| CVE-2024-23564 |
|
17.07.2026 |
9.1 |
| CVE-2026-15982 |
Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit <= 2.8.4 - Unauthenticated Privilege Escalation via 'aiomatic_call_google_ai_function' |
17.07.2026 |
9.8 |
| CVE-2026-14956 |
Bricksforge <= 3.1.8.6 - Unauthenticated Privilege Escalation via Pro Forms fieldIds Parameter |
17.07.2026 |
9.8 |
| CVE-2026-62232 |
Grav < 2.0.4 2FA Bypass via Secret Regeneration |
17.07.2026 |
9.1 |
| CVE-2026-62241 |
clawvet < 0.7.5 Hard-coded JWT Secret Session Forgery |
17.07.2026 |
9.3 |
| CVE-2026-44181 |
Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection results in Remote Code Execution |
17.07.2026 |
10 |
| CVE-2026-44182 |
Jupyter Enterprise Gateway Has Kubernetes Manifest Injection via Jinja2 Template Rendering |
17.07.2026 |
10 |
| CVE-2026-44180 |
Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids can be Bypassed |
17.07.2026 |
9.8 |
| CVE-2026-53412 |
Zoom Workplace VDI Plugin for Windows - Improper Input Validation |
17.07.2026 |
9.8 |
| CVE-2026-15422 |
SCTP needs to better-check INIT ACK chunk parameters |
17.07.2026 |
9.1 |
| CVE-2026-63089 |
WireGuard Easy Weak Token Generation Information Disclosure via OTL Route |
16.07.2026 |
9 |
| CVE-2026-46512 |
Frogman: Dialplan template parameters interpolated into extensions_custom.conf without escaping |
16.07.2026 |
9.9 |
| CVE-2026-46515 |
Frogman: Multiple read-tier tools expose admin-grade data and arbitrary GraphQL execution |
16.07.2026 |
9.3 |
| CVE-2026-45336 |
HireFlow: Use of Hard-coded Credentials |
16.07.2026 |
10 |
| CVE-2026-45568 |
zrok Python ProxyShare can be used as an SSRF proxy through absolute URL paths |
17.07.2026 |
9.9 |
| CVE-2026-44632 |
Yamcs: Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory` |
16.07.2026 |
9.1 |
| CVE-2026-46562 |
Yamcs: Remote Code Execution via Mission Database algorithm override |
16.07.2026 |
9.8 |
| CVE-2026-46621 |
Yamcs: Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection |
16.07.2026 |
9.1 |
| CVE-2026-63087 |
Grafana OnCall 1.16.11 Unauthenticated Token Hijack via Plugin Install Endpoint |
17.07.2026 |
9.3 |
| CVE-2026-45695 |
Kopia: Unauthenticated RCE via SSH ProxyCommand Injection when --insecure --without-password is used |
16.07.2026 |
9.8 |
| CVE-2026-54733 |
moodle-local_o365: Authentication bypass via unverified JWT signature in Teams SSO endpoint |
16.07.2026 |
9.3 |
| CVE-2026-59864 |
Kiota: Path/URL injection into generated Copilot plugin manifest via x-ai-* extensions |
17.07.2026 |
9.3 |
| CVE-2026-59865 |
Kiota: Command injection via x-ms-kiota-info dependencyInstallCommand surfaced by `kiota info` |
17.07.2026 |
9.3 |
| CVE-2026-59866 |
Kiota: Arbitrary file write + code-injection via x-ms-kiota-info clientClassName and clientNamespaceName |
17.07.2026 |
9.3 |
| CVE-2026-11386 |
ubuntu-pro-client Input Validation Vulnerability Leading to Arbitrary APT Directive Injection and Remote Code Execution |
16.07.2026 |
9 |
| CVE-2026-63304 |
AVideo through 29.0 OS Command Injection via listFFmpegProcesses |
16.07.2026 |
9.2 |
| CVE-2026-63305 |
