Ping7 Guides

CVE and Network Guides

Defensive self-checks for CVEs, exposed PHP apps, WordPress plugins, DNS, SSL, uptime, IP visibility, and recovery work after a suspected compromise.

Need help after a self-check?

Start with the free guide. If the version is affected, logs look suspicious, or the patch could break production, send the CVE ID and symptoms through CVE Repair. Ping7 work stays defensive: owned systems, approved client environments, patching, compromise review, and cleanup.

$49 patch call: confirm the affected version, update path, and post-fix check.
$99 compromise check: review users, uploads, cron, logs, redirects, SSH keys, and suspicious changes.
$299+ repair: containment, cleanup, hardening, and a written handoff when the site is already impacted.

Latest CVE self-checks

Branda: CVE-2026-11551 / CVE-2026-9843 / CVE-2026-11911 / CVE-2026-11912 / CVE-2026-12238 / CVE-2022-50972 - CVSS 9.8. CVE-2026-11551 affects Branda through 3.4.29. Confirm the installed version, patch or disable the component, and review password reset events, administrators, and login sessions before closing the issue. Repair help is limited to owned systems and client-approved environments.
ProxySQL: CVE-2026-48772 / CVE-2026-48773 / CVE-2026-48774 - CVSS 10.0. CVE-2026-48772 affects ProxySQL 2.0.0 through 3.0.8. Patch to 3.0.9 or newer, restrict exposed listeners, and review ProxySQL listeners, crashes, restarts, and frontend access. Repair help is limited to owned systems and client-approved environments.
Joomla SP Page Builder: CVE-2026-48908 / CVE-2026-48939 / CVE-2017-20252 / CVE-2017-20253 / CVE-2017-20254 / CVE-2017-20255 / CVE-2017-20256 / CVE-2017-20257 / CVE-2017-20258 / CVE-2017-20259 / CVE-2017-20260 / CVE-2017-20261 / CVE-2017-20262 / CVE-2017-20263 / CVE-2017-20264 / CVE-2017-20265 / CVE-2017-20266 / CVE-2017-20267 / CVE-2017-20268 / CVE-2017-20269 / CVE-2017-20270 / CVE-2017-20271 / CVE-2017-20272 / CVE-2017-20273 / CVE-2017-20274 / CVE-2017-20275 / CVE-2017-20276 / CVE-2017-20277 / CVE-2017-20278 / CVE-2017-20279 / CVE-2017-20280 / CVE-2017-20281 / CVE-2017-20282 / CVE-2019-25748 / CVE-2019-25749 / CVE-2019-25750 / CVE-2019-25751 / CVE-2019-25752 / CVE-2019-25753 / CVE-2019-25754 / CVE-2019-25755 / CVE-2019-25756 / CVE-2019-25757 / CVE-2019-25758 / CVE-2019-25759 / CVE-2019-25760 / CVE-2019-25761 / CVE-2019-25762 / CVE-2023-54357 - CVSS 10.0. CVE-2026-48908 affects Joomla SP Page Builder vendor advisory. Check whether the extension is installed, remove abandoned copies, and review uploads, executable files, and public builder routes. Repair help is limited to owned systems and client-approved environments.
mcp-pinot: CVE-2026-49257 / CVE-2026-45617 / CVE-2026-44645 / CVE-2026-48716 / CVE-2026-44688 / CVE-2026-44691 / CVE-2026-46580 / CVE-2026-11576 / CVE-2026-12565 - CVSS 10.0. CVE-2026-49257 affects mcp-pinot through 3.0.1. Review Pinot credentials, MCP access logs, and table/config changes, then apply the vendor fix or remove the risky exposure until patched. Repair help is limited to owned systems and client-approved environments.
BetterDocs Pro: CVE-2026-7515 / CVE-2026-8713 / CVE-2026-56012 / CVE-2026-11395 / CVE-2026-11989 / CVE-2026-4328 / CVE-2026-12137 / CVE-2026-12093 / CVE-2026-3640 / CVE-2024-32949 / CVE-2025-58924 / CVE-2025-58952 / CVE-2025-58953 / CVE-2025-58954 / CVE-2025-60085 / CVE-2025-69105 / CVE-2025-69107 / CVE-2025-69109 / CVE-2025-69110 / CVE-2025-69112 / CVE-2026-40726 / CVE-2026-49081 / CVE-2026-54184 / CVE-2026-54813 / CVE-2026-54818 - CVSS 9.8. CVE-2026-7515 affects BetterDocs Pro through 3.8.0. Confirm the installed version, patch or disable the component, and review PHP files and uploads before closing the issue. Repair help is limited to owned systems and client-approved environments.
FileRise: CVE-2026-54414 / CVE-2026-54419 / CVE-2026-40455 / CVE-2026-54222 / CVE-2026-55746 / CVE-2026-55741 / CVE-2026-55742 / CVE-2026-55744 / CVE-2026-48788 / CVE-2026-49205 - CVSS 9.8. CVE-2026-54414 affects FileRise before 3.16.0. Patch or remove public exposure, preserve logs, and review shared links, users.txt, upload folders, and new admin users. Repair help is limited to owned systems and client-approved environments.
pgAdmin 4: CVE-2026-12045 / CVE-2026-12048 / CVE-2026-12044 - CVSS 9.4. CVE-2026-12045 affects pgAdmin 4 9.13 before 9.16. Upgrade to pgAdmin 4 9.16 or newer, then review AI Assistant use, database role privileges, and pgAdmin logs. Repair help is limited to owned systems and client-approved environments.
Comodo Chromodo Browser: CVE-2016-20088 / CVE-2016-20090 / CVE-2026-39999 / CVE-2026-49290 / CVE-2026-49345 - CVSS 8.5. CVE-2016-20088 affects Comodo Chromodo Browser through 52.15.25.664. Confirm exposure, apply the vendor fix or remove the component, and review Windows services, old browser installs, and updater paths. Repair help is limited to owned systems and client-approved environments.
pontedilana/php-weasyprint: CVE-2026-49260 / CVE-2026-49286 - CVSS 8.2. CVE-2026-49260 affects pontedilana/php-weasyprint before 2.5.1. Patch the Composer dependency, check which routes generate PDFs, and review composer.lock, PDF generation jobs, and web-server logs. Repair help is limited to owned systems and client-approved environments.
JimuReport: CVE-2026-36418 / CVE-2026-47103 / CVE-2026-48616 / CVE-2026-48768 / CVE-2026-48814 / CVE-2026-28587 / CVE-2026-20266 - CVSS 10.0. CVE-2026-36418 affects JimuReport 2.3.4 and below through unsafe expression handling. Patch, restrict report execution APIs, and review report templates and server logs. Repair help is limited to owned systems and client-approved environments.
bus-ticket: CVE-2026-55740 / CVE-2026-54415 / CVE-2026-11407 / CVE-2026-46870 - CVSS 9.8. CVE-2026-55740 affects the Nur-Alam39 bus-ticket PHP application. Public deployments should be taken out of exposure until SQL handling and database credentials are fixed, then database access and records should be reviewed. Repair help is limited to owned systems and client-approved environments.
Apache Airflow: CVE-2026-50203 / CVE-2026-32966 / CVE-2026-32967 - CVSS 9.8. CVE-2026-50203 affects Apache Airflow SFTP provider workflows where a malicious or compromised SFTP server can influence retrieved paths. Patch the provider and review DAG output directories. Repair help is limited to owned systems and client-approved environments.
