24h | 7d | 30d

Overview

  • wpeverest
  • User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

03 Mar 2026
Published
03 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.07%

KEV

Description

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a user-supplied role during membership registration without properly enforcing a server-side allowlist. This makes it possible for unauthenticated attackers to create administrator accounts by supplying a role value during membership registration.

Statistics

  • 4 Posts

Last activity: 15 hours ago

Fediverse

Profile picture fallback

Hackers are exploiting a WordPress plugin flaw (CVE-2026-1492) that lets attackers create admin accounts without authentication on

If you run WordPress, update or disable the plugin immediately.

bleepingcomputer.com/news/secu

  • 0
  • 0
  • 1
  • 15h ago

Bluesky

Profile picture fallback
🛑 WordPress – CVE-2026-1492 : une faille dans un plugin permet de devenir admin très facilement 👇 Tous les détails - www.it-connect.fr/wordpress-cv... #WordPress #Web #infosec #cybersecurity
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • VMware
  • Aria Operations
  • vmware-aria-operations

25 Feb 2026
Published
04 Mar 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
7.35%

Description

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.  To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001  Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 16 hours ago

Bluesky

Profile picture fallback
CISA added CVE-2026-22719 to KEV after active exploitation of VMware Aria Operations (incl. Cloud Foundation & vSphere Foundation). Patch immediately. Query: web.html~"com.vmware.vsphere.client" OR web.title~"VMware Cloud Director Availability" OR web.title~"VMware Aria Operations"
  • 0
  • 1
  • 0
  • 19h ago
Profile picture fallback
CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • pac4j
  • pac4j-jwt

04 Mar 2026
Published
07 Mar 2026
Updated

CVSS v4.0
CRITICAL (10.0)
EPSS
0.24%

KEV

Description

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.

Statistics

  • 2 Posts
  • 2 Interactions

Last activity: 12 hours ago

Bluesky

Profile picture fallback
CVE-2026-29000: Critical Auth Bypass in pac4j-jwt: Full PoC Using Only a Public Key
  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
The latest update for #ArcticWolf includes "CVE-2026-29000: Authentication Bypass in pac4j-jwt #Java Library" and "CVE-2026-20079 & CVE-2026-20131: Maximum-severity Vulnerabilities in Cisco FMC". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 1
  • 1
  • 0
  • 12h ago

Overview

  • RocketChat
  • Rocket.Chat

06 Mar 2026
Published
06 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows an attacker to log in to the service as any user with a password set, using any arbitrary password. The vulnerability stems from a missing await keyword when calling an asynchronous password validation function, causing a Promise object (which is always truthy) to be evaluated instead of the actual boolean validation result. This may lead to account takeover of any user whose username is known or guessable. This issue has been patched in versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 6 hours ago

Fediverse

Profile picture fallback

🚩 CRITICAL: CVE-2026-28514 in Rocket.Chat (<8.0.0) allows auth bypass via username-only login. Full account takeover possible! Patch now or restrict access + enable MFA. Details: radar.offseq.com/threat/cve-20

  • 1
  • 1
  • 0
  • 6h ago

Overview

  • zed-industries
  • zed

25 Feb 2026
Published
27 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.05%

KEV

Description

Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates symlinks from the archive without validation, and the path guard (`writeable_path_from_extension`) only performs lexical prefix checks without resolving symlinks. An attacker can ship a tar that first creates a symlink inside the extension workdir pointing outside (e.g., `escape -> /`), then writes files through the symlink, causing writes to arbitrary host paths. This escapes the extension sandbox and enables code execution. Version 0.224.4 patches the issue.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 20 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-27976 - Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) c... https://www.cyberhub.blog/cves/CVE-2026-27976
  • 0
  • 2
  • 0
  • 20h ago

Overview

  • n8n-io
  • n8n

04 Feb 2026
Published
05 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
0.02%

KEV

Description

n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been patched in versions 1.123.10 and 2.5.0.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 17 hours ago

Bluesky

Profile picture fallback
Critical 0-Day in n8n (CVE-2026-25053): How a Simple Bypass Led to Full RCE – Full Technical Breakdown + Video Introduction n8n is a popular open‑source workflow automation tool that allows users to connect apps and services using a visual interface. Its flexibility, however, comes with a…
  • 0
  • 2
  • 0
  • 17h ago

Overview

  • Red Hat
  • Red Hat build of Keycloak 26.2
  • rhbk/keycloak-operator-bundle

05 Mar 2026
Published
06 Mar 2026
Updated

CVSS
Pending
EPSS
0.42%

KEV

Description

A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 3 hours ago

Bluesky

Profile picture fallback
CVE-2026-3047 - Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login scq.ms/4s2G6Fp
  • 0
  • 1
  • 0
  • 3h ago

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager

25 Feb 2026
Published
06 Mar 2026
Updated

CVSS v3.1
MEDIUM (5.4)
EPSS
0.04%

KEV

Description

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system&nbsp;and gain vmanage user privileges.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 15 hours ago

Bluesky

Profile picture fallback
Cisco has confirmed active exploitation targeting two vulnerabilities in Cisco Catalyst SD-WAN Manager (formerly vManage), tracked as CVE-2026-20122 and CVE-2026-20128. socradar.io/blog/cisco-c...
  • 0
  • 1
  • 0
  • 19h ago
Profile picture fallback
Cisco advierte sobre la explotación de SD-WAN Manager y corrige 48 vulnerabilidades de firewall. Los hackers ya están explotando activamente dos fallos críticos (CVE-2026-20128 y CVE-2026-20122). Si usas equipos Cisco, ¡parcha ahora antes de que sea tarde! www.linkedin.com/pulse/cisco-...
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager

25 Feb 2026
Published
06 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.02%

KEV

Description

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid&nbsp;vmanage credentials on the affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by accessing the filesystem as a low-privileged user and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 15 hours ago

Bluesky

Profile picture fallback
Cisco has confirmed active exploitation targeting two vulnerabilities in Cisco Catalyst SD-WAN Manager (formerly vManage), tracked as CVE-2026-20122 and CVE-2026-20128. socradar.io/blog/cisco-c...
  • 0
  • 1
  • 0
  • 19h ago
Profile picture fallback
Cisco advierte sobre la explotación de SD-WAN Manager y corrige 48 vulnerabilidades de firewall. Los hackers ya están explotando activamente dos fallos críticos (CVE-2026-20128 y CVE-2026-20122). Si usas equipos Cisco, ¡parcha ahora antes de que sea tarde! www.linkedin.com/pulse/cisco-...
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • timstrifler
  • Exclusive Addons for Elementor

13 Mar 2024
Published
01 Aug 2024
Updated

CVSS v3.1
MEDIUM (6.4)
EPSS
6.68%

KEV

Description

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture fallback
Unmasking the Latest MOVEit Transfer Zero-Day: A Deep Dive into the CVE-2024-1234 SQLi Exploit and Digital Forensics + Video Introduction: The digital supply chain has once again proven to be the Achilles' heel of enterprise security. Recent threat intelligence reports indicate a sophisticated…
  • 0
  • 0
  • 0
  • 4h ago
Showing 1 to 10 of 90 CVEs