🔴 CVE-2026-32999 - Critical (9)
Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32999/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
🟠 CVE-2026-7802 - High (8.8)
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7802/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
🚨 EUVD-2026-32717
📊 Score: 4.3/10 (CVSS v3.1)
📅 Updated: 2026-05-28
📝 A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication (CIBA) flow to bypass this...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-32717
🚨 EUVD-2026-32718
📊 Score: 4.9/10 (CVSS v3.1)
📅 Updated: 2026-05-28
📝 A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP pass...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-32718
🚨 EUVD-2026-32719
📊 Score: 5.3/10 (CVSS v3.1)
📅 Updated: 2026-05-28
📝 A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an ArrayIndexOutOfB...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-32719
🚨 EUVD-2026-32720
📊 Score: 6.8/10 (CVSS v3.1)
📅 Updated: 2026-05-28
📝 A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been r...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-32720
🚨 EUVD-2026-32721
📊 Score: 7.0/10 (CVSS v3.1)
📦 Product: json-2-csv
📅 Updated: 2026-05-28
📝 Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications.
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-32721
🚨 EUVD-2026-32722
📊 Score: 6.5/10 (CVSS v3.1)
📦 Product: Meta Field Block – Display custom fields in the Block Editor without coding
🏢 Vendor: mr2p
📅 Updated: 2026-05-28
📝 The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbi...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-32722
🚨 EUVD-2026-32723
📊 Score: 8.8/10 (CVSS v3.1)
📦 Product: Crawlomatic Multipage Scraper Post Generator
🏢 Vendor: CodeRevolution
📅 Updated: 2026-05-28
📝 The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_content function. This is due to passing the a...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-32723
🚨 EUVD-2026-32724
📊 Score: 6.4/10 (CVSS v3.1)
📦 Product: LiveSmart Video Chat Live Video Chat
🏢 Vendor: nhadjidimitrov
📅 Updated: 2026-05-28
📝 The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmart_widget' shortcode in all versions up to, and including, 1.2 due to insufficient input s...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-32724
TheHackerWire
EUVD Bot
