| CVE-2024-22447 |
|
16.06.2026 |
6.7 |
| CVE-2025-11694 |
Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities |
16.06.2026 |
|
| CVE-2025-13036 |
Rockwell Automation FactoryTalk Historian Site Edition - Authentication Bypass |
16.06.2026 |
|
| CVE-2025-14272 |
Rockwell Automation FactoryTalk Analytics PavilionX |
16.06.2026 |
|
| CVE-2026-0646 |
Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities |
16.06.2026 |
|
| CVE-2026-0647 |
Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities |
16.06.2026 |
|
| CVE-2026-10636 |
Use-after-free in Zephyr IPv4 IGMP send path (igmp_send) |
16.06.2026 |
3.7 |
| CVE-2026-10637 |
Use-after-free of net_pkt in IPv6 MLD send path triggerable by a link-local MLD Query |
16.06.2026 |
5.9 |
| CVE-2026-10638 |
Use-after-free in Zephyr ICMPv6 RX path when updating statistics after sending an echo reply or error |
16.06.2026 |
5.9 |
| CVE-2026-10639 |
Use-after-free reading `net_pkt_iface()` of a sent ICMPv4 echo-reply packet in `icmpv4_handle_echo_request()` |
16.06.2026 |
4.8 |
| CVE-2026-10640 |
Use-after-free reading `net_pkt` `iface` after send in IPv6 Neighbor Discovery (`ipv6_nbr.c`) |
16.06.2026 |
4.2 |
| CVE-2026-10831 |
Improper Authorization of Break Signal Commands in Devices |
16.06.2026 |
|
| CVE-2026-11317 |
Rockwell Automation Logix 5370 and 5570 Controllers Vulnerable To Denial of Service Via CIP |
16.06.2026 |
|
| CVE-2026-12398 |
Galaxy_ng: shell injection in legacy role import via unsanitized git ref names |
16.06.2026 |
|
| CVE-2026-47684 |
Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP |
16.06.2026 |
7.7 |
| CVE-2026-48780 |
Forem vulnerable to bypass of email address domain restrictions |
16.06.2026 |
8.2 |
| CVE-2026-9307 |
Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities |
16.06.2026 |
|
| CVE-2026-12289 |
Privilege escalation in the Graphics: WebRender component |
16.06.2026 |
|
| CVE-2026-12290 |
Memory safety bug fixed in Firefox 152 |
16.06.2026 |
|
| CVE-2026-12291 |
Use-after-free in the Networking: HTTP component |
16.06.2026 |
|
| CVE-2026-12292 |
Incorrect boundary conditions in the Web Audio component |
16.06.2026 |
|
| CVE-2026-12293 |
Use-after-free in the Graphics: WebGPU component |
16.06.2026 |
|
| CVE-2026-12294 |
Sandbox escape in the DOM: Workers component |
16.06.2026 |
|
| CVE-2026-12295 |
Sandbox escape in the DOM: Navigation component |
16.06.2026 |
|
| CVE-2026-12296 |
Sandbox escape in the Security: Process Sandboxing component |
16.06.2026 |
|
| CVE-2026-12297 |
Sandbox escape due to incorrect boundary conditions in the Networking component |
16.06.2026 |
|
| CVE-2026-12298 |
Memory safety bug fixed in Firefox 152 |
16.06.2026 |
|
| CVE-2026-12299 |
JIT miscompilation in the DOM: Core & HTML component |
16.06.2026 |
|
| CVE-2026-12300 |
Memory safety bug fixed in Firefox 152 |
16.06.2026 |
|
| CVE-2026-12301 |
Memory safety bug fixed in Firefox 152 |
16.06.2026 |
|
| CVE-2026-12302 |
Mitigation bypass in the DOM: Security component |
16.06.2026 |
|
| CVE-2026-12303 |
Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component |
16.06.2026 |
|
| CVE-2026-12304 |
Same-origin policy bypass in the Networking: Cookies component |
16.06.2026 |
|
| CVE-2026-12305 |
Memory safety bug fixed in Firefox 152 |
16.06.2026 |
|
| CVE-2026-12306 |
Memory safety bug fixed in Firefox 152 |
16.06.2026 |
|
| CVE-2026-12307 |
Memory safety bug fixed in Firefox 152 |
16.06.2026 |
|
| CVE-2026-12308 |
Memory safety bug fixed in Firefox 152 |
16.06.2026 |
|
| CVE-2026-12309 |
Memory safety bug fixed in Firefox 152 |
16.06.2026 |
|
| CVE-2026-12310 |
Memory safety bug fixed in Firefox 152 |
16.06.2026 |
|
| CVE-2026-12311 |
Information disclosure, sandbox escape in the Security: Process Sandboxing component |
16.06.2026 |
|
| CVE-2026-12312 |
Memory safety bug fixed in Firefox 152 |
16.06.2026 |
|
| CVE-2026-12313 |
Information disclosure, sandbox escape in the Security: Process Sandboxing component |
16.06.2026 |
|
| CVE-2026-12314 |
Memory safety bug fixed in Firefox 152 |
16.06.2026 |
|
| CVE-2026-12315 |
Mitigation bypass in the DOM: Security component |
16.06.2026 |
|
| CVE-2026-12316 |
Mitigation bypass in the DOM: Security component |
16.06.2026 |
|
| CVE-2026-12317 |
Memory safety bug fixed in Firefox 152 |
16.06.2026 |
|
| CVE-2026-12318 |
Incorrect boundary conditions in the Libraries component in NSS |
16.06.2026 |
|
| CVE-2026-12319 |
Denial-of-service in the Audio/Video: Playback component |
16.06.2026 |
|
| CVE-2026-12320 |
Information disclosure in the Password Manager component |
16.06.2026 |
|
| CVE-2026-12321 |
JIT miscompilation in the JavaScript: WebAssembly component |
16.06.2026 |
|
| CVE-2026-12322 |
Clickjacking issue in the Widget: Gtk component |
16.06.2026 |
|
| CVE-2026-12323 |
Spoofing issue in the DOM: Core & HTML component |
16.06.2026 |
|
| CVE-2026-12324 |