AVideo through 29.0 OS Command Injection via ffmpeg.json.php |
17.07.2026 |
9.2 |
| CVE-2026-63306 |
stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints |
16.07.2026 |
9.2 |
| CVE-2023-49899 |
Origin Validation Error in X-Rite MA-T6 |
16.07.2026 |
9.8 |
| CVE-2023-49900 |
Origin Validation Error in X-Rite MA-T6 |
16.07.2026 |
9.8 |
| CVE-2026-22752 |
Spring Security Authorization Server Dynamic Client Registration endpoints perform insufficient validation of client metadata |
16.07.2026 |
9.6 |
| CVE-2026-15925 |
Improper TLS Hostname Verification in Snowflake Connector for Python |
16.07.2026 |
9.2 |
| CVE-2026-15013 |
SAML Single Sign On <= 5.4.3 - Unauthenticated Authentication Bypass via 'SAMLResponse' Parameter Signature Algorithm Confusion |
16.07.2026 |
9.8 |
| CVE-2026-54458 |
AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPTSocket Plugin |
16.07.2026 |
9.6 |
| CVE-2026-55445 |
Qinglong: Incomplete fix for CVE-2026-3965: Improper Authentication |
15.07.2026 |
9.3 |
| CVE-2026-52891 |
Wekan: Shell Injection via Avatar Upload |
15.07.2026 |
9.9 |
| CVE-2026-52893 |
Wekan: OIDC Account Takeover via Unconditional Email-Based Account Merge in onCreateUser hook |
15.07.2026 |
9.2 |
| CVE-2026-55652 |
Wekan: Header-login IP allowlist bypass via X-Forwarded-For spoofing in Wekan allows unauthenticated full account takeover (incl. admin) |
17.07.2026 |
9.8 |
| CVE-2026-46339 |
9Router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes |
16.07.2026 |
10 |
| CVE-2026-49352 |
9Router: Hardcoded Default fallback JWT Secret Allows Authentication Bypass |
16.07.2026 |
9.8 |
| CVE-2026-54052 |
n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments |
15.07.2026 |
9.9 |
| CVE-2026-52887 |
NocoBase: SQL injection in /api/myInAppChannels:list filter to PG-superuser RCE |
15.07.2026 |
10 |
| CVE-2026-45534 |
DataEase: RCE Vulnerability |
16.07.2026 |
9 |
| CVE-2026-46684 |
DataEase: Unauthorized Command Execution Vulnerability |
15.07.2026 |
9.5 |
| CVE-2026-49445 |
Cilium: Sensitive information disclosure and cluster disruption via local Envoy admin socket access |
16.07.2026 |
9.2 |
| CVE-2026-46421 |
Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service) |
15.07.2026 |
9.3 |
| CVE-2026-62948 |
OpenWrt odhcpd/LuCI: unauthenticated DHCPv6 client can inject lease-file lines via FQDN hostname → stored XSS in the LuCI admin UI |
15.07.2026 |
9.6 |
| CVE-2026-50562 |
FastGPT: Untrusted PR artifacts are pushed and deployed by privileged preview workflows |
15.07.2026 |
9.3 |
| CVE-2026-53512 |
Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins |
15.07.2026 |
9.1 |
| CVE-2026-53513 |
Better Auth: Server-side request forgery via unvalidated OIDC endpoints on @better-auth/sso provider registration |
15.07.2026 |
9.6 |
| CVE-2026-62378 |
RustFS Console: Critical Stored XSS in Preview Modal leading to Administrative Account Takeover |
16.07.2026 |
9 |
| CVE-2026-52842 |
Lightpanda:URL parser misidentifies page origin for URLs containing @ in the path - Same-Origin Policy bypass |
15.07.2026 |
9.3 |