Webmin: CVE-2026-56020 / CVE-2026-56021 / CVE-2026-56022 - CVSS 9.2. CVE-2026-56020 affects Webmin before 2.641. Patch to 2.641 or newer, restrict the Webmin listener, and review login history, miniserv configuration, and certificate-auth users. Repair help is limited to owned systems and client-approved environments.
JobCareer: CVE-2025-69128 / CVE-2025-69130 / CVE-2025-69135 / CVE-2025-69139 / CVE-2026-12407 / CVE-2026-22335 / CVE-2026-22343 / CVE-2026-27400 / CVE-2026-48967 / CVE-2026-49073 / CVE-2026-49113 / CVE-2026-54185 / CVE-2026-9860 - CVSS 8.8. CVE-2025-69128 affects JobCareer through 7.3. Confirm the installed version, patch or disable the component, and review file access logs and unexpected downloads before closing the incident. Repair help is limited to owned systems and client-approved environments.
SigmaForms Pro - AI Generated Forms: CVE-2026-52705 / CVE-2024-52488 / CVE-2025-60218 / CVE-2025-69129 / CVE-2026-22327 / CVE-2026-25446 / CVE-2026-25470 / CVE-2026-27041 / CVE-2026-39589 / CVE-2026-40746 / CVE-2026-40747 / CVE-2026-40748 / CVE-2026-40749 / CVE-2026-40783 - CVSS 10.0. CVE-2026-52705 affects SigmaForms Pro - AI Generated Forms through 1.4.5. Confirm the installed version, patch or disable the component, and review upload directories, new PHP files, and web access logs before closing the incident. Repair help is limited to owned systems and client-approved environments.
MySQL Shell for VS Code: CVE-2026-46850 / CVE-2026-46860 / CVE-2026-46861 - CVSS 9.9. CVE-2026-46850 affects MySQL Shell for VS Code 2026.2.0+9.6.1. Database teams should patch developer tooling and review saved connection profiles and extension access. Repair help is limited to owned systems and client-approved environments.
Sonaar: CVE-2025-59563 / CVE-2025-69138 / CVE-2026-12165 / CVE-2026-22342 / CVE-2026-24611 / CVE-2026-42629 / CVE-2026-54805 / CVE-2026-27395 / CVE-2026-49058 / CVE-2026-49767 / CVE-2026-54803 / CVE-2026-54807 / CVE-2025-69179 - CVSS 9.8. CVE-2025-59563 affects Sonaar through 4.27.4. Confirm the installed version, patch or disable the component, and review new users, role changes, and administrator sessions before closing the incident. Repair help is limited to owned systems and client-approved environments.
Avada: CVE-2026-12256 / CVE-2025-69127 / CVE-2026-49108 / CVE-2025-60229 / CVE-2025-60230 / CVE-2025-60231 / CVE-2025-60236 / CVE-2025-69111 / CVE-2026-27429 / CVE-2026-39529 / CVE-2026-40725 / CVE-2026-42380 / CVE-2026-49075 / CVE-2026-49107 / CVE-2026-52706 / CVE-2026-54194 / CVE-2026-54806 / CVE-2025-60205 / CVE-2025-69108 / CVE-2025-69122 - CVSS 9.8. CVE-2026-12256 affects Avada through 3.15.3. Confirm the installed version, patch or disable the component, and review PHP errors, changed files, and unexpected plugin settings before closing the incident. Repair help is limited to owned systems and client-approved environments.
Motors: CVE-2026-54812 / CVE-2026-54815 / CVE-2026-54819 / CVE-2025-59554 / CVE-2026-22332 / CVE-2026-22340 / CVE-2026-39438 / CVE-2026-39596 / CVE-2026-48875 / CVE-2026-49076 / CVE-2026-49079 / CVE-2026-49080 / CVE-2026-49084 / CVE-2026-54186 / CVE-2026-54187 / CVE-2026-54808 / CVE-2026-54809 / CVE-2026-54811 - CVSS 9.3. CVE-2026-54812 affects Motors through 1.4.109. Confirm the installed version, patch or disable the component, and review database errors, unusual request patterns, and exposed customer or order data before closing the incident. Repair help is limited to owned systems and client-approved environments.
NGINX: CVE-2026-42055 / CVE-2026-42530 - CVSS 9.2. CVE-2026-42055 affects NGINX proxy and gRPC module configurations in the June 2026 F5 advisory. Review HTTP/2 proxying, gRPC exposure, and edge logs before closing. Repair help is limited to owned systems and client-approved environments.
CVE-2026-49268: Apache Shiro - DefaultLdapRealm DN construction issue - CVSS 8.8. CVE-2026-49268 affects Apache Shiro through 2.2.0 and 3.0.0-alpha-1 when DefaultLdapRealm builds LDAP Distinguished Names from user input. Upgrade and review LDAP realm templates, authentication logs, and account mappings. Repair help is limited to owned systems and client-approved environments.
NGINX Gateway Fabric: CVE-2026-11311 / CVE-2026-50107 - CVSS 8.6. CVE-2026-11311 affects NGINX Gateway Fabric configuration generation when NGINX Plus is used as the data plane. Review who can create or modify NginxProxy and AuthenticationFilter resources, patch, and audit recent CRD changes. Repair help is limited to owned systems and client-approved environments.
CVE-2026-40750: WordPress Kids Online Store theme - dangerous file upload - CVSS 9.9. CVE-2026-40750 affects the WordPress Kids Online Store theme through 0.8.9. Site owners should patch or replace the theme, block script execution from uploads, and review recent files and admin users. Repair help is limited to owned systems and client-approved environments.
Premmerce Dev Tools: CVE-2026-6933 / CVE-2026-8443 / CVE-2026-8444 / CVE-2026-27333 / CVE-2026-40762 / CVE-2026-39574 / CVE-2026-39581 / CVE-2026-49772 / CVE-2026-49774 / CVE-2026-52715 / CVE-2026-52712 - CVSS 9.9. CVE-2026-6933 affects Premmerce Dev Tools through 2.0. Confirm the installed version, patch or disable the plugin, and review changed files, cron jobs, users, and web server logs before closing the incident. Repair help is limited to owned systems and client-approved environments.
Hippoo Mobile App for WooCommerce: CVE-2026-49065 / CVE-2026-42411 / CVE-2026-48970 / CVE-2025-59133 / CVE-2026-25425 / CVE-2026-27089 / CVE-2026-34886 / CVE-2026-34891 / CVE-2026-34898 / CVE-2026-39480 / CVE-2026-39503 / CVE-2026-39513 / CVE-2026-39524 / CVE-2026-39533 / CVE-2026-39534 / CVE-2026-40741 / CVE-2026-40767 / CVE-2026-40774 / CVE-2026-40776 / CVE-2026-40781 / CVE-2026-40789 / CVE-2026-42384 / CVE-2026-42666 / CVE-2026-42667 / CVE-2026-42668 / CVE-2026-45441 / CVE-2026-48835 / CVE-2026-48868 / CVE-2026-48872 / CVE-2026-48873 / CVE-2026-48883 / CVE-2026-49056 / CVE-2026-49066 / CVE-2026-49068 / CVE-2026-49070 / CVE-2026-49078 / CVE-2026-49110 / CVE-2026-52692 / CVE-2026-52694 / CVE-2026-52695 / CVE-2026-52699 / CVE-2026-40775 / CVE-2026-49082 / CVE-2026-39450 / CVE-2026-39518 / CVE-2026-40785 / CVE-2026-40788 / CVE-2026-49775 / CVE-2025-68045 / CVE-2026-39490 / CVE-2026-52711 / CVE-2026-2381 / CVE-2026-40809 - CVSS 8.2. CVE-2026-49065 affects Hippoo Mobile App for WooCommerce through 1.9.5. Confirm the installed version, patch or disable the plugin, and review new sessions, booking records, order changes, and account history before closing the incident. Repair help is limited to owned systems and client-approved environments.
