MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated...
A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. Thi...
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4BJdHYquuxXoz8n0LhMEmm9KPcWcMC57w4LnqbMNCPXMAFdS95ys3zE6F5jZOvSKwsVWp6t3z8pVImRJ3Nv...
HarfBuzz applystch — Integer Overflow → Heap OOB Write Crash harness, trigger font, and browser PoC for the integer overflow in HarfBuzz's applystc...
CVE-2026-43735 WebKit cross-domain information leakage. Safari = 26.5.2: PATCHED NavigateEvent.sourceElement is null...
In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has conne...
The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing ...
The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it crea...
The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning Woo...
The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allow...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.