🚨 EUVD-2026-27167
📊 Score: 9.8/10 (CVSS v3.1)
📦 Product: MoreConvert Pro
🏢 Vendor: MoreConvert
📅 Updated: 2026-05-05
📝 The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the custom...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-27167
🔴 CVE-2026-5722 - Critical (9.8)
The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the custome...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5722/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
🟠 CVE-2026-25863 - High (7.5)
Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fields_regex_callback() method reads an iteration co...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25863/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
🟠 CVE-2026-42154 - High (7.5)
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocatin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42154/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
🟠 CVE-2026-42151 - High (7.5)
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/azuread) was typed as string instead of Secret. P...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42151/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
🚨 EUVD-2026-27163
📊 Score: 7.5/10 (CVSS v3.1)
📦 Product: nix, Lix, nix (+7 more)
🏢 Vendor: Lix Project, NixOS
📅 Updated: 2026-05-05
📝 An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated with...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-27163
🚨 EUVD-2026-27166
📊 Score: 5.3/10 (CVSS v3.1)
📦 Product: nix, nix, nix (+4 more)
🏢 Vendor: NixOS
📅 Updated: 2026-05-05
📝 An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4,...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-27166
🟠 CVE-2026-44028 - High (7.5)
An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44028/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
🟠 CVE-2026-6321 - High (7.5)
fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
EUVD Bot
TheHackerWire
OffSequence