8.8
CVE-2026-23544 - WordPress Valenti theme <= 5.6.3.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5.
5.3
CVE-2026-23543 - WordPress Essential Addons for Elementor plugin <= 6.5.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.5.5.
9.8
CVE-2026-23542 - WordPress Grand Restaurant theme <= 7.0.10 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through <= 7.0.10.
7.5
CVE-2026-23541 - WordPress Mail Mint plugin <= 1.19.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through <= 1.19.4.
5.3
CVE-2026-22422 - WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through <= 3.4.1.
7.2
CVE-2026-22333 - WordPress YITH WooCommerce Compare plugin <= 3.6.0 - Deserialization of untrusted data vulnerability
Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through <= 3.6.0.
8.1
CVE-2026-26362 - Relative Path Traversal in Dell Unisphere for PowerMax Enabling Unauthorized Modification of Systemβ¦
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files.
4.3
CVE-2026-27056 - WordPress iThemes Sync plugin <= 3.2.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <= 3.2.8.
6.5
CVE-2026-26361 -
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
6.3
CVE-2026-2711 - zhutoutoutousan worldquant-miner URL ssrf_proxy.py server-side request forgery
A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrf_proxy.py of the component URL Handler. The manipulation of the argument make_request leads to server-side rβ¦