NVD disclosure day
CVE-2026-52704
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical vulnerability exists in a WooCommerce PDF Invoice Builder plugin, enabling remote code inclusion. Attackers can potentially execute arbitrary code, impacting system integrity and availability. It is crucial to identify if this plugin is deployed within the environment to assess its relevance and exposure.
CVE-2018-25436
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A WordPress plugin has an unrestricted file upload vulnerability, allowing unauthenticated attackers to upload arbitrary files. This could lead to remote code execution if the `upload-package.php` endpoint is reachable. You should care because it enables attackers to run malicious code on your systems without authentic
CVE-2026-5482
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical vulnerability in Responsive FileManager allows unauthenticated attackers to upload unrestricted file types, potentially leading to remote code execution. As the project is unmaintained, understanding its presence and exposure is crucial for security. Attackers can exploit the `dialog.php` endpoint to execute
CVE-2026-49757
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
An authentication bypass vulnerability exists in team-alembic AshAuthentication, allowing attackers to take over local user accounts via OAuth2/OIDC sign-in by spoofing email addresses. This could grant attackers full local privileges if they can control an OAuth provider account with a victim's email. The relevance an