Skip to main content

JetBrains IntelliJ IDEA Critical Path Traversal in Workspace ID Handling Leads to Code Execution (CVE-2026-59792)

Scope: JetBrains IntelliJ IDEA Versions Before 2026.1.4 and Before 2026.2

vLLM OpenAI-Compatible API Server Authentication Bypass Allows Unauthenticated AI Inference Access (CVE-2026-48746)

Scope: vLLM Versions 0.3.0 through 0.21.x (Fixed in 0.22.0)

Ultimate Member WordPress Plugin Unauthenticated Blind SQL Injection Exposes Database Contents (CVE-2026-15290)

Scope: Ultimate Member WordPress Plugin Versions up to and Including 2.10.1

WPFunnels WooCommerce Plugin Unauthenticated Log Injection Leads to Remote Code Execution (CVE-2026-14345)

Scope: WPFunnels Funnel Builder for WooCommerce Plugin Versions up to and Including 3.12.7

GitHub Enterprise Server Stored XSS via Markdown Rendering Allows Session Hijacking (CVE-2026-11962)

Scope: GitHub Enterprise Server Versions 3.10.0 to 3.10.10, 3.11.0 to 3.11.7, and 3.12.0 to 3.12.3

WinRAR RAR5 Heap Overflow Enables Remote Code Execution via Malicious Recovery Volume Files (CVE-2026-14191)

Scope: WinRAR, Command-line RAR, and UnRAR (All Versions Prior to 7.23) on Windows, macOS, Linux, An

Veeam Backup and Replication Remote Code Execution via Deserialization Allows Domain User Takeover (CVE-2026-44963)

Scope: Veeam Backup and Replication Version 12.x (All Builds up to and Including 12.3.2.4465) Joined

Subscribe to Advisories