Threat Intelligence Feed

CVE-2026-53430 Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip CVE-2026-48854 Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers CVE-2026-48853 Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grp HIGH · CVE-2026-48723 The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions pri CVE-2026-48599 Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to acc CVE-2026-12205 Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DS CVE-2026-5064 Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might all CRIT · CVE-2026-48714 i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno CRIT · CVE-2026-48713 Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missi MED · CVE-2026-48157 Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4. HIGH · CVE-2026-48017 DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate CVE-2026-12087 Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the l CVE-2026-11832 Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was genera CRIT · CVE-2026-9691 Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja For CRIT · CVE-2026-52703 Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. HIGH · CVE-2026-52702 Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. HIGH · CVE-2026-52700 Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. HIGH · CVE-2026-52699 Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions. HIGH · CVE-2026-52697 Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. HIGH · CVE-2026-52695 Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. HIGH · CVE-2026-52694 Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. CRIT · CVE-2026-52693 Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. HIGH · CVE-2026-52692 Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. CRIT · CVE-2026-49781 Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. HIGH · CVE-2026-49780 Customer Privilege Escalation in Dokan <= 5.0.2 versions. CRIT · CVE-2026-49776 Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websit MED · CVE-2026-49775 Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions. MED · CVE-2026-49773 Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions. CRIT · CVE-2026-49770 Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. CRIT · CVE-2026-49769 Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions. CRIT · CVE-2026-49768 Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions. CRIT · CVE-2026-49766 Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. CRIT · CVE-2026-49765 Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= CRIT · CVE-2026-49764 Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. CRIT · CVE-2026-49763 Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions. HIGH · CVE-2026-49112 Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions. HIGH · CVE-2026-49110 Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions. CRIT · CVE-2026-49109 Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, N CRIT · CVE-2026-49106 Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions. CRIT · CVE-2026-49105 Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= CVE-2026-53430 Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip CVE-2026-48854 Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers CVE-2026-48853 Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grp HIGH · CVE-2026-48723 The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions pri CVE-2026-48599 Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to acc CVE-2026-12205 Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DS CVE-2026-5064 Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might all CRIT · CVE-2026-48714 i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno CRIT · CVE-2026-48713 Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missi MED · CVE-2026-48157 Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4. HIGH · CVE-2026-48017 DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate CVE-2026-12087 Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the l CVE-2026-11832 Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was genera CRIT · CVE-2026-9691 Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja For CRIT · CVE-2026-52703 Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. HIGH · CVE-2026-52702 Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. HIGH · CVE-2026-52700 Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. HIGH · CVE-2026-52699 Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions. HIGH · CVE-2026-52697 Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. HIGH · CVE-2026-52695 Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. HIGH · CVE-2026-52694 Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. CRIT · CVE-2026-52693 Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. HIGH · CVE-2026-52692 Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. CRIT · CVE-2026-49781 Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. HIGH · CVE-2026-49780 Customer Privilege Escalation in Dokan <= 5.0.2 versions. CRIT · CVE-2026-49776 Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websit MED · CVE-2026-49775 Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions. MED · CVE-2026-49773 Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions. CRIT · CVE-2026-49770 Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. CRIT · CVE-2026-49769 Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions. CRIT · CVE-2026-49768 Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions. CRIT · CVE-2026-49766 Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. CRIT · CVE-2026-49765 Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= CRIT · CVE-2026-49764 Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. CRIT · CVE-2026-49763 Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions. HIGH · CVE-2026-49112 Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions. HIGH · CVE-2026-49110 Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions. CRIT · CVE-2026-49109 Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, N CRIT · CVE-2026-49106 Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions. CRIT · CVE-2026-49105 Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <=