Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.8 CVE-2026-11387

SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset_CVE-2026-11387

The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation...

cozyvision1 SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery 3.9.5 CVE
CRITICAL 9.5 CVE-2026-10539

Unauthenticated command injection in Control-M/Server communication command_CVE-2026-10539

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may all...

BMC Control-M/Server 9.0.21.300 CVE
CRITICAL 9.8 CVE-2026-7840

UltraVNC repeater HTTP server global buffer overflow via long URI (pre-auth RCE)_CVE-2026-7840

UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wi_senderr() and wi_r...

uvnc UltraVNC 1.8.2.2 CVE
CRITICAL 9.1 CVE-2026-7839

UltraVNC repeater ships hardcoded default admin password allowing unauthenticated admin access_CVE-2026-7839

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, ...

uvnc UltraVNC CVE
CRITICAL 9.1 CVE-2026-6070

WP-BusinessDirectory <= 4.0.1 - Unauthenticated Arbitrary File Deletion via Path Traversal via '_filename' Parameter_CVE-2026-6070

The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This ...

cmsjunkie WP-BusinessDirectory – Business directory plugin for WordPress CVE
CRITICAL 9.8 0226128F-57F7-

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity_0226128F-57F7-53B0-8163-83E88DDAC4C6

Incident Response Report: TeamCity Compromise CVE-2024-27198 Analyst: Belal Abdelsalam Date: July 2026 Lab/Environment: CyberDefenders JetBrains --...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.4 CVE-2026-53488

containerd CRI plugin: — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull_CVE-2026-53488

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from ...

containerd containerd < 1.7.33 CVE
CRITICAL 9.8 CVE-2026-58449

txtai – Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter_CVE-2026-58449

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolv...

neuml txtai CVE
CRITICAL 9.3 CVE-2026-50003

OFFIS DCMTK Toolkit Path Traversal_CVE-2026-50003

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, ...

OFFIS DICOM DCMTK Toolkit CVE
CRITICAL 9.3 CVE-2026-56700

Grav – Multiple Remote Code Execution Vulnerabilities via Unsafe Unserialize and Command Injection_CVE-2026-56700

Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls - in Scheduler\JobQueue, Framework\...

Grav Grav CVE