CVE-2026-53864: OpenClaw - Node.js control variable sanitizer bypass - CVSS 8.1. CVE-2026-53864 affects OpenClaw before 2026.5.26. Review workspace .env files, tool environment overrides, and skill environment blocks for unexpected Node.js control variables before re-enabling shared workspaces. Repair help is limited to owned systems and client-approved environments.
WP BASE Booking: CVE-2026-39587 / CVE-2026-42687 / CVE-2026-49061 / CVE-2026-49112 / CVE-2026-49063 / CVE-2026-39434 / CVE-2026-39470 / CVE-2026-39472 / CVE-2026-39499 / CVE-2026-49083 / CVE-2026-27407 / CVE-2026-40727 / CVE-2026-40779 / CVE-2026-39471 / CVE-2026-39481 / CVE-2026-39498 / CVE-2026-9187 / CVE-2026-8442 - CVSS 8.1. CVE-2026-39587 affects WP BASE Booking through 5.9.0. Confirm the installed version, patch or disable the plugin, and review new users, role changes, and administrator sessions before closing the incident. Repair help is limited to owned systems and client-approved environments.
AutomatorWP: CVE-2026-42650 / CVE-2025-68840 / CVE-2025-68851 / CVE-2025-68872 / CVE-2026-23970 / CVE-2026-34900 / CVE-2026-34902 / CVE-2026-39435 / CVE-2026-39447 / CVE-2026-39449 / CVE-2026-39463 / CVE-2026-39507 / CVE-2026-39514 / CVE-2026-40732 / CVE-2026-40770 / CVE-2026-40787 / CVE-2026-40791 / CVE-2026-42649 / CVE-2026-42658 / CVE-2026-42775 / CVE-2026-45437 / CVE-2026-48838 / CVE-2026-48867 / CVE-2026-48871 / CVE-2026-48876 / CVE-2026-48885 / CVE-2026-48966 / CVE-2026-49055 / CVE-2026-52702 / CVE-2026-42686 / CVE-2026-39437 / CVE-2026-54191 / CVE-2026-54198 - CVSS 7.2. CVE-2026-42650 affects AutomatorWP through 5.6.7. Confirm the installed version, patch or disable the plugin, and review stored content, redirects, admin sessions, and suspicious script injections before closing the incident. Repair help is limited to owned systems and client-approved environments.
Feed KuantoKusta for WooCommerce Free: CVE-2026-39441 / CVE-2026-39492 / CVE-2026-39493 / CVE-2026-39502 / CVE-2026-39511 / CVE-2026-39512 / CVE-2026-39519 / CVE-2026-39530 / CVE-2026-40771 / CVE-2026-40798 / CVE-2026-42381 / CVE-2026-42386 / CVE-2026-42639 / CVE-2026-42665 / CVE-2026-45439 / CVE-2026-48886 / CVE-2026-49067 / CVE-2026-49776 / CVE-2026-52693 / CVE-2026-52703 / CVE-2026-27053 / CVE-2026-34901 / CVE-2026-39583 / CVE-2026-39591 / CVE-2026-40772 / CVE-2026-48836 / CVE-2026-49085 / CVE-2026-49104 / CVE-2026-49105 / CVE-2026-49106 / CVE-2026-49109 / CVE-2026-49763 / CVE-2026-49764 / CVE-2026-49765 / CVE-2026-49766 / CVE-2026-49768 / CVE-2026-49769 / CVE-2026-49770 / CVE-2026-49781 / CVE-2026-9691 - CVSS 10.0. CVE-2026-39441 affects Feed KuantoKusta for WooCommerce Free through 5.3. WordPress sites should patch or disable the component, then review database errors, unusual request patterns, and exposed customer or order data before closing the incident. Repair help is limited to owned systems and client-approved environments.
WooCommerce PDF Invoice Builder: CVE-2026-52704 / CVE-2016-20071 / CVE-2026-49062 / CVE-2026-49111 / CVE-2016-20076 / CVE-2016-20081 / CVE-2018-25437 / CVE-2026-49064 / CVE-2016-20078 / CVE-2016-20080 - CVSS 10.0. CVE-2026-52704 affects WooCommerce PDF Invoice Builder through 2.0.8. Stores should disable or patch the plugin, review generated invoice files and templates, and check administrator activity before reopening payments. Repair help is limited to owned systems and client-approved environments.
Bludit CMS: CVE-2026-38329 / CVE-2026-50869 - CVSS 9.8. CVE-2026-38329 affects Bludit before 3.18.4 when API plugin file handling is exposed. Review API token use, plugin access, uploaded files, and web-server logs before closing the issue. Repair help is limited to owned systems and client-approved environments.
CVE-2026-48114: Metacat 2.x - unauthenticated SQL injection - CVSS 9.8. CVE-2026-48114 affects Metacat 2.x through 2.19.1 in the harvester registration path. Operators should upgrade to Metacat 3.x, restrict legacy servlet exposure, and review PostgreSQL and repository logs. Repair help is limited to owned systems and client-approved environments.
Discuz! X5.0: CVE-2026-49952 / CVE-2026-49954 - CVSS 9.3. CVE-2026-49952 affects Discuz! X5.0 releases 20260320 through 20260501. Forum operators should upgrade to 20260510 or newer, restrict administrative paths, and review database backup and restore activity. Repair help is limited to owned systems and client-approved environments.
CVE-2026-5482: Responsive FileManager - unrestricted file upload to RCE risk - CVSS 9.3. CVE-2026-5482 affects Tecrail Responsive FileManager through 9.14.0. The project was reported as unmaintained at assignment time, so exposed deployments should be removed or isolated and upload directories reviewed. Repair help is limited to owned systems and client-approved environments.
CVE-2026-48714: i18next-http-middleware - remote prototype pollution risk in missing-key handling - CVSS 9.1. CVE-2026-48714 affects i18next-http-middleware before 3.9.7 when missing-key write handling is exposed with vulnerable backend behavior. Upgrade, restrict the handler, and review translation persistence logs for unexpected writes. Repair help is limited to owned systems and client-approved environments.
PowerPress Podcasting: CVE-2026-24637 / CVE-2026-39465 / CVE-2026-39474 / CVE-2026-39478 / CVE-2026-39532 / CVE-2026-39579 / CVE-2026-40766 / CVE-2026-40769 / CVE-2026-42661 / CVE-2026-42664 / CVE-2026-48874 / CVE-2026-48881 / CVE-2026-48882 / CVE-2026-48889 / CVE-2026-48964 / CVE-2026-49780 / CVE-2026-52697 / CVE-2026-52700 - CVSS 9.1. CVE-2026-24637 affects PowerPress Podcasting through 11.15.10. WordPress owners should confirm the plugin version, patch or disable the component, and review database errors, unusual request patterns, and exposed customer or order data before closing the incident. Repair help is limited to owned systems and client-approved environments.
