6.5
CVE-2026-42412 - WordPress WP User Frontend plugin <= 4.3.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1.
7.3
CVE-2026-42377 - WordPress SureForms Pro plugin <= 2.8.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0.
6.9
CVE-2026-21023 -
Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application.
7.1
CVE-2026-35155 - Authenticated Low‑Privileged Attacker Can Gain Elevated Access in Dell iDRAC10 via Race Condition
Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access.
4.3
CVE-2026-23773 - SSRF Vulnerability in Dell Disk Library for Mainframe
Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.
7.2
CVE-2026-42615 - Cross‑Site Scripting in CyberChef’s Base64 Offset Feature
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.
7.5
CVE-2026-36837 -
TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function.
7.4
CVE-2026-42011 - Gnutls: gnutls: security bypass due to incorrect name constraint handling
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validat…
3.7
CVE-2026-6276 - curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host …
A flaw was found in libcurl. This vulnerability allows for information disclosure when a custom `Host:` header is used in an initial HTTP request, and a subsequent request reuses the same connection without specifying a new `Host:` header. This can lead to libcurl incorrectly sending cookies intend…
8.8
CVE-2026-38991 - Authenticated File Rename Allows PHP Execution in Cockpit CMS
Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component _isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension enabling arbitrary code …