Incorrect boundary conditions in the Graphics: CanvasWebGL component |
16.06.2026 |
|
| CVE-2026-12325 |
Denial-of-service in the Graphics: ImageLib component |
16.06.2026 |
|
| CVE-2026-12326 |
Memory safety bugs fixed in Firefox 152 and Thunderbird 152 |
16.06.2026 |
|
| CVE-2026-12327 |
Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 |
16.06.2026 |
|
| CVE-2026-12328 |
Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 |
16.06.2026 |
|
| CVE-2026-12329 |
Memory safety bug fixed in Firefox ESR 140.12 |
16.06.2026 |
|
| CVE-2026-12330 |
Incorrect boundary conditions in the Internationalization component |
16.06.2026 |
|
| CVE-2026-53899 |
Cross-origin cookies could be leaked when opening a PDF link |
16.06.2026 |
|
| CVE-2026-53900 |
Cookie injection was possible when opening a PDF link |
16.06.2026 |
|
| CVE-2026-9507 |
Session fixation vulnerability in Enhancesoft's osTicket |
16.06.2026 |
|
| CVE-2026-10828 |
|
16.06.2026 |
|
| CVE-2026-10829 |
|
16.06.2026 |
|
| CVE-2026-12225 |
syracom Secure Login (2FA) for Confluence allows 2FA bypass via spoofed User-Agent |
16.06.2026 |
|
| CVE-2026-40750 |
WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability |
16.06.2026 |
9.9 |
| CVE-2026-8484 |
Heap buffer overflow in Jansi |
16.06.2026 |
|
| CVE-2025-68045 |
WordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-10825 |
Improper JSON Input Validation in WebSocket API Leads to Denial of Service |
16.06.2026 |
|
| CVE-2026-2381 |
WooCommerce Stripe Payment Gateway <= 10.7.0 - Missing Authorization to Unauthenticated Order Status Manipulation via 'order' Parameter |
16.06.2026 |
6.5 |
| CVE-2026-39437 |
WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflected Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-39490 |
WordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-39574 |
WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-39581 |
WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability |
16.06.2026 |
8.5 |
| CVE-2026-40809 |
WordPress Metro Magazine theme <= 1.4.1 - Broken Access Control vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-49772 |
WordPress The Events Calendar plugin 6.15.12-6.16.2 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-49774 |
WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability |
16.06.2026 |
9.9 |
| CVE-2026-52711 |
WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-52712 |
WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability |
16.06.2026 |
7.6 |
| CVE-2026-52714 |
WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-52715 |
WordPress GEO my WordPress plugin <= 4.5.5 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-54190 |
WordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-54191 |
WordPress Pods plugin <= 3.3.8 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-54197 |
WordPress GetGenie plugin <= 4.4.1 - Sensitive Data Exposure vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-54198 |
WordPress Media LIbrary Assistant plugin <= 3.35 - Reflected Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-5416 |
Command Injection via name parameter |
16.06.2026 |
8.8 |
| CVE-2026-8176 |
LatePoint <= 5.5.1 - Authenticated (Agent+) Privilege Escalation to Administrator via IDOR in OsOrdersController::create_or_update + Unauthenticated Customer-Cabinet Password Reset |
16.06.2026 |
7.5 |
| CVE-2026-8442 |
WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via 'myaction' Parameter |
16.06.2026 |
8.1 |
| CVE-2025-9912 |
A local privilege escalation vulnerability in Nokia SR Linux |
16.06.2026 |
|
| CVE-2026-10093 |
File Sharing & Download Manager <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'fldr_ttl' Parameter |
16.06.2026 |
6.4 |
| CVE-2026-46331 |
net/sched: fix pedit partial COW leading to page cache corruption |
16.06.2026 |
|
| CVE-2026-8444 |
WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'curselrevs' Parameter |
16.06.2026 |
8.8 |
| CVE-2025-10262 |
An unsanitized format validation vulnerability in Nokia SR Linux |
16.06.2026 |
|
| CVE-2026-10635 |
Dangling memory-domain pointer (use-after-free) in Xtensa MMU page-table code on memory-domain de-init |
16.06.2026 |
6.3 |
| CVE-2026-10780 |
Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' Attribute |
16.06.2026 |
4.3 |
| CVE-2026-50255 |
|
16.06.2026 |
|
| CVE-2026-5149 |
RTMKit <= 2.0.7 - Authenticated (Contributor+) Missing Authorization to Arbitrary Form Submission Access via 'entries_id' Parameter |
16.06.2026 |
6.5 |
| CVE-2026-6933 |
Premmerce Dev Tools <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution via Plugin Creation |
16.06.2026 |
8.8 |
| CVE-2026-8443 |
WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'stypes' Parameter |
16.06.2026 |
8.8 |
| CVE-2026-9187 |
Abandoned Contact Form 7 <= 2.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion via 'recover_id' Parameter |
16.06.2026 |
5.3 |
| CVE-2026-6964 |
Video Conferencing with Zoom <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure via 'get_auth' AJAX Action |
16.06.2026 |
5.3 |
| CVE-2026-7273 |
|
16.06.2026 |
8.8 |
| CVE-2026-1764 |
Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leads to denial of service or information disclosure when parsing mp3 files |
16.06.2026 |
|
| CVE-2026-1765 |
Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and potential information disclosure via crafted mp3 files |
16.06.2026 |
|
| CVE-2026-1766 |
Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and information disclosure via malformed mp3 files. |
16.06.2026 |
|
| CVE-2026-1767 |
Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leading to denial of service or information disclosure via malformed mp3 id3 tags |
16.06.2026 |
|
| CVE-2026-42014 |
Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin |
16.06.2026 |
|
| CVE-2026-12161 |
|
15.06.2026 |
|
| CVE-2026-12162 |
|
16.06.2026 |
|
| CVE-2026-9258 |
|
16.06.2026 |
|
| CVE-2026-9259 |
|
16.06.2026 |
|
| CVE-2026-9260 |
|
16.06.2026 |
|
| CVE-2026-9261 |
|
15.06.2026 |
|
| CVE-2026-9262 |
|
15.06.2026 |
|
| CVE-2026-48723 |
BrowserStack Cypress CL: Command Injection via cypress_config_file leads to arbitrary code execution through malicious browserstack.json |
16.06.2026 |
7.8 |
| CVE-2026-12205 |
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery |
15.06.2026 |
|
| CVE-2026-48599 |
Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding |
16.06.2026 |
|
| CVE-2026-48853 |
Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc |
16.06.2026 |
|
| CVE-2026-48854 |
Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc |
16.06.2026 |
|
| CVE-2026-53430 |
grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1 |
16.06.2026 |
|
| CVE-2026-11832 |
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce |
15.06.2026 |
|
| CVE-2026-12087 |
Socket versions before 2.041 for Perl have an out-of-bounds heap read |
15.06.2026 |
|
| CVE-2026-48017 |
DbGate: Remote Code Execution via functionName injection in loadReader endpoint |
15.06.2026 |
8.8 |
| CVE-2026-48157 |
Slim has Reflected XSS in the HtmlErrorRenderer |
16.06.2026 |
6.1 |
| CVE-2026-48713 |
i18next-fs-backend: Prototype pollution via crafted missing-key string |
16.06.2026 |
9.1 |
| CVE-2026-48714 |
i18next-http-middleware missingKeyHandler does not reject keys whose segments contain prototype-polluting names |
16.06.2026 |
9.1 |
| CVE-2026-5064 |
HP One Agent Software – Security Update |
16.06.2026 |
|
| CVE-2025-59133 |
WordPress Projectopia plugin <= 5.1.25.2 - Insecure Direct Object References (IDOR) vulnerability |
16.06.2026 |
7.5 |
| CVE-2025-60175 |
WordPress PopAd Plugin <= 1.0.4 - Server Side Request Forgery (SSRF) Vulnerability |
16.06.2026 |
4.4 |
| CVE-2025-68049 |
WordPress bunny.net plugin <= 2.3.6 - Broken Access Control vulnerability |
15.06.2026 |
6.3 |
| CVE-2025-68840 |
WordPress iRobots.txt SEO plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
7.1 |
| CVE-2025-68851 |
WordPress Okay Toolkit plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
7.1 |
| CVE-2025-68872 |
WordPress Eli's WordCents adSense Widget with Analytics plugin <= 1.3.03.27 - Reflected Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
7.1 |
| CVE-2025-69332 |
WordPress Bookify plugin <= 1.1.1 - Broken Access Control vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-23970 |
WordPress Redirection for Contact Form 7 plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-24637 |
WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability |
15.06.2026 |
8.5 |
| CVE-2026-25425 |
WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability |
15.06.2026 |
7.5 |
| CVE-2026-25440 |
WordPress Essential Addons for Elementor plugin < 6.6.0 - Broken Access Control vulnerability |
16.06.2026 |
5.3 |
| CVE-2026-27053 |
WordPress Broadcast Live Video plugin < 7.1.3 - PHP Object Injection vulnerability |
15.06.2026 |
9.8 |
| CVE-2026-27089 |
WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-27333 |
WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Deserialization of untrusted data vulnerability |
16.06.2026 |
8.1 |
| CVE-2026-27407 |
WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability |
15.06.2026 |
7.2 |
| CVE-2026-34886 |
WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability |
15.06.2026 |
7.5 |
| CVE-2026-34891 |
WordPress IDPay Payment Gateway for Woocommerce plugin <= 2.2.5 - Sensitive Data Exposure vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-34892 |
WordPress Rank Math SEO plugin <= 1.0.271 - Broken Access Control vulnerability |
15.06.2026 |
6.5 |
| CVE-2026-34898 |
WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-34900 |
WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-34901 |
WordPress iControlWP plugin <= 5.5.3 - Privilege Escalation vulnerability |
