Threat Intelligence Feed

CVE-2026-25608 STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middl CVE-2026-25607 Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzin CVE-2026-25606 A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multip HIGH · CVE-2026-9011 The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in al MED · CVE-2026-8692 The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to MED · CVE-2026-8684 The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and includ HIGH · CVE-2026-8679 The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including MED · CVE-2026-8381 A broken access control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain bac MED · CVE-2026-7798 The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin f MED · CVE-2026-7636 The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Informat MED · CVE-2026-7615 The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including CVE-2026-5072 A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potenti MED · CVE-2026-9104 The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up HIGH · CVE-2026-9018 The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation MED · CVE-2026-7509 The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `the-subtitle` short MED · CVE-2026-7249 The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability c MED · CVE-2026-6864 The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' param MED · CVE-2026-4070 The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and incl MED · CVE-2026-44409 There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control m MED · CVE-2026-3481 The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in al MED · CVE-2026-2518 The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing ca CVE-2026-9054 An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel p CVE-2026-9053 Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website wi HIGH · CVE-2026-4834 The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in all versions up to, CVE-2026-46598 For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when CVE-2026-46597 An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafte CVE-2026-46595 Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of cal CVE-2026-42508 Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and CVE-2026-39835 SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be c CVE-2026-39834 When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload CVE-2026-39833 The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enf CVE-2026-39832 When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serializ CVE-2026-39831 The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did CVE-2026-39830 A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection CVE-2026-39829 The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessive CVE-2026-39828 When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were CVE-2026-39827 An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory gr CVE-2026-9264 A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution an HIGH · CVE-2026-34911 A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in Un CRIT · CVE-2026-34910 A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS CVE-2026-25608 STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middl CVE-2026-25607 Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzin CVE-2026-25606 A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multip HIGH · CVE-2026-9011 The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in al MED · CVE-2026-8692 The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to MED · CVE-2026-8684 The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and includ HIGH · CVE-2026-8679 The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including MED · CVE-2026-8381 A broken access control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain bac MED · CVE-2026-7798 The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin f MED · CVE-2026-7636 The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Informat MED · CVE-2026-7615 The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including CVE-2026-5072 A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potenti MED · CVE-2026-9104 The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up HIGH · CVE-2026-9018 The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation MED · CVE-2026-7509 The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `the-subtitle` short MED · CVE-2026-7249 The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability c MED · CVE-2026-6864 The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' param MED · CVE-2026-4070 The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and incl MED · CVE-2026-44409 There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control m MED · CVE-2026-3481 The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in al MED · CVE-2026-2518 The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing ca CVE-2026-9054 An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel p CVE-2026-9053 Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website wi HIGH · CVE-2026-4834 The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in all versions up to, CVE-2026-46598 For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when CVE-2026-46597 An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafte CVE-2026-46595 Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of cal CVE-2026-42508 Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and CVE-2026-39835 SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be c CVE-2026-39834 When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload CVE-2026-39833 The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enf CVE-2026-39832 When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serializ CVE-2026-39831 The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did CVE-2026-39830 A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection CVE-2026-39829 The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessive CVE-2026-39828 When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were CVE-2026-39827 An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory gr CVE-2026-9264 A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution an HIGH · CVE-2026-34911 A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in Un CRIT · CVE-2026-34910 A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS