๐ CVE-2026-2931 - High (8.8)
The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and acce...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-2931/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-4840 - High (8.8)
A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTools of the file /bin/netis.cgi of the component Diagnostic Tool Interface. Performing a manipulation of the argument IpAddr res...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-4840/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ด CVE-2026-4484 - Critical (9.8)
The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_data...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-4484/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-33287 - High (7.5)
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaScript's `String.prototype.replace()` which interprets `$&` as a back reference to the ma...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-33287/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-33285 - High (7.5)
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's `memoryLimit` security mechanism can be completely bypassed by using reverse range expressions (e.g., `(100000000..1)`), allow...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-33285/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-33918 - High (7.6)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the caller has a valid ...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-33918/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-33917 - High (8.8)
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. ...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-33917/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-33932 - High (7.6)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-33932/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-33918 - High (7.6)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the caller has a valid ...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-33918/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-33917 - High (8.8)
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. ...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-33917/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
TheHackerWire