Tag
#Vulnerability
Critical Vulnerability in User Registration & Membership WordPress Plugin Allows Unauthorized Role Elevation
A high-severity vulnerability (CVE-2026-11963, CVSS 8.1) exists in the User Registration & Membership WordPress plugin prior to version 5.2.2. This flaw allows any authenticated user, including subscribers, to change another user's WordPress role and membership tier without proper authorization. The vulnerability has not been actively exploited but poses a significant risk due to its ease of exploitation and potential impact.
Critical Vulnerability in OpenStack Ironic: CVE-2026-54423
A critical vulnerability (CVE-2026-54423) has been discovered in OpenStack Ironic, allowing an authenticated user to send arbitrary IPMI commands to a node, bypassing access control. This vulnerability has a CVSS score of 8.2 and affects multiple versions of OpenStack Ironic. Immediate patching is recommended to prevent potential exploitation.
Critical RCE Vulnerability in Xerte Online Tools (CVE-2026-12116)
A critical vulnerability (CVE-2026-12116) with a CVSS score of 9.8 has been discovered in Xerte Online Tools, allowing for remote code execution (RCE) through manipulation of the antivirus binary path in the tools server settings. This vulnerability affects versions prior to v3.15.5 and 3.14.6. Immediate patching is recommended to prevent potential exploitation.
Critical Heap Buffer Overflow Vulnerability in X.Org xorg-server and xwayland
A critical vulnerability, CVE-2026-55999, with a CVSS score of 8.5, was discovered in X.Org's xorg-server and xwayland. Local attackers with an X connection can exploit this vulnerability to cause a heap buffer overflow via SetFont due to missing glyph boundary checks. Affected versions include xorg-server before 21.2.24 and xwayland before 24.1.13.
Understanding CVE-2026-22555: Unauthorized Repository Forking in Gitea
CVE-2026-22555 is a high-severity vulnerability in Gitea, a popular open-source Git server, that allows API users to fork a repository into an organization without proper authorization. This can lead to exposure of organization secrets. The vulnerability has a CVSS score of 8.1 and affects Gitea versions before 1.26.0.
GeoWebPlayer Vulnerability: CVE-2026-57264
A high-severity vulnerability (CVSS 8.3) exists in GeoWebPlayer, an addon for GeoVision software, allowing for out-of-bound access to arrays via a websocket server command. This could lead to arbitrary code execution. Affected versions include V1.1.1.0 on Windows and 64-bit platforms.
Apify Model Context Protocol (MCP) Server: Actor MCP Path Authority Injection Leaks Apify Token
A vulnerability in `@apify/actors-mcp-server` version `0.10.7` allows an attacker to inject a malicious `webServerMcpPath` value, causing the MCP client to exfiltrate the victim's Apify API token to the attacker's server. This is a Server-Side Request Forgery (SSRF) / URL authority injection vulnerability with a CVSS Base Score of 8.1 (High).
Rancher Vulnerable to Command Injection via Unsanitized YAML Parameter (CVE-2026-44939)
A critical command injection vulnerability (CVE-2026-44939, CVSS 9.4) has been identified in Rancher Manager's cluster import endpoint. An attacker can exploit this flaw by injecting malicious YAML configurations, potentially achieving full control over downstream Kubernetes clusters. Affected versions of Rancher must be updated to patched releases to mitigate this vulnerability.
CVE-2026-11590: WP Support Plus Responsive Ticket System SQL Injection Vulnerability
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 is vulnerable to SQL injection attacks. An unauthenticated attacker can exploit this vulnerability to perform malicious SQL queries. The vulnerability has a CVSS score of 8.6, indicating high severity.
Critical Authentication Bypass Vulnerability in Rancher GitHub Authentication Provider (CVE-2026-41053)
A critical vulnerability (CVE-2026-41053) with a CVSS score of 8.8 was discovered in the Rancher GitHub authentication provider. This vulnerability allows for incorrect authentication caching, granting principal access to any logged-in user. Affected versions include Rancher 2.13 before 2.13.6 and 2.14 before 2.14.2. Organizations are urged to upgrade to patched versions immediately to prevent potential authentication bypass attacks.
Open Memory Protocol Vulnerability Under Scrutiny
A potential vulnerability in the Open Memory Protocol, used by AI models like Claude, ChatGPT, and Curso, has been identified. Although actively exploited, the severity and impact are still being assessed. Security professionals should investigate and apply necessary mitigations.
Memory Safe Context Switching Vulnerability in Fil-C
A vulnerability in Fil-C's context switching mechanism using longjmp and setjmp has been disclosed. This issue relates to memory safety and could potentially lead to security problems if not properly addressed. The vulnerability is not currently being actively exploited. Organizations using Fil-C should review their configurations and update to patched versions if available.
Information Exposure Vulnerability in Hitachi Storage Navigator (CVE-2025-7386)
A vulnerability in Hitachi Storage Navigator, tracked as CVE-2025-7386, exposes sensitive information. This medium-severity vulnerability affects various Hitachi Virtual Storage Platform models and versions. Administrators should update to the specified versions to mitigate this vulnerability.
CVE-2026-3462: Frisbii Pay Plugin for WordPress Vulnerability
The Frisbii Pay plugin for WordPress has a vulnerability (CVE-2026-3462) that allows authenticated attackers with Subscriber-level access to modify data by uploading arbitrary CSV files. This vulnerability has a CVSS score of 6.5 and affects all versions up to 1.8.9. To mitigate, update the plugin to a patched version.
