CVE ID :CVE-2026-9312 Published : May 27, 2026, 12:16 a.m. | 50 minutes ago Description :A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to…
CVE-2026-5260 – Gnutls: gnutls: information disclosure via heap overread in rsa key exchange
CVE ID :CVE-2026-5260 Published : May 26, 2026, 10:16 p.m. | 2 hours, 50 minutes ago Description :A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during…
CVE-2026-45574 – epa4all-client: TLS Certificate Validation Disabled in Production
CVE ID :CVE-2026-45574 Published : May 26, 2026, 10:16 p.m. | 2 hours, 50 minutes ago Description :epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2,…
CVE-2026-45298 – Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)
CVE ID :CVE-2026-45298 Published : May 26, 2026, 10:16 p.m. | 2 hours, 50 minutes ago Description :Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy…
CVE-2026-44985 – Dozzle: Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpoints bypasses authentication
CVE ID :CVE-2026-44985 Published : May 26, 2026, 10:16 p.m. | 2 hours, 50 minutes ago Description :Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the…
CVE-2026-42773 – WordPress eMagicOne Store Manager plugin <= 1.3.2 – SQL Injection vulnerability
CVE ID :CVE-2026-42773 Published : May 25, 2026, 10:35 p.m. | 2 hours, 31 minutes ago Description :Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in eMagicOne eMagicOne Store…
CVE-2026-42774 – WordPress JetEngine plugin <= 3.8.8.1 – SQL Injection vulnerability
CVE ID :CVE-2026-42774 Published : May 25, 2026, 10:34 p.m. | 2 hours, 32 minutes ago Description :Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Crocoblock JetEngine allows…
CVE-2026-45216 – WordPress Smart Manager plugin <= 8.85.0 – Privilege Escalation vulnerability
CVE ID :CVE-2026-45216 Published : May 25, 2026, 10:30 p.m. | 2 hours, 36 minutes ago Description :Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from…
CVE-2026-48837 – WordPress Unlimited Elements For Elementor plugin <= 2.0.8 – SQL Injection vulnerability
CVE ID :CVE-2026-48837 Published : May 25, 2026, 10:05 p.m. | 3 hours, 1 minute ago Description :Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Unlimited Elements For…
CVE-2026-48842 – Roundcube Webmail SQL Injection
CVE ID :CVE-2026-48842 Published : May 25, 2026, 7:06 p.m. | 5 hours, 59 minutes ago Description :Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin…