Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.1 CVE-2026-10750

Royal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP Tools_CVE-2026-10750

The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allow...

Unknown Royal MCP CVE
HIGH 8.8 CVE-2026-13228

LatePoint <= 5.6.3 - Authenticated (Custom+) Privilege Escalation to Administrator via 'order[customer_id]' Parameter_CVE-2026-13228

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in ...

latepoint LatePoint – Calendar Booking Plugin for Appointments and Events CVE
HIGH 7.2 CVE-2026-12142

NEX-Forms <= 9.2.2 - Unauthenticated Stored Cross-Site Scripting via '_name[]' Array Parameter_CVE-2026-12142

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via '_name[]' Array Parameter...

webaways NEX-Forms – Ultimate Forms Plugin for WordPress CVE
HIGH 7.2 CVE-2026-50043

CVE-2026-50043_CVE-2026-50043

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If this vulne...

Seiko Solutions Inc. SkyBridge MB-A100/MB-A110 all versions CVE
HIGH 8.7 CVE-2026-12577

DVP80ES3 Improperly Implemented Security Check for Standard vulnerability_CVE-2026-12577

DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability.

deltaww DVP80ES3 CVE
HIGH 7.5 CVE-2026-12576

DVP80ES3 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability_CVE-2026-12576

DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability.

deltaww DVP80ES3 CVE
HIGH 7.5 CVE-2026-12575

DVP80ES3 Improper Resource Shutdown or Release Vulnerability_CVE-2026-12575

DVP80ES3 with  Improper Resource Shutdown or Release vulnerability.

deltaww DVP80ES3 CVE
HIGH 8.8 CVE-2026-12224

Dokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST Endpoint_CVE-2026-12224

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via update_capabilities REST Endpoint in all versions up to, and including...

wedevs Dokan Pro CVE
HIGH 8.8 CVE-2026-12158

RegistrationMagic <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation via 'rmc_assign_user_role_action' Parameter_CVE-2026-12158

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and ...

metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login 6.0.9.1 CVE
HIGH 8.9 CVE-2026-10538

Improper deserialization handling in Control-M Components_CVE-2026-10538

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out o...

BMC Control-M/Enterprise Manager 9.0.21 CVE