CVE-2026-2053: WSO2 API Manager WS-Addressing Header Manipulation Vulnerability
A critical vulnerability (CVE-2026-2053) in WSO2 API Manager's message flow component allows unauthenticated attackers to manipulate WS-Addressing headers, potentially leading to unauthorized access to internal network resources. The vulnerability has a CVSS score of 8.3 and is considered high severity. Affected versions include WSO2 API Manager 3.1.0 to 4.2.0. Immediate patching is recommended.
Critical IDOR Vulnerability in Langflow: CVE-2026-33760
A critical IDOR (Insecure Direct Object Reference) vulnerability, CVE-2026-33760, with a CVSS score of 8.8, was discovered in Langflow, a tool for building and deploying AI-powered agents and workflows. This vulnerability allows any authenticated user to read, modify, or permanently delete another user's data by supplying the target's resource ID or flow_id. The vulnerability is fixed in Langflow version 1.9.0. Organizations using Langflow should immediately upgrade to version 1.9.0 or later to mitigate this vulnerability.
Anthropic's Fable 5 Model Vulnerability
Anthropic's Fable 5 model, designed to be a safe version of Mythos Preview with guardrails against creating cyberattacks, was jailbroken within days of its release. This incident indicates a potential vulnerability in the model's security measures. Security professionals should assess and enhance the model's guardrails.
CVE-2026-42129: Grafana Loki Datasource Plugin Path Traversal Vulnerability
A path traversal vulnerability in the Grafana Loki datasource plugin allows an authenticated Viewer-role user to access administrative Loki endpoints and extract sensitive backend configuration and internal service information. This vulnerability has a CVSS score of 7.7 and is considered HIGH severity. Affected users should update Grafana OSS to a patched version.
Critical Remote Code Execution Vulnerability in Prefect: CVE-2026-5366
A critical vulnerability (CVE-2026-5366, CVSS 9.9) in Prefect version 3.6.23 allows remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. Any user with deployment creation permissions can exploit this flaw to execute arbitrary commands on worker machines, compromising shared work pools in multi-tenant environments. Immediate action is required to mitigate this vulnerability.
Cross-Site Scripting Vulnerability in Flowise Before 3.0.8
A cross-site scripting (XSS) vulnerability exists in Flowise before version 3.0.8, caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript, enabling theft of cookies and session data. Users of Flowise should update to version 3.0.8 or later.
Uni-CLI Vulnerability: Legacy HTTP MCP Transport Accepts Browser-Originated Localhost Requests
A vulnerability in Uni-CLI versions before 0.225.2 allows a malicious web page to send CORS simple POST requests to the local /mcp endpoint, potentially driving tools/call requests against the user's local Uni-CLI server. The issue has a CVSS score of 8.6 and is classified as high severity. To mitigate, upgrade to version 0.225.2 or later.
Lokka Azure Resource Manager URL Path Validation Issue: Critical SSRF Vulnerability
A critical Server-Side Request Forgery (SSRF) vulnerability was discovered in Lokka versions prior to 2.1.2. The issue allows attackers to craft malicious URLs that can alter Azure Resource Manager bearer token transmission, potentially leading to unauthorized access. The vulnerability has a CVSS score of 8.7 and is categorized under CWE-918. Immediate patching to version 2.1.2 or later is strongly recommended.
Critical Vulnerability in Apple Beats Studio Buds: CVE-2025-20701
A security vulnerability, CVE-2025-20701, has been discovered in Apple Beats Studio Buds by researchers Dennis Heinze and Frieder Steinmetz of ERNW GmbH. This vulnerability has been patched by Apple, but details about its nature and impact are still emerging. Organizations using Beats Studio Buds should apply the security update immediately to mitigate potential risks. The vulnerability's severity and exploitability are currently being assessed.
Understanding and Mitigating Stored XSS in n8n's Chat Trigger Node
A stored XSS vulnerability was discovered in n8n's Chat Trigger Node, allowing authenticated users with workflow edit access to inject arbitrary JavaScript. This could lead to code execution with the privileges of a logged-in user. The vulnerability has been patched in several n8n versions.
n8n Microsoft SQL Node Vulnerability Allows Prototype Pollution
A vulnerability in the Microsoft SQL node of n8n allows authenticated users to achieve global prototype pollution, rendering the n8n instance non-functional. The issue has been fixed in n8n version 2.24.0.
Understanding the Radius Controller Vulnerability: Preventing Cross-Tenant Resource Deletion
A configuration-validation issue in the Radius Kubernetes controller can cause it to delete a container resource via an injected Deployment annotation. This vulnerability, known as the 'Confused Deputy' pattern, can have significant impacts in multi-tenant installations.
PDM Vulnerability Allows Arbitrary Code Execution
A vulnerability in PDM (Python package manager) allows arbitrary code execution with the privileges of the user running `pdm` from an untrusted repository checkout.
Siemens KACO Blueplanet Inverters Contain Multiple Vulnerabilities
Multiple vulnerabilities in Siemens KACO Blueplanet Inverters could allow an attacker to derive credentials from the device's serial number and gain unauthorized access.
Understanding the Netty QUIC Token Handler Vulnerability
A vulnerability in Netty's default QUIC token handler allows an attacker to bypass anti-amplification limits, potentially leading to denial-of-service attacks. The issue arises from the token handler's improper validation of client-supplied tokens.
Netty SNI Handler Vulnerability Allows for Large Memory Allocation
A vulnerability in Netty's SNI handler allows for large memory allocation from a small amount of attacker-controlled data, potentially leading to a denial-of-service attack.