecure Direct Object Reference in all ...

wappointment Appointment Bookings for Zoom GoogleMeet and more – Wappointment CVE