NVD disclosure day
CVE-2021-47940
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
WordPress plugin Download From Files allows unauthenticated attackers to upload malicious files, potentially leading to server compromise. This critical flaw is internet-facing and affects websites using version 1.48 and earlier.
CVE-2021-47936
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
OpenCATS has a critical flaw allowing anyone to upload malicious code disguised as a resume and take control of your system. This is a serious risk for any company using this software for job applications.
CVE-2021-47933
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
WordPress MStore API has a critical flaw letting attackers upload malicious files and take over your website server without needing a login.
CVE-2021-47932
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A WordPress plugin lets anyone create an administrator account on your website without logging in, giving them full control. This affects public-facing sites using the TheCartPress plugin and needs immediate attention.
CVE-2021-47923
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
OpenCart has a critical flaw allowing attackers to hijack user accounts without needing a password. This means customer data and your business could be exposed online.
CVE-2026-6722
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical flaw in PHP's SOAP extension could let attackers run their own code on your servers through malicious requests. This is urgent for all PHP installations.