Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 10 AE6219F6-F23B-

Exploit for CVE-2026-48907_AE6219F6-F23B-5FB3-886B-AFFE2FBDB4B1

CVE-2026-48907 CVE-2026-48907 is a critical improper access control vulnerability in the JCE editor extension for Joomla. It allows unauthenticated...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.6 CVE-2026-55743

OpenHuman desktop agent shell tool sandbox bypass leads to arbitrary command execution_CVE-2026-55743

The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 (default Supervised security policy) can be bypass...

tinyhumansai OpenHuman CVE
CRITICAL 9.3 CVE-2026-54812

WordPress Motors plugin <= 1.4.109 - SQL Injection vulnerability_CVE-2026-54812

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Inject...

StylemixThemes Motors n/a CVE
CRITICAL 9.3 CVE-2026-47103

Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection_CVE-2026-47103

Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by s...

fgmacedo python-statemachine 3.0.0 CVE
CRITICAL 9.1 CVE-2026-50203

Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory allows local file write outside the destination directory via malicious server-supplied directory-entry names_CVE-2026-50203

A path traversal in the SFTP provider (`SFTPHook.retrieve_directory` / `SFTPOperator(operation=get)`) let a malicious or compromised remote SFTP se...

Apache Software Foundation Apache Airflow SFTP provider CVE
CRITICAL 9.6 CVE-2026-12440

CVE-2026-12440_CVE-2026-12440

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox...

Google Chrome 149.0.7827.155 CVE
CRITICAL 9.3 CVE-2026-54819

WordPress Listdom plugin <= 5.4.0 - SQL Injection vulnerability_CVE-2026-54819

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injecti...

Webilia Inc. Listdom n/a CVE
CRITICAL 9.3 CVE-2026-54815

WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerability_CVE-2026-54815

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooComme...

Cargo RD Cargo Shipping Location for WooCommerce n/a CVE
CRITICAL 9.3 CVE-2026-54809

WordPress GIFT4U plugin <= 1.0.10 - SQL Injection vulnerability_CVE-2026-54809

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection....

VillaTheme GIFT4U n/a CVE
CRITICAL 9.3 CVE-2026-54808

WordPress WP Travel Gutenberg Blocks plugin <= 3.9.4 - SQL Injection vulnerability_CVE-2026-54808

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows B...

WP Travel WP Travel Gutenberg Blocks n/a CVE