9.8
CVE-2026-7567 - Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover
The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() function, which fails to verify that the 'temp-login-token' GET parameter is a scalar string before pro…
7.5
CVE-2026-42402 - Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS
Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts th…
7.5
CVE-2026-42403 - Apache Neethi: Circular Policy Reference Infinite Loop
Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A references Policy B which references Policy A), the policy normalization process can enter an infinite loop or cause excessive recursion, l…
5.4
CVE-2026-40201 -
@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file.
8.4
CVE-2026-7584 - Arbitrary Code Execution via Unsafe Deserialization in LabOne Q
The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target…