| CVE-2026-52843 |
Lightpanda: fetch() and XMLHttpRequest attach session cookies to cross-origin requests regardless of credentials mode |
15.07.2026 |
9.3 |
| CVE-2026-44986 |
Penpot: Pre-authenticated account takeover via team-invitation token + prepare-register-profile |
15.07.2026 |
9.9 |
| CVE-2026-50148 |
Metabase: Remote Code Execution via Snowflake JDBC Driver Arbitrary File Write |
15.07.2026 |
10 |
| CVE-2026-42533 |
NGINX Map directive and Regex matching vulnerability |
16.07.2026 |
9.2 |
| CVE-2026-61736 |
LightRAG: CORS Wildcard + Credentials Enables Any-Origin Credentialed Requests |
15.07.2026 |
9.3 |
| CVE-2026-61740 |
LightRAG: Authentication bypass: hardcoded DEFAULT_TOKEN_SECRET and public /auth-status defeat LIGHTRAG_API_KEY protection |
15.07.2026 |
9.3 |
| CVE-2026-56400 |
open-webui - Remote Code Execution via CORS Misconfiguration and Session Validation |
15.07.2026 |
9 |
| CVE-2026-56699 |
Wazuh Manager - NDJSON Injection in inventory_sync via Agent-Controlled DataValue.index |
15.07.2026 |
10 |
| CVE-2026-61451 |
Grav before 1.0.4 Password Reset Token Poisoning via admin_base_url |
15.07.2026 |
9.4 |
| CVE-2026-13385 |
|
16.07.2026 |
9.5 |
| CVE-2026-45363 |
`jwt` (Ruby gem) - empty-key HMAC bypass |
15.07.2026 |
9.1 |
| CVE-2026-48334 |
Illustrator | Improper Input Validation (CWE-20) |
15.07.2026 |
9.3 |
| CVE-2026-48284 |
ColdFusion | Improper Input Validation (CWE-20) |
15.07.2026 |
9.6 |
| CVE-2026-48318 |
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
15.07.2026 |
9.9 |
| CVE-2026-48319 |
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
15.07.2026 |
9.1 |
| CVE-2026-48321 |
ColdFusion | Incorrect Authorization (CWE-863) |
16.07.2026 |
9.3 |
| CVE-2026-48322 |
ColdFusion | Improper Control of Generation of Code ('Code Injection') (CWE-94) |
15.07.2026 |
9.6 |
| CVE-2026-48324 |
ColdFusion | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) |
15.07.2026 |
9.1 |
| CVE-2026-48325 |
ColdFusion | Missing Authentication for Critical Function (CWE-306) |
15.07.2026 |
9.3 |
| CVE-2026-48327 |
ColdFusion | Incorrect Authorization (CWE-863) |
15.07.2026 |
9 |
| CVE-2026-15643 |
AWS HealthLake MCP Server SSRF via Pagination URL |
15.07.2026 |
9.2 |
| CVE-2026-53486 |
decompress: Archive extraction can create files and links outside the target directory |
15.07.2026 |
9.1 |
| CVE-2026-13001 |
Podlove Podcast Publisher <= 4.5.1 - Unauthenticated Arbitrary File Upload via podlove_image_cache_url Parameter |
14.07.2026 |
9.8 |
| CVE-2026-47428 |
Vitest browser mode serves unsanitized otelCarrier query parameter as inline script |
15.07.2026 |
9.6 |
| CVE-2026-48356 |
Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434) |
15.07.2026 |
9.6 |
| CVE-2026-48358 |
Adobe Commerce | Improper Encoding or Escaping of Output (CWE-116) |
15.07.2026 |
9.1 |
| CVE-2026-53633 |
Vitest: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE |
16.07.2026 |
9.8 |
| CVE-2026-47429 |
Vitest: Arbitrary file can be read and executed when Vitest UI server is listening |
14.07.2026 |
9.8 |
| CVE-2026-48259 |
Adobe Experience Manager | Server-Side Request Forgery (SSRF) (CWE-918) |
15.07.2026 |
9.6 |
| CVE-2026-48359 |
Adobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) |
15.07.2026 |
9.6 |
| CVE-2026-45063 |
Symfony: Identity Spoofing via Unanchored DN Regex in X509Authenticator |
14.07.2026 |
9.1 |
| CVE-2026-50380 |
Windows GDI+ Remote Code Execution Vulnerability |
16.07.2026 |
9.6 |
| CVE-2026-50447 |
Windows Message Queuing Service (MSMQ) Remote Code Execution Vulnerability |
16.07.2026 |
9.8 |
| CVE-2026-50518 |
Windows DHCP Server Remote Code Execution Vulnerability |
16.07.2026 |
9.8 |
| CVE-2026-55010 |
Minecraft Bedrock Dedicated Server Remote Code Execution Vulnerability |
16.07.2026 |
9.8 |
| CVE-2026-55040 |
Microsoft SharePoint Server Security Feature Bypass Vulnerability |
16.07.2026 |
9.1 |
| CVE-2026-55944 |
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability |
16.07.2026 |
9.8 |
| CVE-2026-56159 |
DHCP Server Service Remote Code Execution Vulnerability |
16.07.2026 |
9.8 |
| CVE-2026-56188 |
Windows Server Network driver Remote Code Execution Vulnerability |
16.07.2026 |
9.8 |
| CVE-2026-56190 |
Remote Desktop Protocol Remote Code Execution Vulnerability |
16.07.2026 |
9.8 |
| CVE-2026-57092 |
Microsoft Windows VMSwitch Elevation of Privilege Vulnerability |
16.07.2026 |
9.9 |
| CVE-2026-42990 |
SQL Server ODBC driver Elevation of Privilege Vulnerability |
16.07.2026 |
9.8 |
| CVE-2026-48561 |
Microsoft Copilot Remote Code Execution Vulnerability |
16.07.2026 |
9.6 |
| CVE-2026-49172 |
Windows FTP Service Remote Code Execution Vulnerability |
16.07.2026 |
9.8 |
| CVE-2026-49798 |
Windows Kernel Elevation of Privilege Vulnerability |
16.07.2026 |
9.3 |
| CVE-2026-50522 |
Microsoft SharePoint Remote Code Execution Vulnerability |
16.07.2026 |
9.8 |
| CVE-2026-54990 |
Remote Desktop Client Remote Code Execution Vulnerability |
16.07.2026 |
9.8 |
| CVE-2026-55008 |
Microsoft Exchange Server Spoofing Vulnerability |
16.07.2026 |
9.6 |
| CVE-2026-58644 |
Microsoft SharePoint Remote Code Execution Vulnerability |
17.07.2026 |
9.8 |
| CVE-2026-59891 |
Credential confusion in @sigstore/oci can leak registry credentials to an attacker-controlled registry |
14.07.2026 |
9.6 |
| CVE-2026-15701 |
Totolink NR1800X lighttpd formLogout.htm Form_Logout stack-based overflow |
15.07.2026 |
9.3 |
| CVE-2025-11698 |
CompactLogix ®, ControlLogix ®, Compact GuardLogix ® and GuardLogix ® Buffer Overflow |
14.07.2026 |
9.2 |
| CVE-2026-55954 |
Missing ID token claim validation in ueberauth_apple allows account takeover |
15.07.2026 |
9.1 |
| CVE-2025-12011 |
CompactLogix ®, ControlLogix ®, Compact GuardLogix ® and GuardLogix ® Buffer Overflow |
14.07.2026 |
9.2 |
| CVE-2025-12012 |
CompactLogix ®, ControlLogix ®, Compact GuardLogix ® and GuardLogix ® Buffer Overflow |
14.07.2026 |
9.2 |
| CVE-2026-15265 |
Tenable Agent Path Traversal Leading to Remote Code Execution |
14.07.2026 |
9.3 |
| CVE-2026-58479 |
Sustainable Irrigation Platform 5.2.16 RCE via cli_control Plugin Command Injection |
14.07.2026 |
9.2 |
| CVE-2026-10577 |
