Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.3 CVE-2026-47103

Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection_CVE-2026-47103

Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by s...

fgmacedo python-statemachine 3.0.0 CVE
CRITICAL 9.1 CVE-2026-50203

Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory allows local file write outside the destination directory via malicious server-supplied directory-entry names_CVE-2026-50203

A path traversal in the SFTP provider (`SFTPHook.retrieve_directory` / `SFTPOperator(operation=get)`) let a malicious or compromised remote SFTP se...

Apache Software Foundation Apache Airflow SFTP provider CVE
CRITICAL 9.6 CVE-2026-12440

CVE-2026-12440_CVE-2026-12440

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox...

Google Chrome 149.0.7827.155 CVE
CRITICAL 9.3 CVE-2026-54819

WordPress Listdom plugin <= 5.4.0 - SQL Injection vulnerability_CVE-2026-54819

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injecti...

Webilia Inc. Listdom n/a CVE
CRITICAL 9.3 CVE-2026-54815

WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerability_CVE-2026-54815

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooComme...

Cargo RD Cargo Shipping Location for WooCommerce n/a CVE
CRITICAL 9.3 CVE-2026-54809

WordPress GIFT4U plugin <= 1.0.10 - SQL Injection vulnerability_CVE-2026-54809

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection....

VillaTheme GIFT4U n/a CVE
CRITICAL 9.3 CVE-2026-54808

WordPress WP Travel Gutenberg Blocks plugin <= 3.9.4 - SQL Injection vulnerability_CVE-2026-54808

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows B...

WP Travel WP Travel Gutenberg Blocks n/a CVE
CRITICAL 9.8 CVE-2026-49108

WordPress Moderno theme < 1.43 - PHP Object Injection vulnerability_CVE-2026-49108

Unauthenticated PHP Object Injection in Moderno < 1.43 versions.

park_of_ideas Moderno n/a CVE
CRITICAL 9.8 CVE-2025-60231

WordPress The Hospital theme <= 1.8.1 - PHP Object Injection vulnerability_CVE-2025-60231

Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a...

EMV The Hospital n/a CVE
CRITICAL 9.8 CVE-2025-69127

WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability_CVE-2025-69127

Unauthenticated PHP Object Injection in Plumbing

ThemeREX Plumbing n/a CVE