321 items
Unread (2112) All Dismissed
CRITICAL
CVE-2026-4290 (CVSS 9.1) — The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-...
NVD CVE-2026-4290 7d ago
CRITICAL
CVE-2026-10042 (CVSS 9.8) — manga-image-translator contains a remote code execution vulnerability in the shared API server mode ...
NVD CVE-2026-10042 7d ago
CRITICAL
CVE-2026-46376 (CVSS 9.8) — FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users m...
NVD CVE-2026-46376 7d ago
CRITICAL
CVE-2026-10071 (CVSS 9.8) — DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticat...
NVD CVE-2026-10071 7d ago
CRITICAL
CVE-2025-41277 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41277 7d ago
CRITICAL
CVE-2025-41276 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41276 7d ago
CRITICAL
CVE-2025-41275 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41275 7d ago
CRITICAL
CVE-2025-41274 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41274 7d ago
CRITICAL
CVE-2025-41273 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel ...
NVD CVE-2025-41273 7d ago
CRITICAL
CVE-2025-41272 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41272 7d ago
CRITICAL
CVE-2025-41270 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41270 7d ago
CRITICAL
CVE-2025-41269 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41269 7d ago
CRITICAL
CVE-2025-41268 (CVSS 9.1) — Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Wat...
NVD CVE-2025-41268 7d ago
CRITICAL
CVE-2026-49199 (CVSS 9.8) — Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the t...
NVD CVE-2026-49199 7d ago
CRITICAL
CVE-2026-3655 (CVSS 9.8) — The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authenticati...
NVD CVE-2026-3655 7d ago
CRITICAL
CVE-2026-8732 (CVSS 9.8) — The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account...
NVD CVE-2026-8732 +1 7d ago
INFO
WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites
SecurityWeek 4d ago
CRITICAL
CVE-2026-0257: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (Palo Alto Networks PAN-OS)
CISA KEV CVE-2026-0257actively-exploited +5 8d ago
CRITICAL
CVE-2026-0257 (CVSS 9.1) — Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks ...
NVD 23d ago
INFO
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
The Hacker News 6d ago
INFO
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
BleepingComputer 6d ago
INFO
Recent Palo Alto Networks Vulnerability Exploited for Weeks
SecurityWeek 4d ago
INFO
Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
rss:unit42 10h ago
CRITICAL
CVE-2026-9874 (CVSS 9.6) — Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potenti...
NVD CVE-2026-9874 8d ago
CRITICAL
CVE-2026-8809 (CVSS 9.8) — The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via ...
NVD CVE-2026-8809 8d ago
CRITICAL
CVE-2026-44881 (CVSS 9.9) — Portainer Community Edition is a lightweight service delivery platform for containerized application...
NVD CVE-2026-44881 8d ago
CRITICAL
CVE-2026-46840 (CVSS 10) — Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions th...
NVD CVE-2026-46840 8d ago
CRITICAL
CVE-2026-46839 (CVSS 9.9) — Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected ...
NVD CVE-2026-46839 8d ago
CRITICAL
CVE-2026-46833 (CVSS 9) — Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are a...
NVD CVE-2026-46833 8d ago
CRITICAL
CVE-2026-46824 (CVSS 9.9) — Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work...
NVD CVE-2026-46824 8d ago
CRITICAL
CVE-2026-46822 (CVSS 9.9) — Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operatio...
NVD CVE-2026-46822 8d ago
CRITICAL
CVE-2026-46819 (CVSS 9.1) — Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite (compo...
NVD CVE-2026-46819 8d ago
CRITICAL
CVE-2026-46817 (CVSS 9.8) — Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmissio...
NVD CVE-2026-46817 8d ago
CRITICAL
CVE-2026-46775 (CVSS 9.9) — Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected ...
NVD CVE-2026-46775 8d ago
CRITICAL
CVE-2026-34311 (CVSS 9.8) — Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Appl...
NVD CVE-2026-34311 8d ago
CRITICAL
CVE-2026-45787 (CVSS 9.1) — electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3...
NVD CVE-2026-45787 8d ago
CRITICAL
CVE-2026-44477 (CVSS 9.9) — CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. ...
NVD CVE-2026-44477 8d ago
CRITICAL
CVE-2026-24444 (CVSS 9.8) — SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded pas...
NVD CVE-2026-24444 8d ago
CRITICAL
CVE-2026-9813 (CVSS 9.9) — FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the ext...
NVD CVE-2026-9813 8d ago
CRITICAL
CVE-2026-4408 (CVSS 9) — A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers an...
NVD CVE-2026-4408 8d ago
CRITICAL
CVE-2026-48027 (CVSS 9.8) — Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, ...
NVD CVE-2026-48027 +1 9d ago
CRITICAL
CVE-2026-48027: Nx Console Embedded Malicious Code Vulnerability (Nx Nx Console)
CISA KEV 10d ago
CRITICAL
CVE-2026-45570 (CVSS 9.6) — go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alp...
NVD CVE-2026-45570 9d ago
CRITICAL
CVE-2026-8175 (CVSS 9.8) — IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Tra...
NVD CVE-2026-8175 9d ago
CRITICAL
CVE-2026-7876 (CVSS 9.1) — IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19
NVD CVE-2026-7876 9d ago
CRITICAL
CVE-2026-7524 (CVSS 9.8) — IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of...
NVD CVE-2026-7524 9d ago
CRITICAL
CVE-2025-12686 (CVSS 9.8) — Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter ...
NVD CVE-2025-12686 9d ago
CRITICAL
CVE-2026-8760 (CVSS 9.8) — The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to...
NVD CVE-2026-8760CVE-2024-11178 9d ago
CRITICAL
CVE-2026-45321: TanStack Unspecified Vulnerability (TanStack TanStack)
CISA KEV CVE-2026-45321actively-exploited 10d ago
CRITICAL
CVE-2026-8398: Daemon Tools Lite Embedded Malicious Code Vulnerability (Daemon Daemon Tools Lite)
CISA KEV CVE-2026-8398actively-exploited 10d ago
CRITICAL
CVE-2026-44985 (CVSS 9.6) — Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for th...
NVD CVE-2026-44985 10d ago
CRITICAL
CVE-2026-48689 (CVSS 9.8) — FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the ...
NVD CVE-2026-48689 10d ago
CRITICAL
CVE-2026-3660 (CVSS 9.8) — IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim Fix 021, 7.1.0 ( through ) Interim Fi...
NVD CVE-2026-3660 10d ago
CRITICAL
CVE-2026-8633 (CVSS 9.8) — IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSpher...
NVD CVE-2026-8633 10d ago
CRITICAL
CVE-2026-48904 (CVSS 9.8) — An improper access check allows privelege escalation through the com_users group editing webservice ...
NVD CVE-2026-48904 10d ago
CRITICAL
CVE-2026-48899 (CVSS 9.8) — An improper access check allows privilege escalation through the com_users batch task.
NVD CVE-2026-48899 10d ago
CRITICAL NVD Fri, 29 May 2026 07:16:14 UTC
CVE-2026-8732 (CVSS 9.8) — The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account...
https://nvd.nist.gov/vuln/detail/CVE-2026-8732
TL;DR
The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJAX action being registered with wp_ajax_nopriv_ and protected only by a nonce check using the fc-call-nonce nonce, which is publicly embedded into every frontend page via wp_localize_script as the nonc…
CVE-2026-8732
Read full story ↗
Related coverage (1)
WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites
SecurityWeek 4d ago