15.06.2026 |
9.8 |
| CVE-2026-34902 |
WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
7.1 |
| CVE-2026-39434 |
WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability |
16.06.2026 |
7.2 |
| CVE-2026-39435 |
WordPress CformsII plugin <= 15.1.3 - Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
7.1 |
| CVE-2026-39441 |
WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-39447 |
WordPress Simply Schedule Appointments plugin <= 1.6.10.6 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-39449 |
WordPress Contact Form to Any API plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
7.1 |
| CVE-2026-39450 |
WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability |
15.06.2026 |
7.1 |
| CVE-2026-39451 |
WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
6.3 |
| CVE-2026-39463 |
WordPress ManageWP Worker plugin <= 4.9.31 - Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
7.1 |
| CVE-2026-39465 |
WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - Remote Code Execution (RCE) vulnerability |
16.06.2026 |
9.1 |
| CVE-2026-39468 |
WordPress Meta Box – WordPress Custom Fields Framework plugin <= 5.11.1 - Arbitrary File Deletion vulnerability |
16.06.2026 |
6.8 |
| CVE-2026-39470 |
WordPress WooCommerce Cart Abandonment Recovery plugin < 2.1.0 - Privilege Escalation vulnerability |
15.06.2026 |
7.2 |
| CVE-2026-39471 |
WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability |
15.06.2026 |
7.2 |
| CVE-2026-39472 |
WordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection vulnerability |
16.06.2026 |
7.2 |
| CVE-2026-39474 |
WordPress Post Duplicator plugin <= 3.0.10 - PHP Object Injection vulnerability |
15.06.2026 |
8.8 |
| CVE-2026-39478 |
WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object Injection vulnerability |
16.06.2026 |
8.8 |
| CVE-2026-39480 |
WordPress Backup Migration plugin <= 2.1.1 - Sensitive Data Exposure vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-39481 |
WordPress Modula Image Gallery plugin <= 2.14.18 - PHP Object Injection vulnerability |
15.06.2026 |
7.2 |
| CVE-2026-39489 |
WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability |
15.06.2026 |
4.4 |
| CVE-2026-39491 |
WordPress JupiterX Core plugin <= 4.14.1 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-39492 |
WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability |
15.06.2026 |
9.3 |
| CVE-2026-39493 |
WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-39498 |
WordPress YayMail plugin <= 4.3.3 - PHP Object Injection vulnerability |
16.06.2026 |
7.2 |
| CVE-2026-39499 |
WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.19 - PHP Object Injection vulnerability |
15.06.2026 |
7.2 |
| CVE-2026-39502 |
WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability |
15.06.2026 |
9.3 |
| CVE-2026-39503 |
WordPress Easy Digital Downloads plugin <= 3.6.5 - Broken Access Control vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-39507 |
WordPress Social Slider Feed plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
7.1 |
| CVE-2026-39511 |
WordPress WP Photo Album Plus plugin <= 9.1.08.001 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-39512 |
WordPress GeoDirectory plugin <= 2.8.152 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-39513 |
WordPress Easy Appointments plugin <= 3.12.21 - Broken Access Control vulnerability |
15.06.2026 |
7.5 |
| CVE-2026-39514 |
WordPress Paid Member Subscriptions plugin <= 2.17.3 - Reflected Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
7.1 |
| CVE-2026-39515 |
WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-39518 |
WordPress EventPrime plugin <= 4.3.0.0 - Insecure Direct Object References (IDOR) vulnerability |
15.06.2026 |
7.1 |
| CVE-2026-39519 |
WordPress GeekyBot plugin <= 1.2.0 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-39524 |
WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-39525 |
WordPress Booking Activities plugin <= 1.16.48.1 - Broken Access Control vulnerability |
15.06.2026 |
6.5 |
| CVE-2026-39527 |
WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability |
15.06.2026 |
5.4 |
| CVE-2026-39530 |
WordPress SpeakOut! Email Petitions plugin <= 4.6.5 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-39532 |
WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability |
15.06.2026 |
8.8 |
| CVE-2026-39533 |
WordPress AWP Classifieds plugin <= 4.4.4 - Broken Access Control vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-39534 |
WordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-39540 |
WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
6.5 |
| CVE-2026-39579 |
WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability |
15.06.2026 |
8.8 |
| CVE-2026-39583 |
WordPress Datalogics Ecommerce Delivery plugin <= 2.6.62 - Privilege Escalation vulnerability |
16.06.2026 |
9.8 |
| CVE-2026-39584 |
WordPress RepairBuddy plugin <= 4.1132 - Broken Access Control vulnerability |
15.06.2026 |
6.5 |
| CVE-2026-39587 |
WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability |
16.06.2026 |
8.1 |
| CVE-2026-39591 |
WordPress WP-BusinessDirectory plugin <= 4.0.0 - Arbitrary File Upload vulnerability |
16.06.2026 |
9.9 |
| CVE-2026-39594 |
WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability |
15.06.2026 |
6.4 |
| CVE-2026-40727 |
WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability |
15.06.2026 |
7.7 |
| CVE-2026-40732 |
WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-40741 |
WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability |
15.06.2026 |
7.5 |
| CVE-2026-40743 |
WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-40762 |
WordPress WPGraphQL plugin < 2.11.1 - SQL Injection vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-40766 |
WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability |
15.06.2026 |
8.5 |
| CVE-2026-40767 |
WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability |
15.06.2026 |
7.5 |
| CVE-2026-40769 |
WordPress Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field plugin <= 1.0.6 - Arbitrary File Deletion vulnerability |
16.06.2026 |
8.6 |
| CVE-2026-40770 |
WordPress Coupon Affiliates plugin <= 7.5.3 - Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
7.1 |
| CVE-2026-40771 |
WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-40772 |
WordPress GeekyBot plugin <= 1.2.2 - Arbitrary File Upload vulnerability |
16.06.2026 |
10 |
| CVE-2026-40773 |
WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.9 - Broken Access Control vulnerability |
15.06.2026 |
6.5 |
| CVE-2026-40774 |
WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability |
15.06.2026 |
7.5 |
| CVE-2026-40775 |
WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability |
16.06.2026 |
7.3 |
| CVE-2026-40776 |
WordPress Eventin plugin <= 4.1.8 - Broken Access Control vulnerability |
15.06.2026 |
7.5 |
| CVE-2026-40779 |
WordPress Link Library plugin <= 7.8.8 - Arbitrary File Deletion vulnerability |
16.06.2026 |
7.7 |
| CVE-2026-40781 |
WordPress ReviewX plugin <= 2.3.6 - Broken Authentication vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-40782 |
WordPress WPAdverts plugin <= 2.3.0 - Broken Access Control vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-40785 |
WordPress AutomatorWP plugin <= 5.6.7 - Broken Authentication vulnerability |
15.06.2026 |
7.1 |
| CVE-2026-40787 |
WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-40788 |
WordPress ChatBot plugin <= 7.9.7 - Broken Access Control vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-40789 |
WordPress Amelia plugin <= 2.2 - Sensitive Data Exposure vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-40790 |
WordPress WP SMS plugin <= 7.2.1 - Sensitive Data Exposure vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-40791 |
WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-40792 |
WordPress KiviCare plugin <= 4.2.1 - Insecure Direct Object References (IDOR) vulnerability |
15.06.2026 |
6.3 |
| CVE-2026-40793 |
WordPress Groundhogg plugin < 4.4.1 - Broken Access Control vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-40794 |
WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-40795 |
WordPress Amelia plugin <= 2.2 - Broken Access Control vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-40796 |
WordPress WPPizza plugin <= 3.19.9 - Sensitive Data Exposure vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-40798 |
WordPress wpForo Forum plugin <= 3.0.4 - SQL Injection vulnerability |
15.06.2026 |
9.3 |
| CVE-2026-40799 |
WordPress Simple Cloudflare Turnstile plugin <= 1.38.0 - Broken Authentication vulnerability |
15.06.2026 |
5.8 |
| CVE-2026-41556 |
WordPress ProfilePress plugin <= 4.16.13 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-42378 |
WordPress WP Full Stripe Free plugin <= 8.4.1 - Broken Authentication vulnerability |
15.06.2026 |
6.5 |
| CVE-2026-42381 |
WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.1 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-42384 |
WordPress Simply Schedule Appointments plugin < 1.6.11.2 - Sensitive Data Exposure vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-42386 |
WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-42411 |
WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability |
15.06.2026 |
8.1 |
| CVE-2026-42639 |
WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-42640 |
WordPress Classified Listing plugin <= 5.3.8 - Broken Access Control vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-42649 |
WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-42650 |
WordPress AutomatorWP plugin <= 5.6.7 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.2 |
| CVE-2026-42651 |
WordPress Classified Listing plugin <= 5.3.9 - Broken Access Control vulnerability |
16.06.2026 |