Rockwell Automation 1715 Redundant IO – Access Control Vulnerability |
14.07.2026 |
10 |
| CVE-2026-62422 |
|
15.07.2026 |
10 |
| CVE-2026-56451 |
|
14.07.2026 |
10 |
| CVE-2026-15183 |
Input Validation Vulnerabilities in Snowflake Spark Connector |
14.07.2026 |
9.2 |
| CVE-2026-57898 |
|
14.07.2026 |
9 |
| CVE-2026-27690 |
HTTP Request Smuggling in SAP Approuter |
14.07.2026 |
9.1 |
| CVE-2026-44747 |
Memory Corruption vulnerability in SAP NetWeaver Application Server ABAP |
15.07.2026 |
9.9 |
| CVE-2026-44761 |
Insecure Sample Credentials in SAP Commerce Cloud |
15.07.2026 |
9.1 |
| CVE-2026-59801 |
9Router 0.4.41 - Unauthenticated API Exposure via /api/providers |
14.07.2026 |
9.3 |
| CVE-2026-62327 |
9Router 0.4.41 - Unauthenticated API Key Exposure via /api/usage/stats |
14.07.2026 |
9.3 |
| CVE-2026-58409 |
ChurchCRM: Authenticated Remote Code Execution (RCE) via Malicious Plugin Upload |
14.07.2026 |
9.1 |
| CVE-2026-6875 |
Sandbox Escape in ServiceNow AI Platform |
14.07.2026 |
9.5 |
| CVE-2026-61462 |
mcp-gitlab Path Traversal via job_id Parameter |
13.07.2026 |
9.2 |
| CVE-2026-61500 |
Rejetto HFS < 3.2.1 Session Forgery via Predictable Signing Key |
15.07.2026 |
9.3 |
| CVE-2026-60121 |
Vitec Flamingo 4.12.2 Unauthenticated OS Command Injection via ping.php |
13.07.2026 |
9.3 |
| CVE-2026-61498 |
Vitec Flamingo 4.12.2 Unauthenticated OS Command Injection via gen_graphs.php |
14.07.2026 |
9.3 |
| CVE-2026-6847 |
Unauthenticated Remote Code Execution in ThemisNETPanel |
14.07.2026 |
9.3 |
| CVE-2026-12257 |
Remote code execution in Mura Software’s CMS |
13.07.2026 |
9.3 |
| CVE-2026-14934 |
Cross-Tenant Repository Takeover via Improper Access Control in BigQuery, Dataform and Colab Enterprise |
13.07.2026 |
9.4 |
| CVE-2026-13014 |
Remote Code Execution vulnerability in "Suspicious" application |
13.07.2026 |
9.2 |
| CVE-2026-22093 |
Adversary-in-the-Middle (AitM) attack vulnerability in EVbee Service app |
16.07.2026 |
9.5 |
| CVE-2026-22095 |
Command injection in diagnosis web endpoint |
16.07.2026 |
9.3 |
| CVE-2026-22096 |
Missing authentication for webserver endpoints |
16.07.2026 |
9.3 |
| CVE-2026-22097 |
Missing firmware validation allows remote code execution |
16.07.2026 |
9.3 |
| CVE-2026-22098 |
Sensitive information is written to logs |
16.07.2026 |
9.2 |
| CVE-2026-22102 |
Arbitrary file overwrite through certificate update functionality |
16.07.2026 |
9.3 |
| CVE-2026-22103 |
Command injection in NPC start web endpoint |
16.07.2026 |
9.3 |
| CVE-2026-57401 |
WordPress SureDash plugin <= 1.8.0 - Arbitrary File Deletion vulnerability |
13.07.2026 |
9.9 |
| CVE-2026-57702 |
WordPress Amelia plugin <= 2.4.2 - SQL Injection vulnerability |
13.07.2026 |
9.3 |
| CVE-2026-57707 |
WordPress Simple Business Directory Pro plugin <= 15.9.4 - SQL Injection vulnerability |
13.07.2026 |
9.3 |
| CVE-2026-57710 |
WordPress WoowBot Pro Max plugin <= 14.1.7 - Arbitrary File Upload vulnerability |
13.07.2026 |
9.9 |
| CVE-2026-57714 |
WordPress LatePoint plugin <= 5.6.3 - SQL Injection vulnerability |
13.07.2026 |
9.3 |
