News & Sicurezza

CVE ID :CVE-2026-39696 Published : April 8, 2026, 9:16 a.m. | 39 minutes ago Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elfsight Elfsight WhatsApp Chat CC elfsight-whatsapp-chat allows DOM-Based XSS.This issue affects Elfsight WhatsApp Chat CC: from n/a through Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-39703 Published : April 8, 2026, 9:16 a.m. | 39 minutes ago Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-39698 Published : April 8, 2026, 9:16 a.m. | 39 minutes ago Description :Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Publisher Desk ads.txt: from n/a through Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-39697 Published : April 8, 2026, 9:16 a.m. | 39 minutes ago Description :Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO – The new AI GEO / SEO tool: from n/a through Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-39702 Published : April 8, 2026, 9:16 a.m. | 39 minutes ago Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-39700 Published : April 8, 2026, 9:16 a.m. | 39 minutes ago Description :Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Flatpak 1.16.4 fixes sandbox escape and three other security flaws Flatpak, a Linux application sandboxing and distribution framework, released version 1.16.4, patching four security vulnerabilities. The most severe fix addresses a complete sandbox escape that leads ... Read more Published Date: Apr 08, 2026 (1 day, 2 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-34079 CVE-2026-34078

Multiple OpenSSL Vulnerabilities Exposes Sensitive Data in RSA KEM Handling OpenSSL has released a broad April 2026 security update that fixes seven vulnerabilities across supported branches, led by CVE-2026-31790, a moderate-severity flaw in RSA KEM RSASVE encapsulation that ... Read more Published Date: Apr 08, 2026 (1 day, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-31790 CVE-2026-31789 CVE-2026-28390 CVE-2026-28389 CVE-2026-28388 CVE-2026-28387 CVE-2026-28386

CVE ID :CVE-2026-4483 Published : April 8, 2026, 7:25 a.m. | 31 minutes ago Description :An exposed IOCTL with an insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa’s industrial x86 computers. The affected utility, MxGeneralIo, exposes IOCTL methods that permit direct read and write access to MSR and system memory. A local attacker with high privileges could abuse these interfaces to perform unauthorized operations. Successful exploitation may result in privilege escalation on Windows 7 systems or cause a system crash (BSoD) on Windows 10 and 11 systems, leading to a denial-of-service condition. The vulnerability could slightly affect the confidentiality and integrity of the device, but availability might be heavily impacted. No impact to the subsequent system has been identified. Severity: 7.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Critical Security Update: IBM Patches Multiple Vulnerabilities in Verify Identity and Access IBM has released a comprehensive bulletin addressing a series of vulnerabilities within its Verify Identity Access and Security Verify Access product lines. The flaws range from low-impact redirection ... Read more Published Date: Apr 08, 2026 (1 day, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-1346 CVE-2026-1343 CVE-2026-1342 CVE-2026-35616 CVE-2026-4364 CVE-2026-4101 CVE-2026-2862 CVE-2026-1345 CVE-2026-5281 CVE-2026-3502 CVE-2026-33032 CVE-2025-32975

CVE ID :CVE-2026-5506 Published : April 8, 2026, 7:16 a.m. | 39 minutes ago Description :The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wave` shortcode in all versions up to, and including, 0.2.6. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Severity: 6.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5508 Published : April 8, 2026, 7:16 a.m. | 39 minutes ago Description :The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wowpress` shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Severity: 6.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...