CVE-2026-36670: OpenSIPS Control Panel - alias management SQL injection - CVSS 8.8. CVE-2026-36670 affects OpenSIPS Control Panel before 9.3.3. Authenticated users with access to the alias management module can trigger SQL injection behavior, so exposed panels should be upgraded and logs reviewed. Repair help is limited to owned systems and client-approved environments.
CVE-2026-48017: DbGate - authenticated server-side code execution risk - CVSS 8.8. CVE-2026-48017 affects DbGate 7.1.8 and earlier when authenticated users can reach vulnerable server-side runner behavior. Upgrade, limit access to trusted admins, review runner activity, and rotate stored credentials if suspicious use cannot be ruled out. Repair help is limited to owned systems and client-approved environments.
GStreamer gst-plugins-bad: CVE-2026-52719 / CVE-2026-52720 / CVE-2026-52722 - CVSS 8.8. CVE-2026-52719 affects the VA JPEG decoder in GStreamer gst-plugins-bad before 1.28.4. Systems that parse untrusted media should update packages and review crashes from media thumbnailing or ingestion jobs. Repair help is limited to owned systems and client-approved environments.
CVE-2026-12204: ShopXO - unauthenticated scheduled task endpoint authorization bypass - CVSS 7.5. CVE-2026-12204 affects ShopXO up to 6.7.1 in app/api/controller/Crontab.php. Stores should restrict scheduled task endpoints, review order/payment state changes, and preserve logs before cleanup. Repair help is limited to owned systems and client-approved environments.
CVE-2026-5079: multer - denial of service via deeply nested field names - CVSS 7.5. CVE-2026-5079 affects multer upload parsing when deeply nested multipart field names are accepted. Node.js services should update from the affected multer line, enforce upload limits, and monitor upload endpoints for memory pressure. Repair help is limited to owned systems and client-approved environments.
CVE-2026-20262: Cisco Catalyst SD-WAN Manager - authenticated arbitrary file write - CVSS 6.5. CVE-2026-20262 affects Cisco Catalyst SD-WAN Manager web UI upload handling. The reported path requires valid low-privilege credentials but can create or overwrite files, so exposed management planes need patching and account review. Repair help is limited to owned systems and client-approved environments.
CVE-2026-54420: LiteSpeed cPanel Plugin - shared hosting privilege escalation risk - CVSS 8.5. CVE-2026-54420 affects LiteSpeed cPanel user-end plugin deployments before 2.4.8, including bundled WHM Plugin deployments before the fixed 5.3.2.1 line. Shared hosts using CloudLinux/CageFS should patch and review cPanel logs because the vendor reported active exploitation. Repair help is limited to owned systems and client-approved environments.
MariaDB Server: CVE-2026-44168 / CVE-2026-44170 / CVE-2026-44172 / CVE-2026-48163 / CVE-2026-48165 / CVE-2026-44249 / CVE-2026-44893 / CVE-2026-44894 / CVE-2026-45416 / CVE-2026-45673 / CVE-2026-45674 / CVE-2026-46340 / CVE-2026-47691 / CVE-2026-48006 / CVE-2026-48043 / CVE-2026-48059 / CVE-2026-48748 / CVE-2026-50010 / CVE-2026-50011 / CVE-2026-50560 / CVE-2026-47244 / CVE-2026-6428 / CVE-2026-44892 / CVE-2026-11933 / CVE-2026-49261 / CVE-2026-44250 / CVE-2026-44890 - CVSS 10.0. CVE-2026-44168 affects supported MariaDB branches including 10.6, 10.11, 11.4, and 11.8 lines. Confirm the exact server branch, patch to the fixed release, and review database errors or restarts. Repair help is limited to owned systems and client-approved environments.
BUK TS-G Gas Station Automation System: CVE-2026-12183 / CVE-2026-45060 / CVE-2026-45418 / CVE-2026-47238 / CVE-2026-12131 / CVE-2026-8406 / CVE-2026-38581 - CVSS 9.8. CVE-2026-12183 affects BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux. Treat exposed panels as high risk, restrict access to trusted networks, patch, and review system configuration or administrative changes. Repair help is limited to owned systems and client-approved environments.
Quest Bot: CVE-2026-47172 / CVE-2026-47174 / CVE-2026-46703 / CVE-2026-53474 / CVE-2026-46519 / CVE-2026-32193 / CVE-2026-11769 / CVE-2026-49818 / CVE-2026-11529 / CVE-2026-48546 / CVE-2026-11816 / CVE-2026-52860 / CVE-2026-46679 / CVE-2026-2049 - CVSS 9.6. CVE-2026-47172 affects Quest Bot before 1.0.3. Review GitHub Actions workflows that promote pull-request builds into privileged Docker deployment jobs. Repair help is limited to owned systems and client-approved environments.
MDJM Event Management: CVE-2026-7537 / CVE-2026-9851 / CVE-2026-8438 / CVE-2026-8901 / CVE-2026-9829 / CVE-2026-9280 / CVE-2026-7792 / CVE-2026-11603 / CVE-2026-8599 / CVE-2026-9016 / CVE-2026-9848 / CVE-2026-9109 / CVE-2026-5513 - CVSS 7.5. CVE-2026-7537 affects MDJM Event Management for WordPress through 1.7.8.3. Review administrator activity, plugin email attachments, and upload locations for unexpected executable files. Repair help is limited to owned systems and client-approved environments.
vm2: CVE-2026-47131 / CVE-2026-47135 / CVE-2026-47137 / CVE-2026-47139 / CVE-2026-47140 / CVE-2026-47141 / CVE-2026-47208 / CVE-2026-47209 / CVE-2026-47210 - CVSS 10.0. CVE-2026-47131 affects vm2 before 3.11.4. Services that run untrusted JavaScript should upgrade, isolate sandbox workers, and review logs for unexpected outbound access or worker failures. Repair help is limited to owned systems and client-approved environments.
CVE-2026-47365: cPanel WP Toolkit - cross-tenant command authorization bypass - CVSS 9.9. CVE-2026-47365 affects WP Toolkit before 6.11.0 as used in cPanel & WHM. Hosting providers should update WP Toolkit, review account boundaries, and check recent wp-toolkit CLI activity. Repair help is limited to owned systems and client-approved environments.
Apache CXF: CVE-2026-50623 / CVE-2026-50629 / CVE-2026-50631 / CVE-2026-50632 / CVE-2026-50633 / CVE-2026-50634 / CVE-2026-50645 - CVSS 9.8. CVE-2026-50623 affects Apache CXF deployments in the June 2026 advisory batch. Check OAuth2, JMS/JCA, JWS JSON, or attachment handling depending on the module in use, then upgrade to 4.2.2 or 4.1.7. Repair help is limited to owned systems and client-approved environments.
CVE-2026-53787: Magento Amasty Order Attributes - unauthenticated arbitrary file upload - CVSS 9.8. CVE-2026-53787 affects Amasty Order Attributes for Magento 2 before 4.0.0. Magento stores should patch, review upload directories, and block script execution from media paths. Repair help is limited to owned systems and client-approved environments.
jmespath.php: CVE-2026-54133 / CVE-2026-54360 - CVSS 9.8. CVE-2026-54133 affects jmespath.php before 2.9.1 when untrusted expressions reach the compiler runtime. Patch and use the non-compiler runtime for user-controlled expressions. Repair help is limited to owned systems and client-approved environments.
