5.3
CVE-2026-1371 - Tutor LMS <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutoโฆ
The Tutor LMS โ eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the `ajax_coupon_details()` function, which only validates nonces but does not verifyโฆ
8.1
CVE-2026-1375 - Tutor LMS <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Courโฆ
The Tutor LMS โ eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References (IDOR) in all versions up to, and including, 3.9.5. This is due to missing object-level authorization checks in the `course_list_bulk_action()`, `bulk_delete_course()`, and `โฆ
7.5
CVE-2025-8590 - Information Disclosure in AKCE Software's SKSPro
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.This issue affects SKSPro: through 07012026.
7.6
CVE-2025-8589 - Reflected XSS in AKCE Software's SKSPro
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Reflected XSS.This issue affects SKSPro: through 07012026.
9.3
CVE-2026-24465 - StackโBased Buffer Overflow in Elecom Wireless LAN Access Points Enables Arbitrary Code Execution
Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.
5.1
CVE-2026-24449 - Derivable Default Passwords in ELECOM WRC Routers
For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.
8.6
CVE-2026-22550 - OS Command Injection in Elecom WRC Router Models
OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. A crafted request from a logged-in user may lead to an arbitrary OS command execution.
5.1
CVE-2026-20704 - CrossโSite Request Forgery Enabling Unintended Operations on WRCโX1500GSโB and WRCโX1500GSAโB
Cross-site request forgery vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed.
5.4
CVE-2026-1447 - Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the create_or_update_note function. This makes it possible for unauthenticated attackers to create or update contact notes via a foโฆ
7.1
CVE-2026-1058 - Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field
The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses html_entity_decode()โฆ