CVE Vulnerabilities - 2 June 2026

The Kirki plugin for WordPress allows attackers to take control of any account on a website. This can happen if an attacker knows the username of a registered user. To fix this, update the Kirki plugi...

Root has patched CVE-2026-48962 in the rootio-perl package for Root:Debian:12. Multiple fixed versions available.

MLflow 3.9.0 with basic authentication has a security issue where it doesn't properly check permissions for certain sensitive information. This allows any authenticated user to see API keys, endpoint ...

A flaw in the router's firmware allows a nearby attacker to temporarily shut down the UPnP feature, disrupting internet connectivity. This affects devices connected to the router that rely on UPnP. Us...

A flaw in the Zyxel VMG4005-B50B router's UPnP feature allows an attacker on the same network to temporarily shut down the router's UPnP service. This could cause issues with devices relying on UPnP f...

The Auto Image Attributes plugin for WordPress has a security flaw that allows attackers with certain permissions to inject malicious code into image metadata. This could potentially allow them to exe...

A security issue affects the download feature in DedeCMS version 5.7.88. This issue allows an attacker to trick the server into making unauthorized requests, potentially leading to further security is...

The itsourcecode Fees Management System 1.0 contains a security flaw that allows an attacker to access sensitive data by manipulating the ID parameter in the /manage_payment.php file. This could lead ...

An unknown function in the SourceCodester Pizzafy Ecommerce System 1.0 allows attackers to include unauthorized files, potentially leading to sensitive information exposure or malicious code execution...

The Pizzafy Ecommerce System, version 1.0, has a security flaw that allows an attacker to access and include unauthorized files on a website. This could potentially allow an attacker to access sensiti...

An unknown issue in Elunez Eladmin's Application Deployment Module could allow attackers to execute malicious code remotely. This could happen if an attacker exploits a publicly available exploit. We ...

The itsourcecode Fees Management System 1.0 has a security flaw that makes it possible for attackers to manipulate data. This could lead to unauthorized access to sensitive information. We recommend u...

A security flaw in MetaGPT's message checking function allows an attacker to execute code on a local system. This could be exploited by anyone with access to the affected version of MetaGPT, and a pub...

A security issue in NousResearch hermes-agent allows an attacker with local access to bypass authentication checks. This could potentially allow unauthorized access to sensitive data. NousResearch has...

A vulnerability in Nextlevelbuilder GoClaw version 3.11.3 or earlier allows attackers to trick the server into making unauthorized requests. This could potentially expose sensitive data or disrupt the...

The Simple Custom Login Page plugin for WordPress versions up to 1.0.3 allows attackers to inject malicious CSS code into the login page, which can be used to trick visitors into revealing their login...

The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 allows an attacker with a Contributor-level account or above to deactivate any active plugin on the site. This coul...

The Slider Revolution plugin for WordPress, used in versions 7.0.0 to 7.0.14, allows attackers with Contributor-level access to access sensitive information like social media passwords and API keys. T...

A security issue in itsourcecode Fees Management System 1.0 could allow an attacker to execute malicious code on your website. This could happen if a user visits a malicious website or clicks on a lin...

A security risk has been found in the Save function of CordysCRM, which allows an attacker to inject malicious code. This could happen if an attacker sends a specially crafted request to the system. T...

A security flaw in Orthanc DICOM Server allows an attacker with local access to potentially cause harm by overflowing a buffer. This issue affects versions up to 1.12.11, and a patch is available to f...

A security issue in Open5GS's NGAP Handover component allows a remote attacker to potentially exploit a weakness in the system. This could allow an attacker to access or disrupt the system, but the at...

A weakness in CicadasCMS's Task Scheduling Management Module can allow an attacker to inject malicious code into the system. This could potentially allow them to take control of the system or steal us...

An unknown function in 1Panel-dev CordysCRM allows attackers to inject malicious code into a website, potentially leading to unauthorized actions. This issue affects versions 1.6.2 and earlier. To fix...

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user'...