7.3
CVE-2026-2364 - CODESYS Installer TOCTOU Privilege Escalation
If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.
4.3
CVE-2026-1508 - Court Reservation < 1.10.9 - Event Deletion via CSRF
The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack
9.8
CVE-2026-0953 - Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token. Tβ¦
5.9
CVE-2025-2399 - Denial of Service (DoS) Vulnerability in Mitsubishi Electric CNC Series
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80, C80 Series C80, M700V Series M750VW, M720VW, 730VW, M720VS,β¦
7.5
CVE-2026-3585 - The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import
The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajax_create_import' function. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the seβ¦
5.3
CVE-2026-1919 - Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints
The Booking Calendar for Appointments and Service Businesses β Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated attackeβ¦
5.3
CVE-2026-1920 - Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation
The Booking Calendar for Appointments and Service Businesses β Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'Extension_Controller::update_item_permissions_check' function in all versions up to, and including, 1.0.16. This β¦
6.1
CVE-2025-36173 - InfoSphere Data Architect (IDA) 9.2.1 Vulnerability Fixes.
Affected Product(s)Version(s)InfoSphere Data Architect9.2.1
4.4
CVE-2025-36105 - IBM Planning Analytics Advanced Certified Containers is vulnerable to a sensitive information disclβ¦
IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables.
7.7
CVE-2026-27689 - Denial of service (DOS) in SAP Supply Chain Management
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution thβ¦