6.5
CVE-2026-27440 - WordPress myCred plugin <= 2.9.7.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through <= 2.9.7.6.
5.4
CVE-2026-27387 - WordPress DirectoryPress plugin <= 3.6.26 - Broken Access Control vulnerability
Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.
5.3
CVE-2026-27368 - WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 6.19.8 - Brβ¦
Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a thβ¦
5.9
CVE-2026-27360 - WordPress Photo Gallery by 10Web plugin <= 1.8.38 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.38.
7.5
CVE-2026-27343 - WordPress Airtifact theme <= 1.2.91 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through <= 1.2.91.
5.3
CVE-2026-27328 - WordPress EduBlink theme <= 2.0.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through <= 2.0.7.
4.3
CVE-2026-27327 - WordPress YayMail β WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerabilβ¦
Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through <= 4.3.2.
5.6
CVE-2026-2738 - Buffer Overflow Causing Crash in OpenVPN DCO Windows Client via Oversized AEAD Packets
Buffer overflow in ovpnβdcoβwinβ―version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet
8.8
CVE-2026-26318 - systeminformation has Command Injection via Unsanitized `locate` Output in `versions()`
systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized `locate` output in `versions()`. Version 5.31.0 fixes the issue.
0.0
CVE-2026-27500 -
Further research determined the situation described is not a vulnerability.