CVE-2021-47933 is a critical unauthenticated arbitrary file upload issue affecting the MStore API WordPress plugin, described as allowing attackers to POST malicious files to a REST API endpoint and potentially reach remote code execution on vulnerable servers. The supplied NVD record maps the issue to CWE-306, and the record’s references point to the plugin page plus external VulnCheck and Exploit-DB mat [truncated]
CVE-2021-47932 is a critical unauthenticated privilege-escalation issue affecting TheCartPress 1.5.3.6. Crafted POST requests to the tcp_register_and_login_ajax action can set tcp_role=administrator, allowing an attacker to create administrator accounts and gain full administrative access without credentials.
CVE-2026-43341 is a Linux kernel vulnerability in net/ipv6 ioam6 trace filling where a schema-length value could wrap around and defeat a remaining-space check. The resulting cursor miscalculation could allow writes past the trace buffer, and the upstream fix keeps the length in a wider integer type so the size checks and cursor math use the full value.
CVE-2026-42208 is a SQL injection vulnerability affecting BerriAI LiteLLM. CISA added it to the Known Exploited Vulnerabilities catalog on 2026-05-08 and set a remediation due date of 2026-05-11. In practical terms, this means defenders should treat it as an actively exploited issue and move quickly on vendor guidance, compensating controls, or removal where mitigation is not available.
CVE-2026-6973 is an Ivanti Endpoint Manager Mobile (EPMM) vulnerability described as improper input validation. CISA added it to the Known Exploited Vulnerabilities catalog on 2026-05-07, which means it is treated as a known-exploited issue and should be addressed urgently. The supplied corpus does not include deeper technical detail or a CVSS score, so defensive response should focus on confirming exposu [truncated]
CVE-2026-29090 is a critical SQL injection issue in Rucio's `FilterEngine.create_postgres_query()` path. When the `postgres_meta` metadata plugin is enabled, authenticated users can supply attacker-controlled filter keys and values through the DID search endpoint and have them interpolated into raw PostgreSQL SQL. The result can include exposure, modification, or deletion of metadata, and in some environm [truncated]
CVE-2026-1952 is a critical-severity vulnerability affecting Delta Electronics AS320T firmware. NVD describes it as a denial-of-service issue tied to an undocumented subfunction, with a network attack vector and no privileges or user interaction required. The NVD record also lists vulnerable AS320T firmware versions prior to 1.16. For industrial or OT environments, this is most important where the device [truncated]
CVE-2026-1951 is a critical Delta Electronics AS320T firmware flaw tied to missing length checks for a directory-name buffer. NVD assigns it CVSS 3.1 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating a remotely reachable issue with no privileges or user interaction required. NVD’s affected CPE range marks AS320T firmware versions earlier than 1.12 as vulnerable. The vendor advisory linked in NVD cover [truncated]
CVE-2026-1950 is a critical vulnerability in Delta Electronics AS320T firmware affecting versions before 1.16. The issue is described as missing length checking on a buffer that handles file names, and NVD maps it to CWE-121 (stack-based buffer overflow). NVD rates the flaw 9.8/CRITICAL with a network attack vector and no privileges or user interaction required, so exposed or remotely reachable devices sh [truncated]
CVE-2026-1949 is a critical vulnerability in Delta Electronics AS320T firmware affecting the web service GET/PUT request handler. The issue is an incorrect calculation of stack buffer size, which can have high impact because the published CVSS vector rates the flaw as network-reachable, unauthenticated, and capable of affecting confidentiality, integrity, and availability. NVD lists firmware versions befo [truncated]
CVE-2026-32201 is a Microsoft SharePoint Server improper input validation vulnerability that CISA has added to the Known Exploited Vulnerabilities (KEV) catalog. KEV inclusion means CISA considers the issue to have known exploitation risk, so this should be treated as an urgent remediation item. The supplied corpus does not include CVSS scoring or deeper technical exploitation details, so defensive priori [truncated]
CVE-2009-0238 is a Microsoft Office remote code execution vulnerability that CISA has placed in its Known Exploited Vulnerabilities catalog. For defenders, the key takeaway is operational urgency: treat it as an actively exploited issue and prioritize vendor-guided mitigation or patching immediately.