6.3 |
| CVE-2026-42655 |
WordPress Best Payments Plugin for WP plugin <= 4.6.19 - Payment Bypass vulnerability |
15.06.2026 |
7.5 |
| CVE-2026-42656 |
WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-42657 |
WordPress Contest Gallery plugin <= 28.1.7 - Other Vulnerability Type vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-42658 |
WordPress Classified Listing plugin <= 5.3.8 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-42659 |
WordPress Advanced Form Integration plugin <= 1.126.12 - Broken Access Control vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-42660 |
WordPress Contest Gallery plugin <= 28.1.7 - Sensitive Data Exposure vulnerability |
15.06.2026 |
6.5 |
| CVE-2026-42661 |
WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability |
16.06.2026 |
8.8 |
| CVE-2026-42662 |
WordPress Event Tickets plugin <= 5.27.5 - Bypass Vulnerability vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-42663 |
WordPress Simple Membership plugin <= 4.7.2 - Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
6.5 |
| CVE-2026-42664 |
WordPress AI Product Search for WooCommerce – Motive Commerce Search plugin <= 1.38.2 - Broken Access Control vulnerability |
16.06.2026 |
8.2 |
| CVE-2026-42665 |
WordPress WP Data Access plugin <= 5.5.70 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-42666 |
WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-42667 |
WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-42668 |
WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.18.0 - Broken Authentication vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-42686 |
WordPress EventPrime plugin <= 4.3.2.1 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-42687 |
WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability |
16.06.2026 |
8.1 |
| CVE-2026-42688 |
WordPress Modula Image Gallery plugin <= 2.14.23 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-42743 |
WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-42752 |
WordPress Stripe Payments plugin <= 2.0.98 - Bypass Vulnerability vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-42775 |
WordPress AutomatorWP plugin <= 5.7.2 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-45437 |
WordPress Product Filter Widget for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
7.1 |
| CVE-2026-45439 |
WordPress Realtyna Organic IDX plugin plugin <= 5.1.0 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-45441 |
WordPress WpEvently plugin <= 5.3.3 - Other Vulnerability Type vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-47261 |
Wasmtime: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction |
16.06.2026 |
7.5 |
| CVE-2026-47825 |
Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations |
16.06.2026 |
8.6 |
| CVE-2026-48124 |
Cursor Desktop sandbox escape via Claude hook configuration |
15.06.2026 |
|
| CVE-2026-48518 |
MultiJuicer: Login CSRF allows attacker to force victims into their team |
16.06.2026 |
4.3 |
| CVE-2026-48708 |
OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination |
16.06.2026 |
7.5 |
| CVE-2026-48709 |
OliveTin: ValidateArgumentType API Endpoint Missing Authentication Allows Action and Argument Enumeration |
15.06.2026 |
3.7 |
| CVE-2026-48835 |
WordPress Contact Form by WPForms plugin <= 1.10.0.4 - Broken Access Control vulnerability |
15.06.2026 |
7.5 |
| CVE-2026-48836 |
WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability |
16.06.2026 |
10 |
| CVE-2026-48838 |
WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-48867 |
WordPress Quiz And Survey Master plugin <= 11.1.2 - Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
7.1 |
| CVE-2026-48868 |
WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR) vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-48870 |
WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-48871 |
WordPress MW WP Form plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
7.1 |
| CVE-2026-48872 |
WordPress EmbedPress plugin <= 4.5.2 - Sensitive Data Exposure vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-48873 |
WordPress Montonio for WooCommerce plugin <= 10.1.2 - Broken Access Control vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-48874 |
WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability |
15.06.2026 |
8.5 |
| CVE-2026-48876 |
WordPress Stop Spammers plugin <= 2026.3 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-48878 |
WordPress Visual Link Preview plugin <= 2.4.1 - Sensitive Data Exposure vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-48880 |
WordPress WP Job Portal plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
6.5 |
| CVE-2026-48881 |
WordPress TrueBooker plugin <= 1.1.9 - Broken Access Control vulnerability |
15.06.2026 |
9.1 |
| CVE-2026-48882 |
WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability |
16.06.2026 |
8.5 |
| CVE-2026-48883 |