| CVE-2026-57719 |
WordPress Aimogen Pro plugin <= 2.8.3 - Arbitrary File Upload vulnerability |
13.07.2026 |
10 |
| CVE-2026-57724 |
WordPress Kirki plugin <= 6.0.12 - PHP Object Injection vulnerability |
13.07.2026 |
9.8 |
| CVE-2026-57726 |
WordPress Kirki plugin <= 6.0.12 - SQL Injection vulnerability |
13.07.2026 |
9.3 |
| CVE-2026-57738 |
WordPress 777 theme <= 1.13.0 - PHP Object Injection vulnerability |
13.07.2026 |
9.8 |
| CVE-2026-57739 |
WordPress AcyMailing SMTP Newsletter plugin <= 10.11.0 - SQL Injection vulnerability |
13.07.2026 |
9.3 |
| CVE-2026-57744 |
WordPress RT-Theme 18 | Extensions plugin <= 2.5 - PHP Object Injection vulnerability |
13.07.2026 |
9.8 |
| CVE-2026-57770 |
WordPress Grand Photography theme <= 5.7.8 - PHP Object Injection vulnerability |
13.07.2026 |
9.8 |
| CVE-2026-57811 |
WordPress Realtyna Organic IDX plugin plugin <= 5.2.0 - Remote Code Execution (RCE) vulnerability |
13.07.2026 |
10 |
| CVE-2026-57813 |
WordPress MailOptin plugin <= 1.2.77.3 - Privilege Escalation vulnerability |
13.07.2026 |
9.8 |
| CVE-2026-59515 |
WordPress AIWU plugin <= 1.5.4 - SQL Injection vulnerability |
13.07.2026 |
9.3 |
| CVE-2026-59518 |
WordPress Directorist plugin <= 8.8.2 - PHP Object Injection vulnerability |
13.07.2026 |
9.8 |
| CVE-2026-14453 |
A user with low privileges can inject SSTI templates that can lead to RCE in open-tickets |
13.07.2026 |
9.6 |
| CVE-2026-4769 |
Unauthenticated Access to Internal Diagnostic Interface |
13.07.2026 |
9.3 |
| CVE-2026-15511 |
Comfast CF-WR631AX V3 FastCGI Backend webmgnt system_wl_upload_pic_file os command injection |
14.07.2026 |
9.3 |
| CVE-2026-56271 |
Flowise - Weak Default JWT Secrets in Authentication Middleware |
13.07.2026 |
9.3 |
| CVE-2026-61876 |
LuCI DHCPv6 Lease Hostname Stored Cross-Site Scripting |
14.07.2026 |
9.4 |
| CVE-2026-60090 |
PraisonAI before 4.6.78 SQL/CQL Injection via vector dimension |
14.07.2026 |
9.3 |
| CVE-2026-61445 |
PraisonAI before 4.6.78 Arbitrary File Write and Command Execution |
14.07.2026 |
9.4 |
| CVE-2026-61447 |
PraisonAI before 1.6.78 Remote Code Execution via CodeAgent |
13.07.2026 |
10 |
| CVE-2026-57827 |
Joomla Extension - rsjoomla.com - Unauthenticated file upload in RSFiles component < 1.17.12 |
15.07.2026 |
10 |
| CVE-2026-57828 |
Joomla Extension - phoca.cz - Authenticated file upload in RSFiles component < 6.1.3 |
15.07.2026 |
9 |
| CVE-2026-20744 |
Hydro-Québec Le Circuit Electrique charging station backend Improper Access Control |
14.07.2026 |
9.3 |
| CVE-2026-55884 |
Tilt: Missing authentication on the network-exposed Tilt HUD server |
15.07.2026 |
9.2 |
| CVE-2026-55879 |
OpenReplay: Unauthenticated stored XSS leads to dashboard account takeover |
13.07.2026 |
9.3 |
| CVE-2026-12761 |
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.7.0 - Unauthenticated Authentication Bypass to Administrator Account Takeover via Profile Completion OTP Flow |
13.07.2026 |
9.8 |
| CVE-2026-57807 |
WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 38.5.8 - Broken Authentication vulnerability |
13.07.2026 |
9.8 |