ApostropheCMS: CVE-2026-44990 / CVE-2026-45011 / CVE-2026-45012 / CVE-2026-45013 / CVE-2026-53607 / CVE-2026-53609 / CVE-2026-53608 - CVSS 9.3. CVE-2026-44990 affects ApostropheCMS or a common dependency path in June 2026. Check package versions, trusted base URL, editor content, outbound fetch behavior, and password reset events. Repair help is limited to owned systems and client-approved environments.
CVE-2026-9067: Schema & Structured Data for WP & AMP - arbitrary media upload - CVSS 9.1. CVE-2026-9067 affects Schema & Structured Data for WP & AMP before 1.60. WordPress sites should update the plugin, review media uploads, and check for unexpected files under wp-content/uploads. Repair help is limited to owned systems and client-approved environments.
Apache OFBiz: CVE-2026-47342 / CVE-2026-50223 / CVE-2026-25700 / CVE-2026-49498 / CVE-2026-52758 / CVE-2026-9758 - CVSS 8.8. CVE-2026-47342 affects Apache OFBiz versions before 24.09.07. Upgrade to the fixed release and review low-privilege users, role changes, and recent administrative actions. Repair help is limited to owned systems and client-approved environments.
Parse Server: CVE-2026-47138 / CVE-2026-47248 / CVE-2026-50008 / CVE-2026-53726 - CVSS 8.7. CVE-2026-47138 affects Parse Server deployments in the June 2026 batch. Check version state, public API routes, GraphQL exposure, and server logs before closing the issue. Repair help is limited to owned systems and client-approved environments.
Spring Security: CVE-2026-41003 / CVE-2026-41695 / CVE-2026-41856 - CVSS 7.6. CVE-2026-41003 affects Spring Security applications that render attacker-influenced SAML relying-party registration values. Review SAML configuration sources and move to fixed Spring Security releases. Repair help is limited to owned systems and client-approved environments.
CVE-2026-42306: Moby Docker Engine - container networking and firewall exposure - CVSS 7.2. CVE-2026-42306 affects Docker Engine and Moby daemon versions before fixed releases. Review daemon version, published container ports, and host firewall state after upgrade. Repair help is limited to owned systems and client-approved environments.
CVE-2026-12066: PbootCMS - password recovery exposure - CVSS 5.5. CVE-2026-12066 affects PbootCMS up to 3.2.12 in the member password recovery flow. Review exposed member recovery pages, account changes, admin logins, and vendor patch status. Repair help is limited to owned systems and client-approved environments.
Ivanti Sentry: CVE-2026-10520 / CVE-2026-10523 - CVSS 10.0. CVE-2026-10520 affects Ivanti Sentry and was added to CISA KEV on 2026-06-11. Confirm version state, restrict management access, patch, and review appliance logs and unexpected accounts. Repair help is limited to owned systems and client-approved environments.
CVE-2026-11561: Apinizer - expression language injection code injection - CVSS 9.8. CVE-2026-11561 affects Apinizer 2026.04.0 before 2026.04.6. API gateway owners should identify exposed Apinizer nodes, upgrade to a fixed release, and review gateway logs, admin activity, and policy changes. Repair help is limited to owned systems and client-approved environments.
Hippoo Mobile App for WooCommerce: CVE-2026-10580 / CVE-2026-49060 / CVE-2026-39494 / CVE-2026-42647 / CVE-2026-42653 - CVSS 9.8. CVE-2026-10580 affects Hippoo Mobile App for WooCommerce through 1.9.4. Public stores should update to 1.9.5 or newer, review administrator accounts, WooCommerce API activity, password resets, and payment settings. Repair help is limited to owned systems and client-approved environments.
UpdraftPlus: CVE-2026-10795 / CVE-2025-6254 / CVE-2026-3018 / CVE-2026-49069 / CVE-2023-33999 - CVSS 9.8. CVE-2026-10795 affects UpdraftPlus through 1.26.4 when the site has been connected to UpdraftCentral. Review remote communication logs, backup activity, plugin changes, and administrator accounts before treating the site as clean. Repair help is limited to owned systems and client-approved environments.
image-size: CVE-2025-71319 / CVE-2025-71329 / CVE-2025-71330 / CVE-2026-44494 / CVE-2026-44492 / CVE-2026-44487 / CVE-2026-44486 / CVE-2026-44488 / CVE-2026-44496 / CVE-2026-44495 / CVE-2026-44705 / CVE-2026-49982 - CVSS 8.7. CVE-2025-71319 affects image-size through 2.0.2. Node.js apps that inspect untrusted JXL or HEIF uploads should patch or isolate image parsing workers. Repair help is limited to owned systems and client-approved environments.
GitLab EE: CVE-2026-6552 / CVE-2026-10087 / CVE-2026-7250 / CVE-2026-8589 - CVSS 8.7. CVE-2026-6552 affects GitLab EE Group SAML identity management. Self-managed GitLab owners should upgrade and review group Owner activity, SAML mappings, and recent identity changes. Repair help is limited to owned systems and client-approved environments.
CVE-2026-40998: Spring Web Services - Jaxp13XPathTemplate XXE via StreamSource and SAXSource - CVSS 8.2. CVE-2026-40998 affects Spring Web Services applications that evaluate XPath over untrusted XML through Jaxp13XPathTemplate with StreamSource or SAXSource. Upgrade and review XML entry points. Repair help is limited to owned systems and client-approved environments.
Roxy-WI: CVE-2026-45552 / CVE-2026-45556 / CVE-2026-45558 / CVE-2026-45550 / CVE-2026-45564 / CVE-2026-45549 / CVE-2026-45567 / CVE-2026-45565 / CVE-2026-45569 - CVSS 9.9. CVE-2026-45552 affects Roxy-WI install and exporter workflows. Review panel exposure, guest or low-privilege users, stored SSH credentials, and recent infrastructure changes. Repair help is limited to owned systems and client-approved environments.
Fission: CVE-2026-46614 / CVE-2026-46618 / CVE-2026-50545 / CVE-2026-50563 / CVE-2026-50564 / CVE-2026-50566 / CVE-2026-46612 / CVE-2026-46617 / CVE-2026-49824 / CVE-2026-50570 / CVE-2026-49821 / CVE-2026-49822 / CVE-2026-49823 / CVE-2026-50567 - CVSS 9.9. CVE-2026-46614 affects Fission before 1.23.0 where internal function routes may be exposed through the public router listener. Review ingress, router services, and NetworkPolicy. Repair help is limited to owned systems and client-approved environments.
Splunk Secure Gateway: CVE-2026-20251 / CVE-2026-53435 / CVE-2026-20253 - CVSS 9.8. CVE-2026-20251 affects Splunk Secure Gateway through unsafe deserialization. Confirm Splunk Enterprise and Secure Gateway versions, patch fixed releases, and review app activity and admin logs. Repair help is limited to owned systems and client-approved environments.
