Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.3 CVE-2026-54831

WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability_CVE-2026-54831

Unauthenticated SQL Injection in GeoDirectory

Paolo GeoDirectory n/a CVE
CRITICAL 9.3 CVE-2026-54827

WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability_CVE-2026-54827

Unauthenticated SQL Injection in Real Estate 7

contempoinc Real Estate 7 3.5.9 CVE
CRITICAL 9.3 CVE-2026-54825

WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability_CVE-2026-54825

Unauthenticated SQL Injection in wpDataTables

wpDataTables wpDataTables n/a CVE
CRITICAL 9.3 CVE-2026-54820

WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability_CVE-2026-54820

Unauthenticated SQL Injection in JetBooking

Crocoblock. Jetimpex Inc. JetBooking n/a CVE
CRITICAL 9 CVE-2026-54636

Dokku: OS Command Injection via app.json managed Cron_CVE-2026-54636

Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku ...

dokku dokku < 0.38.7 CVE
CRITICAL 9 CVE-2026-45408

Dokku: OS Command Injection via App Name in Git Pre-Receive Hook_CVE-2026-45408

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metacharacters. When an authent...

dokku dokku < 0.38.2 CVE
CRITICAL 9 CVE-2026-45406

Dokku: Host RCE via Maliciously Named OpenResty Include Files Injected Through eval_CVE-2026-45406

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository dir...

dokku dokku < 0.38.2 CVE
CRITICAL 9 CVE-2026-45405

Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add_CVE-2026-45405

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary ...

dokku dokku < 0.38.2 CVE
CRITICAL 9.3 THN:051D862466E...

CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue_THN:051D862466EBE7A5DE6BB7DD92EA2EA6

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzGOpsiL9b-uwhocEgzazTFR251KJL6pnZAVCmzty7Nx0uR-vZ9r2-WP95IrRaKJtFoUxmBFbqrkt31Yn2MT...

N/A N/A THN
CRITICAL 9.8 712DBDD2-D55C-

Exploit for CVE-2026-54807_712DBDD2-D55C-55CD-96E6-3E6BD0518E8D

CVE-2026-54807 CVE-2026-54807 WooCommerce Privilege Escalation ║ ║ Unauthenticated Admin Role Assignment via Reg. Form PRİV8 TOOLS AND EXPLOİT CANA...

N/A N/A GITHUBEXPLOIT