Common Vulnerabilities and Exposures (CVE)

CVE-2026-7533

May 28, 2026 05:30:41 UTC

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the `handle_oauth_redirect()` function, which is registere...

CVE-2026-9644

May 28, 2026 05:30:40 UTC

The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmart_widget' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and ou...

CVE-2026-9009

May 28, 2026 05:30:40 UTC

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_content function. This is due to passing the attacker-supplied 'callback...

CVE-2026-3173

May 28, 2026 05:30:39 UTC

The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary object IDs and object types via block att...

CVE-2026-9673

May 28, 2026 05:00:02 UTC

Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are open...

CVE-2026-4802

May 28, 2026 04:48:09 UTC

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An...

CVE-2026-9802

May 28, 2026 04:47:10 UTC

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refre...

CVE-2026-9803

May 28, 2026 04:47:10 UTC

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client regi...

CVE-2026-9801

May 28, 2026 04:42:10 UTC

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could explo...

CVE-2026-42790

May 28, 2026 04:39:17 UTC

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subo...

CVE-2026-9798

May 28, 2026 04:37:09 UTC

A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiate...

CVE-2026-9796

May 28, 2026 04:27:08 UTC

A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can exploit a Time-of-check to time-of-use (TOCTOU) vulnerability in the name-based admin role checks. This allows the attacker to escalate their pr...

CVE-2026-32999

May 28, 2026 04:01:38 UTC

Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices.

CVE-2026-32998

May 28, 2026 04:01:38 UTC

This vulnerability in Veeam Service Provider Console allows for remote code execution.

CVE-2026-32997

May 28, 2026 04:01:37 UTC

A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server.