Concrete CMS: CVE-2026-10721 / CVE-2026-38615 / CVE-2026-45062 / CVE-2026-46643 / CVE-2026-46683 - CVSS 9.8. CVE-2026-10721 affects Concrete CMS before 9.5.2 through unsafe serialized data paths. Check the running CMS version, recent cache or permission errors, and patch the site. Repair help is limited to owned systems and client-approved environments.
OpenSSL: CVE-2026-34183 / CVE-2026-45447 / CVE-2026-7383 / CVE-2026-34180 / CVE-2026-45445 / CVE-2026-9076 / CVE-2026-42764 / CVE-2026-42765 - CVSS 9.8. CVE-2026-34183 affects OpenSSL QUIC stacks where repeated PATH_CHALLENGE handling can exhaust memory. Review custom QUIC clients or servers and update affected OpenSSL branches. Repair help is limited to owned systems and client-approved environments.
CVE-2026-49948: Mem0 self-hosted server - missing authorization on configuration changes - CVSS 8.6. CVE-2026-49948 affects Mem0 self-hosted server versions through 0.2.8. Check exposed server instances, admin/API-key usage, LLM provider settings, embedder settings, and unexpected configuration changes. Repair help is limited to owned systems and client-approved environments.
CVE-2026-46491: SimpleSAMLphp CAS Server - FileSystemTicketStore path traversal - CVSS 8.6. CVE-2026-46491 affects simplesamlphp-module-casserver before 7.0.3 when the file-based ticket store is used and public CAS validation or proxy endpoints are reachable. Check whether FileSystemTicketStore is enabled, upgrade to 7.0.3, and review PHP filesystem permissions. Repair help is limited to owned systems and client-approved environments.
BuddyPress: CVE-2026-53673 / CVE-2026-53674 - CVSS 8.6. CVE-2026-53673 affects BuddyPress 14.4.0 private messaging REST API permission checks. Community and membership sites should disable private messaging if needed, review message API access, and update when a fixed release is available. Repair help is limited to owned systems and client-approved environments.
Spring Data MongoDB: CVE-2026-41717 / CVE-2026-41729 / CVE-2026-41731 / CVE-2026-41732 - CVSS 8.1. CVE-2026-41717 affects Spring Data MongoDB applications that expose annotated repository methods with capture-all placeholders to untrusted input. Upgrade affected branches and search for risky @Query or @Aggregation patterns. Repair help is limited to owned systems and client-approved environments.
CVE-2026-48108: Russh - SSH identification pre-authentication resource handling - CVSS 5.3. CVE-2026-48108 affects Rust services built on russh 0.34.0-beta.1 before 0.61.0. Check embedded SSH services, patch russh, and review connection limits around the pre-authentication phase. Repair help is limited to owned systems and client-approved environments.
Apache HTTP Server: CVE-2026-44631 / CVE-2026-34355 / CVE-2026-34356 / CVE-2026-42536 / CVE-2026-44185 / CVE-2026-48913 / CVE-2026-29167 / CVE-2026-44186 / CVE-2026-42535 - CVSS 9.8. CVE-2026-44631 affects Apache HTTP Server 2.4.0 through 2.4.67 through crafted regular expressions in configuration. Operators should upgrade to 2.4.68 and review regex-heavy vhost, rewrite, and match directives. Repair help is limited to owned systems and client-approved environments.
CVE-2026-50636: LimeSurvey - RemoteControl invite/remind SQL injection - CVSS 8.8. CVE-2026-50636 affects LimeSurvey RemoteControl invite_participants and remind_participants flows when the RPC interface is enabled and a caller has token update permission. Disable RemoteControl if unused, reduce permissions, and apply the vendor fix. Repair help is limited to owned systems and client-approved environments.
CVE-2026-11616: The Events Calendar for GeoDirectory - Subscriber privilege escalation - CVSS 8.8. The Events Calendar for GeoDirectory CVE-2026-11616 can let a low-privilege WordPress account alter role-related user metadata through the event interest flow. Update to 2.3.29 or newer, then review admin users, role changes, and AJAX logs. Repair help is limited to owned systems and client-approved environments.
MongoDB Server: CVE-2026-9740 / CVE-2026-9742 / CVE-2026-9741 / CVE-2026-9743 / CVE-2026-9746 / CVE-2026-9747 / CVE-2026-9748 / CVE-2026-9749 / CVE-2026-9750 / CVE-2026-9752 / CVE-2026-9753 / CVE-2026-9754 - CVSS 8.7. CVE-2026-9740 affects MongoDB Server BSON validation logic and can crash mongod before authentication. Public or partner-exposed MongoDB listeners should be patched and checked for unexplained restarts. Repair help is limited to owned systems and client-approved environments.
CVE-2026-9662: Recover Exit for WooCommerce - Unauthenticated LFI via tpf include path - CVSS 8.1. Recover Exit for WooCommerce exposes a reported local file inclusion path through a POST value that reaches include(). Stores should remove or disable the plugin, check the affected PHP files, and review logs before reopening checkout flows. Repair help is limited to owned systems and client-approved environments.
Spring Framework: CVE-2026-41851 / CVE-2026-41849 / CVE-2026-41850 - CVSS 7.5. CVE-2026-41851 affects Spring Framework applications that accept user-controlled SpEL expressions and cache parsed expressions. Check rule/formula features, upgrade Spring, and review memory alerts. Repair help is limited to owned systems and client-approved environments.
CVE-2026-9185: 6Storage Rentals - Unauthenticated tenant profile exposure - CVSS 7.5. 6Storage Rentals may expose tenant profile read or update paths without login. Site owners should disable the plugin, preserve access logs, inspect tenant records, and notify affected users if data changed. Repair help is limited to owned systems and client-approved environments.
CVE-2026-7556: FV Flowplayer Video Player - Stored XSS review for WordPress sites - CVSS 7.2. FV Flowplayer CVE-2026-7556 should be treated as a stored XSS cleanup and permission review, not as a confirmed unauthenticated RCE. Check plugin version, recent video embeds, editor accounts, and cached pages. Repair help is limited to owned systems and client-approved environments.
CVE-2016-20063: Simple Personal Message - Authenticated SQL injection in legacy WordPress plugin - CVSS 7.1. CVE-2016-20063 is a legacy Simple Personal Message WordPress plugin SQL injection issue. Check whether the plugin still exists, confirm the installed version, update to 2.0.0 or remove it, and review admin activity and database access if it was exposed. Repair help is limited to owned systems and client-approved environments.
CVE-2026-52778: YesWiki - Bazar CalcField unsafe formula handling - CVSS 9.8. CVE-2026-52778 affects YesWiki before 4.6.6 through the Bazar CalcField formula calculator. Public YesWiki sites should upgrade, review Bazar forms, and check logs for repeated form submissions or PHP file changes. Repair help is limited to owned systems and client-approved environments.
CVE-2023-54352: WordPress Seotheme - Unauthenticated Remote Code Execution - CVSS 9.8. WordPress Seotheme unauthenticated RCE with a public technical signal. Site owners should check for the known shell IOC, related seoplugins paths, unexpected admins, modified theme files, and web-log hits before cleanup. Repair help is limited to owned systems and client-approved environments.
CVE-2026-47430: Cordova Plugin InAppBrowser iOS - callback boundary weakness - CVSS 9.5. CVE-2026-47430 affects cordova-plugin-inappbrowser 3.1.0 through 6.0.0 on iOS. Apps that open OAuth, payment, deep-link, or marketing pages in InAppBrowser should upgrade to 6.0.1 and review plugin callback trust boundaries. Repair help is limited to owned systems and client-approved environments.
