4 vulnerabilities scored HIGH or above on May 25, 2026.
- HIGH: 4
[HIGH] crocoblock/jetengine
CVE-2026-42774 | CVSS 9.3
Crocoblock JetEngine plugin version 3.8.8.1 and earlier contains a SQL injection vulnerability (CVE-2026-42774, CVSS 9.3) that allows attackers to execute arbitrary SQL commands. Website administrators and organizations running WordPress with JetEngine should immediately update to the latest patched version to prevent potential database compromise. Given the theoretical availability of exploitation code, this update should be treated as high priority, particularly for instances handling sensitive data.
[HIGH] emagicone/emagicone_store_manager
CVE-2026-42773 | CVSS 9.3
eMagicOne Store Manager plugin version 1.3.2 and earlier contains a blind SQL injection vulnerability (CVE-2026-42773, CVSS 9.3) that allows attackers to query and manipulate backend databases without direct output visibility. E-commerce administrators using WordPress with the Store Manager Connector plugin should update immediately to patched versions to prevent unauthorized database access or data theft. Given the high severity rating and theoretical exploit availability, this update should be prioritized for all affected installations.
[HIGH] krajowa_izba_rozliczeniowa/szafir_sdk
CVE-2026-9058 | CVSS 9.3
Szafir SDK versions prior to 463 contain a cryptographic verification bypass vulnerability (CVE-2026-9058, CVSS 9.3) where the signature verification process returns a success status code even when the signer’s certificate trust status cannot be established. Organizations and applications using Szafir SDK for digital signature validation should immediately upgrade to version 463 or later to prevent acceptance of unverified or forged signatures. This vulnerability could allow attackers to forge digitally signed documents or communications that would be incorrectly validated as legitimate.
[HIGH] totolink/a8000ru
CVE-2026-9476 | CVSS 9.3
Totolink A8000RU router firmware version 7.1cu.643_b20200521 contains an OS command injection vulnerability (CVE-2026-9476, CVSS 9.3) in the web management interface that allows remote attackers to execute arbitrary system commands via the admpass parameter. Network administrators managing Totolink A8000RU devices should immediately apply available firmware updates and restrict access to the web management interface to trusted networks. Given the public availability of exploit code and remote exploitability, this vulnerability should be addressed with priority to prevent unauthorized system compromise.