CVE Vulnerabilities - 10 May 2026

The WordPress Download From Files plugin, versions 1.48 and earlier, allows attackers to upload malicious files without a password. This means that unauthorized users can upload files that could harm ...

An attacker can upload a malicious file to OpenCATS, pretending it's a resume, and then execute system commands without needing a password. This could allow an attacker to access sensitive information...

The WordPress MStore API has a security issue that allows hackers to upload malicious files to your server without needing a password. This could let them take control of your server. To fix this, upd...

An attacker can create an administrator account on a TheCartPress site without needing a password, allowing them to make changes to the site. This is a serious security risk because an attacker could ...

OpenCart's session management is affected, allowing attackers to take control of user sessions. This can lead to unauthorized access to user accounts. To protect your store, update to the latest versi...

A vulnerability in the Samba file sharing service on Debian Linux allows attackers to execute malicious code on affected systems without being authenticated. This means that hackers can potentially ta...

PHP versions 8.2 to 8.5 have a bug that can cause memory corruption or crashes when handling SOAP requests. This can lead to sensitive information being leaked or the system becoming unstable. To fix ...

A security issue in Debian Linux allows unprivileged users to access sensitive files on the system. This could potentially allow an attacker to gain more access to the system. To fix this issue, updat...

A vulnerability in PHP's SOAP extension affects certain versions. It allows an attacker to execute malicious code on a server by manipulating SOAP requests. To fix this, update to a supported version ...

A vulnerability in Debian Linux allows unprivileged users to access sensitive system files. This could potentially allow an attacker to gain elevated privileges and take control of the system. Debian ...

Certain PHP versions with the PDO Firebird driver are at risk of SQL injection attacks. This occurs when an attacker injects malicious code into SQL queries by exploiting the driver's improper handlin...

The PHP PDO Firebird driver can be exploited by attackers to inject malicious SQL code if certain values are not properly handled. This affects PHP versions 8.2 to 8.5 and can lead to unauthorized dat...

A bug in PHP's SoapServer allows a malicious SOAP request to potentially cause memory corruption, information disclosure, or crashes in affected systems. This affects PHP versions 8.2 through 8.5, and...

The PHP SOAP extension has a bug that can allow an attacker to execute malicious code on your server. This is a serious issue because it can be exploited remotely, without requiring direct access to y...

A security patch has been released for rootio-linux to prevent unauthorized access to Linux devices. This affects users of rootio-linux on Debian 11. To protect your system, update to the latest versi...

A vulnerability in the libssh2 library used by Debian Linux allows an attacker to execute malicious code on a server without needing a password. This could happen if a server is accessed over the inte...

PHP versions 8.4 and 8.5 are affected. If a malicious encoding name is passed to certain functions, it can cause a crash or memory leak, potentially exposing sensitive information. Update to the lates...

PHP versions 8.4 and 8.5 have a bug that can cause a crash or allow an attacker to access sensitive information if a malicious encoding is used. This issue affects websites and applications using PHP,...

Aero CMS has a security flaw that lets attackers with a login run their own code on the server. This could lead to unauthorized changes or data theft. To fix this, update Aero CMS to the latest versio...

CyberPanel, a web hosting control panel, has a security flaw that lets attackers with a login access to sensitive information and run malicious code on the server. This could lead to unauthorized acce...

Authenticated attackers can upload malicious files to TextPattern CMS, allowing them to run arbitrary commands on the server. This is a serious security risk because it could give attackers full contr...

Authenticated users with module creation permissions in Evolution CMS can inject malicious code to execute system commands. This could allow an attacker to gain unauthorized access or disrupt the syst...

ImpressCMS's administrative interface has a security flaw that lets attackers who have logged in execute their own PHP code on the site. This can be done by submitting a special request with malicious...

Authenticated users with theme installation permissions on e107 CMS can upload malicious theme files, which can then execute system commands. This allows attackers to take control of the website. To f...

Authenticated superusers in Sentry 8.2.0 can execute malicious code if an attacker sends a specific type of request to the audit log endpoint. This means that if an attacker gains access to a superuse...