CVE-2026-50751: Check Point - deprecated IKEv1 VPN authentication bypass - CVSS 9.3. CVE-2026-50751 affects Check Point Remote Access VPN and Mobile Access deployments that still accept deprecated IKEv1. Check Point reported exploitation in the wild; operators should patch, disable or restrict IKEv1, and review VPN logs from 2026-05-07 onward. Repair help is limited to owned systems and client-approved environments.
CVE-2026-46490: samlify - SAML AttributeValue XML injection privilege escalation - CVSS 8.7. CVE-2026-46490 affects samlify before 2.13.0. Node.js SAML SSO services should upgrade, review IdP attribute templates, SP role/group mapping, and recent login events where SAML attributes drive authorization. Repair help is limited to owned systems and client-approved environments.
CVE-2026-40519: Nginx Proxy Manager - certificate plugin command injection - CVSS 7.7. CVE-2026-40519 affects Nginx Proxy Manager certificate plugin setup when an account can manage certificates. Review admin exposure, certificate permissions, DNS challenge credentials, and update to a build containing the upstream fix. Repair help is limited to owned systems and client-approved environments.
CVE-2026-46440: Flowise - Basic Auth credential brute-force exposure - CVSS 7.5. CVE-2026-46440 affects Flowise before 3.1.2 when exposed Basic Auth can be repeatedly tested without adequate rate limiting. Operators should upgrade, add a real access layer, rotate credentials, and review Flowise flows and stored secrets. Repair help is limited to owned systems and client-approved environments.
SourceCodester Timetabling: CVE-2026-11471 / CVE-2026-11472 / CVE-2026-11482 / CVE-2026-11483 / CVE-2026-11484 / CVE-2026-11485 / CVE-2026-11486 - CVSS 7.5. SourceCodester Class and Exam Timetabling System 1.0 SQL injection in login handling. Public school portals should restrict access, inspect SQL handling, and review logs. Repair help is limited to owned systems and client-approved environments.
CVE-2026-11488: Simple Flight Ticket Booking - checkUser.php SQL Injection - CVSS 7.5. code-projects Simple Flight Ticket Booking System 1.0 SQL injection in login handling. Check stale booking demos, login SQL handling, web logs, and database privileges. Repair help is limited to owned systems and client-approved environments.
code-projects Online Music Site: CVE-2026-11489 / CVE-2026-11490 - CVSS 7.5. code-projects Online Music Site 1.0 SQL injection in an admin album action. Check admin path exposure, album changes, logs, and SQL handling. Repair help is limited to owned systems and client-approved environments.
CVE-2026-11474: Student Management System - Unrestricted Upload via stimg - CVSS 7.5. Kushan2k student-management-system may allow dangerous file uploads through the stimg registration image field. Check public/profiles for PHP-like files, block script execution in upload directories, and preserve logs. Repair help is limited to owned systems and client-approved environments.
CVE-2026-11462: BeikeShop Stripe Plugin - Missing Webhook Signature Verification - CVSS 7.5. BeikeShop Stripe plugin callback may process webhook data without verifying the Stripe-Signature header. Store owners should patch, configure the webhook secret, review /callback/stripe logs, and match paid orders against Stripe. Repair help is limited to owned systems and client-approved environments.
CVE-2026-11456: Chanjet CRM - SQL Injection in system table handling - CVSS 7.3. Chanjet CRM 1.0 SQL injection in a system table endpoint. Exposed CRM systems should restrict the endpoint, review web logs, and preserve evidence. Repair help is limited to owned systems and client-approved environments.
CVE-2026-46389: UDS Identity Config - Keycloak client authentication bypass - CVSS 10.0. CVE-2026-46389 affects UDS Identity Config 0.11.0 through 0.26.0. Deployments using the client-kubernetes-secret Keycloak authenticator should update to 0.26.1 and review service-account token activity. Repair help is limited to owned systems and client-approved environments.
HAX CMS: CVE-2026-46395 / CVE-2026-46399 / CVE-2026-46396 / CVE-2026-46496 / CVE-2026-46398 / CVE-2026-46400 / CVE-2026-46391 / CVE-2026-46392 / CVE-2026-46394 / CVE-2026-46393 / CVE-2026-46493 / CVE-2026-46511 / CVE-2026-46390 - CVSS 9.4. CVE-2026-46395 affects the HAX CMS Node.js backend through 25.0.0. Public HAX CMS operators should upgrade, rotate JWT signing material and site tokens, then review admin activity that may not have normal login events. Repair help is limited to owned systems and client-approved environments.
CVE-2026-45777: Open XDMoD - unauthenticated remote code execution - CVSS 9.3. CVE-2026-45777 affects Open XDMoD 9.5.0 through 11.0.2. HPC portals should upgrade to 11.0.3 or newer, restrict web access, and review web-server process activity and application logs. Repair help is limited to owned systems and client-approved environments.
WordPress: CVE-2026-7654 / CVE-2026-5411 / CVE-2026-5415 - CVSS 8.8. CVE-2026-7654 affects the Admin Columns WordPress plugin through 7.0.18. Sites with Contributor or higher accounts should patch to 7.0.19 or newer, then review recent custom-field and account activity. Repair help is limited to owned systems and client-approved environments.
Lyrion Music Server: CVE-2026-50234 / CVE-2026-50233 / CVE-2026-50232 / CVE-2026-50231 - CVSS 8.7. CVE-2026-50234 affects Lyrion Music Server 9.2.0 / through 9.2.0. Public web UI or CLI exposure should be closed, logs reviewed, and the server moved back to a stable or fixed build. Repair help is limited to owned systems and client-approved environments.
AWS Aurora PostgreSQL Wrapper: CVE-2026-11400 / CVE-2026-11401 - CVSS 8.6. CVE-2026-11400 affects AWS Advanced JDBC Wrapper for Aurora PostgreSQL versions 3.0.0 through before 4.0.1. Review wrapper dependency versions, database search_path, and low-privilege function creation. Repair help is limited to owned systems and client-approved environments.
CVE-2026-8206: Kirki Page Builder — Unauthenticated Admin Account Takeover via Password Reset - CVSS 9.8. Kirki 6.0.0–6.0.6 password reset endpoint sends reset link to attacker-supplied email instead of account owner. One unauthenticated request hijacks any admin. 500K+ installs, Wordfence blocking 222+ attacks/day. Repair help is limited to owned systems and client-approved environments.
CVE-2026-7465: Spectra / Ultimate Addons for Gutenberg — Contributor-level RCE in block rendering - CVSS 8.8. Authenticated (Contributor+) remote code execution in Spectra Gutenberg Blocks ≤ 2.19.25. Review Contributor accounts, block rendering behavior, and plugin version before reopening publishing access. Repair help is limited to owned systems and client-approved environments.
CVE-2026-9757: GEO my WP — Unauthenticated SQL Injection via map boundary parameters - CVSS 7.5. SQL injection in GEO my WP (≤ 4.5.5) through map boundary query handling. Public Posts Locator pages should be patched and checked for unusual database access. Repair help is limited to owned systems and client-approved environments.
