5.3
CVE-2026-39851 - Saleor has a user enumeration vulnerability due to different error messages
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange() mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118.
8.4
CVE-2025-30650 - Junos OS: Privileged local user can gain access to a Linux-based FPC as root
AΒ Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line cards running Junos OS Evolved as root. This issue affects systems running Junos OS using Linux-based line cards. Affected linβ¦
5.4
CVE-2026-0811 - Advanced CF7 DB <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vsz_cf7_save_setting_callback' function. This makes it possible for unauthenticated attackers to β¦
4.3
CVE-2026-0814 - Advanced CF7 DB <= 2.0.9 - Missing Authorization to Authenticated (Subscriber+) Form Submissions Exβ¦
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in all versions up to, and including, 2.0.9. This makes it possible for authenticated attackers, with Subscriber-level access β¦
9.8
CVE-2026-2942 - ProSolution WP Client <= 1.9.9 - Unauthenticated Arbitrary File Upload via proSol_fileUploadProcess
The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the afβ¦
5.9
CVE-2026-35407 - Saleor has Cross-Account Email Change via Unbound Confirmation Token
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given authenticaβ¦
7.5
CVE-2026-35401 - Saleor has a resource exhaustion vulnerability in GraphQL queries
Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in 3.23.0β¦
7.5
CVE-2026-33756 - Saleor Affected by Denial of Service via Unbounded GraphQL Query Batching
Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasn't enforcing any upper limit on the number of operations. This allowed an unauthβ¦
8.1
CVE-2026-33466 - Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Wβ¦
Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do not properly validate file paths within compressed arβ¦
6.8
CVE-2026-33458 - Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure
Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data.