WordPress WPC Product Bundles for WooCommerce plugin <= 8.5.3 - Broken Access Control vulnerability |
15.06.2026 |
7.5 |
| CVE-2026-48885 |
WordPress HollerBox plugin <= 2.3.10.1 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-48886 |
WordPress JS Help Desk plugin <= 3.0.9 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-48887 |
WordPress JS Help Desk plugin <= 3.0.9 - Broken Access Control vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-48889 |
WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability |
16.06.2026 |
8.8 |
| CVE-2026-48964 |
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.6 - SQL Injection vulnerability |
16.06.2026 |
8.5 |
| CVE-2026-48965 |
WordPress XCloner plugin <= 4.8.6 - Sensitive Data Exposure vulnerability |
15.06.2026 |
6.5 |
| CVE-2026-48966 |
WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.2 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-48970 |
WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability |
16.06.2026 |
8.1 |
| CVE-2026-49043 |
WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability |
16.06.2026 |
4.7 |
| CVE-2026-49055 |
WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.9.7 - Cross Site Scripting (XSS) vulnerability |
16.06.2026 |
7.1 |
| CVE-2026-49056 |
WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.9.4 - Sensitive Data Exposure vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-49061 |
WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability |
15.06.2026 |
7.5 |
| CVE-2026-49063 |
WordPress Listdom plugin <= 5.5.0 - Privilege Escalation vulnerability |
16.06.2026 |
7.3 |
| CVE-2026-49065 |
WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability |
16.06.2026 |
8.2 |
| CVE-2026-49066 |
WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-49067 |
WordPress Advanced 301 and 302 Redirect plugin <= 1.6.9 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-49068 |
WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-49070 |
WordPress Knit Pay plugin <= 9.4.0.0 - Broken Access Control vulnerability |
15.06.2026 |
7.5 |
| CVE-2026-49078 |
WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-49082 |
WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons plugin <= 1.4.8 - Sensitive Data Exposure vulnerability |
16.06.2026 |
7.4 |
| CVE-2026-49083 |
WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-49085 |
WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability |
16.06.2026 |
9.8 |
| CVE-2026-49104 |
WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerability |
16.06.2026 |
9.8 |
| CVE-2026-49105 |
WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability |
15.06.2026 |
9.8 |
| CVE-2026-49106 |
WordPress Integration for Contact Form 7 and Constant Contact plugin <= 1.1.6 - PHP Object Injection vulnerability |
16.06.2026 |
9.8 |
| CVE-2026-49109 |
WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.3 - PHP Object Injection vulnerability |
16.06.2026 |
9.8 |
| CVE-2026-49110 |
WordPress Upsell Order Bump Offer for WooCommerce plugin <= 3.1.4 - Price Manipulation vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-49112 |
WordPress Shared Files plugin <= 1.7.64 - Path Traversal vulnerability |
15.06.2026 |
7.5 |
| CVE-2026-49763 |
WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection vulnerability |
15.06.2026 |
9.8 |
| CVE-2026-49764 |
WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability |
15.06.2026 |
9.8 |
| CVE-2026-49765 |
WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.8 - PHP Object Injection vulnerability |
16.06.2026 |
9.8 |
| CVE-2026-49766 |
WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability |
16.06.2026 |
9.9 |
| CVE-2026-49768 |
WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability |
16.06.2026 |
9.8 |
| CVE-2026-49769 |
WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability |
15.06.2026 |
9.8 |
| CVE-2026-49770 |
WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability |
16.06.2026 |
9.8 |
| CVE-2026-49773 |
WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
6.5 |
| CVE-2026-49775 |
WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability |
16.06.2026 |
6.5 |
| CVE-2026-49776 |
WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.32.6 - SQL Injection vulnerability |
16.06.2026 |
9.3 |
| CVE-2026-49780 |
WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability |
16.06.2026 |
8.8 |
| CVE-2026-49781 |
WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability |
16.06.2026 |
9.8 |
| CVE-2026-52692 |
WordPress Affiliates Manager plugin <= 2.9.50 - Sensitive Data Exposure vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-52693 |
WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability |
15.06.2026 |
9.3 |
| CVE-2026-52694 |
WordPress Signature Add-On for WooCommerce plugin <= 2.0 - Sensitive Data Exposure vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-52695 |
WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-52697 |
WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability |
16.06.2026 |
8.5 |
| CVE-2026-52699 |
WordPress VikRentCar plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerability |
16.06.2026 |
7.5 |
| CVE-2026-52700 |
WordPress WCMultiShipping plugin <= 3.0.2 - SQL Injection vulnerability |
16.06.2026 |
8.5 |
| CVE-2026-52702 |
WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability |
15.06.2026 |
7.1 |
| CVE-2026-52703 |
WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability |
16.06.2026 |
9.6 |
| CVE-2026-9691 |
WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability |
16.06.2026 |
9.8 |
| CVE-2025-55641 |
|
15.06.2026 |
|
| CVE-2025-55642 |
|
15.06.2026 |
|
| CVE-2025-55643 |
|
15.06.2026 |
|
| CVE-2025-55644 |
|
15.06.2026 |
|
| CVE-2025-55645 |
|
15.06.2026 |
|
| CVE-2025-55647 |
|
15.06.2026 |
|
| CVE-2025-55648 |
|
15.06.2026 |
|
| CVE-2025-55649 |
|
15.06.2026 |
|
| CVE-2025-55650 |
|
15.06.2026 |
|
| CVE-2025-55652 |
|
15.06.2026 |
|
| CVE-2025-55660 |
|
15.06.2026 |
|
| CVE-2025-55661 |
|
15.06.2026 |
|
| CVE-2025-55663 |
|
15.06.2026 |
|
| CVE-2025-56814 |
|
15.06.2026 |
|
| CVE-2025-68713 |
|
16.06.2026 |
|
| CVE-2025-70102 |
|
16.06.2026 |
|
| CVE-2026-11931 |
Insecure Permissions on Authentication Token Cache File in Kiro IDE |
15.06.2026 |
|
| CVE-2026-30120 |
|
16.06.2026 |
|
| CVE-2026-30121 |
|
16.06.2026 |
|
| CVE-2026-36213 |
|
16.06.2026 |
|
| CVE-2026-36521 |
|
15.06.2026 |
|
| CVE-2026-36537 |
|
16.06.2026 |
|
| CVE-2026-36670 |
|
16.06.2026 |
|
| CVE-2026-36933 |
|
16.06.2026 |
|
| CVE-2026-37216 |
|
15.06.2026 |
|
| CVE-2026-38060 |
|
15.06.2026 |
|
| CVE-2026-38061 |
|
15.06.2026 |
|
| CVE-2026-38062 |
|
15.06.2026 |
|
| CVE-2026-38063 |
|
15.06.2026 |
|
| CVE-2026-38064 |
|
15.06.2026 |
|
| CVE-2026-38065 |
|
15.06.2026 |
|
| CVE-2026-38329 |
|
16.06.2026 |
|
| CVE-2026-38812 |
|
16.06.2026 |
|
| CVE-2026-39006 |
|
16.06.2026 |
|
| CVE-2026-39007 |
|
16.06.2026 |
|
| CVE-2026-39118 |
|
15.06.2026 |
|
| CVE-2026-39196 |
|
16.06.2026 |
|
| CVE-2026-39197 |
|
15.06.2026 |
|
| CVE-2026-41708 |
Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability |
15.06.2026 |
7.5 |
| CVE-2026-45388 |
|
16.06.2026 |
|
| CVE-2026-45389 |
|
16.06.2026 |
|
| CVE-2026-45390 |
|
16.06.2026 |
|
| CVE-2026-47835 |
Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores |
15.06.2026 |
8.6 |
| CVE-2026-48114 |
Metacat has an unauthenticated SQL injection vulnerability |
15.06.2026 |
9.8 |
| CVE-2026-49952 |
Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle |
16.06.2026 |
|
| CVE-2026-49953 |
Discuz! X5.0 CAPTCHA Bypass via Predictable Character Set |
16.06.2026 |
|
| CVE-2026-49954 |
Discuz! X5.0 Local File Inclusion via enable_disable.php Plugin Directory |
16.06.2026 |
|
| CVE-2026-50869 |
|
16.06.2026 |
|
| CVE-2026-50870 |
|
16.06.2026 |
|
| CVE-2026-50871 |
|
16.06.2026 |
|
| CVE-2026-50872 |
|
16.06.2026 |
|
| CVE-2026-50873 |
|
16.06.2026 |
|
| CVE-2026-50874 |
|
15.06.2026 |
|
| CVE-2026-50875 |
|
15.06.2026 |
|
| CVE-2026-50876 |
|
15.06.2026 |
|
| CVE-2026-50877 |
|
16.06.2026 |
|
| CVE-2026-50878 |
|
16.06.2026 |
|
| CVE-2026-50879 |
|
16.06.2026 |
|
| CVE-2026-50880 |
|
16.06.2026 |
|
| CVE-2026-50881 |
|
15.06.2026 |
|
| CVE-2026-50882 |
|
16.06.2026 |
|
| CVE-2026-50883 |
|
16.06.2026 |
|
| CVE-2026-50884 |
|
15.06.2026 |
|
| CVE-2026-50885 |
|
16.06.2026 |
|
| CVE-2026-50886 |
|
16.06.2026 |
|
| CVE-2026-50887 |
|
16.06.2026 |
|
| CVE-2026-50888 |
|
15.06.2026 |
|
| CVE-2026-50889 |
|
15.06.2026 |
|
| CVE-2026-50890 |
|
15.06.2026 |
|
| CVE-2026-50891 |
|
15.06.2026 |
|
| CVE-2026-50892 |
|
15.06.2026 |
|
| CVE-2026-52718 |
Gstreamer1-plugins-bad-free: gstreamer: denial of service via av1 tile_list_obu parser byte/bit confusion |
15.06.2026 |
|
| CVE-2026-52719 |
Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds read via jpeg segment length validation in va decoder |
16.06.2026 |
|
| CVE-2026-52720 |
Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb |
15.06.2026 |
|
| CVE-2026-52721 |
Gstreamer1-plugins-bad-free: gstreamer: multiple out-of-bounds reads in pcapparse ipv4/tcp header parsing |
15.06.2026 |
|
| CVE-2026-52722 |
Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor payload handling |
15.06.2026 |
|
| CVE-2026-53703 |
Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer audio stream header parser |
15.06.2026 |
|
| CVE-2026-53704 |
Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer fileinfo metadata parser |
16.06.2026 |
|
| CVE-2026-53705 |
Gstreamer1-plugins-good: gstreamer: heap buffer overflow in wavpack decoder via integer overflow |
16.06.2026 |
|
| CVE-2026-54292 |
|
15.06.2026 |
|
| CVE-2026-54294 |
|
15.06.2026 |
|
| CVE-2026-54295 |
|
15.06.2026 |
|
| CVE-2026-54296 |
|
15.06.2026 |
|
| CVE-2026-54444 |
|
15.06.2026 |
|