CVE-2026-7459: Simple History — Subscriber+ account takeover via REST event context leak - CVSS 7.5. Simple History ≤ 5.26.0: react_to_event REST endpoints only verify login, not per-logger capabilities. Subscribers read password-reset email bodies and complete admin takeover. Repair help is limited to owned systems and client-approved environments.
FreePBX-Cluster-2026-05: FreePBX May 2026 Cluster — 4 CVEs in one day (UCP takeover · CDR SQLi · OAuth bypass · path traversal) - CVSS 9.3. Four FreePBX CVEs published the same day. CVE-2026-46376 (9.3) is a pre-auth UCP takeover via hard-coded initial template credentials. CVE-2026-44238 (8.5) is SQL injection in the CDR Reports module via order/sort parameters. CVE-2026-44237 (7.6) — the OAuth2 validateClient() method unconditionally returns true. CVE-2026-44239 (7.6) is PHP path traversal in the Dashboard module's getcontent handler. Patch lines: 16.0.50 / 17.0.11. Repair help is limited to owned systems and client-approved environments.
CVE-2026-4290: WP Travel Pro — Unauthenticated Arbitrary User Deletion - CVSS 9.1. Unauthenticated user deletion in WP Travel Pro (≤ 10.6.0). The affected REST permission path can allow destructive user deletion without a valid admin session. Patch to 10.6.1 and audit recent user changes. Repair help is limited to owned systems and client-approved environments.
CVE-2026-6455: WP Contact Form 7 DB Handler — CSRF → SQLi → Deserialization → Arbitrary File Deletion - CVSS 8.1. The WP Contact Form 7 DB Handler plugin chains four flaws: CSRF bypass (nonce check skipped when field is absent), UNION-based SQL injection, PHP object injection, and arbitrary file deletion via path traversal. One admin click on a crafted link can delete wp-config.php and take down the entire site. Repair help is limited to owned systems and client-approved environments.
CVE-2026-44329: BentoML Docker Build — Dockerfile Injection → Full Host RCE - CVSS 10.0. BentoML's Dockerfile template can mishandle docker.base_image from bento.yaml. Malicious build configuration may alter generated Dockerfile behavior during image builds. Patch BentoML and review build inputs before rebuilding. Repair help is limited to owned systems and client-approved environments.
CVE-2026-42748: WordPress Triple-9.9: Unrestricted Upload & Path Traversal (3 plugins) - CVSS 9.9. Three separate WordPress plugins with CVSS 9.9 each published on the same day. CVE-2026-42748 is unrestricted file upload; CVE-2026-42756 and CVE-2026-42757 are path traversal vulnerabilities with changed scope (S:C), meaning a compromise can reach beyond WordPress to the wider server. Repair help is limited to owned systems and client-approved environments.
CVE-2026-48027: Nx Console VS Code Extension — Supply Chain Attack (Actively Exploited) - CVSS 9.3. Malicious Nx Console version 18.95.0 was published to VS Code Marketplace for ~18 minutes and OpenVSX for ~36 minutes on May 19, 2026. The compromised extension contained embedded malicious code (CWE-506) that executed at activation. Auto-update users may have installed it. CISA has added this to the Known Exploited Vulnerabilities catalog. Repair help is limited to owned systems and client-approved environments.
CVE-2026-48172: cPanel/WHM Redis Socket — Unauthenticated Privilege Escalation to Root - CVSS 10.0. Unauthenticated privilege escalation via Redis Unix socket in cPanel & WHM. Overly permissive socket access can let a local user or compromised PHP process write root-owned files through Redis. Third critical cPanel CVE in 2026. Repair help is limited to owned systems and client-approved environments.
CVE-2026-4885: Piotnet Addons for Elementor Pro — Unauthenticated File Upload → RCE - CVSS 9.8. Unauthenticated arbitrary file upload in Piotnet Addons for Elementor Pro (≤ 7.1.70). Dangerous PHP-like uploads may execute on common hosting stacks, so owners should patch and inspect upload directories. Repair help is limited to owned systems and client-approved environments.
CVE-2026-8719: AI Engine Plugin — Subscriber-to-Admin Privilege Escalation - CVSS 8.8. Privilege escalation in the AI Engine WordPress plugin (50,000+ active installs). Missing capability check in MCP OAuth bearer-token path lets any logged-in user, even Subscriber, escalate to Administrator. Patched in v3.4.10. Public registration sites are most exposed. Repair help is limited to owned systems and client-approved environments.
CVE-2026-42945: NGINX Rift — 18-Year-Old RCE in ngx_http_rewrite_module - CVSS 9.2. Heap buffer overflow in ngx_http_rewrite_module. Risk rises on systems using the affected rewrite configuration pattern. In the codebase since 2008. Affects ~1/3 of all websites. Repair help is limited to owned systems and client-approved environments.
CVE-2026-41940: cPanel/WHM Pre-Auth CRLF Injection → Root Access - CVSS 9.8. Pre-authentication CRLF injection in cPanel & WHM session handling leading to root access. 44,000 IPs compromised, 7,135 hit by .sorry ransomware. Persistent Mr_Rot13 Filemanager backdoor survives the patch. Second emergency TSR on May 8. Repair help is limited to owned systems and client-approved environments.
CVE-2026-1492: WordPress User Registration & Membership — Auth Bypass → Admin Takeover - CVSS 9.8. Authentication bypass in the User Registration & Membership plugin (60,000+ active installs). An unauthenticated attacker can take over any account, including admin. Patched in 4.2.4 — older versions are wide open. Repair help is limited to owned systems and client-approved environments.

Recovery and network guides

How to Find Hidden Backdoors on Your Linux Server After a Hack - SSH keys, cron persistence, rogue systemd units, web shells, binary changes, and evidence handling after a suspected compromise.
Hacked cPanel Server: Step-by-Step Recovery Playbook - Contain the incident, preserve evidence, hunt IOCs, clean persistence, restore service, and harden WHM/cPanel.
WordPress Site Hacked: Recovery Guide - Hidden admins, malicious theme files, redirects, spam injections, blacklist warnings, and recovery steps for WordPress sites.
.sorry Ransomware Extension Files Explained - What .sorry files mean, how to confirm server impact, and when a cPanel compromise review is needed.
Mr_Rot13 Filemanager Backdoor: Signatures and IOCs - Known filenames, locations, persistence clues, and defensive checks for the Mr_Rot13 backdoor family.
How to Use Google Search Console for SEO - Verify a domain, read Performance and Coverage reports, and use URL Inspection for urgent pages.
What Is My IP Address? - Visible IP address basics, VPN impact, and what an IP address does and does not reveal.
How to Check If Your VPN Is Leaking Your IP - Check visible IP, DNS leak symptoms, and browser conditions that can expose network details.
How to Check If a Website Is Down - Read HTTP status, DNS issues, response timing, and local network failures before blaming the host.
How to Run a Ping Test Online - Use ping results to understand reachability, latency, packet loss, and basic routing problems.
How to Check DNS Records Online - Read A, AAAA, MX, TXT, NS, CNAME, and common DNS records for troubleshooting.
How to Check If an SSL Certificate Is Valid - Review certificate issuer, expiry, hostname match, chain status, and common HTTPS warnings.
How to Use WHOIS to Look Up Domain Information - Understand registrar, nameserver, registration, and privacy fields in WHOIS data.
How to Look Up an IP Address Location - Use IP geolocation, ASN, DNS, and WHOIS together without overtrusting location accuracy.