ZEROF Web Server 2.0 - Cross-Site Scripting

ZEROF Web Server 2.0 allows /admin.back cross-site scripting. id: CVE-2022-25323 info: name: ZEROF Web Server 2.0 - Cross-Site Scripting author: pikpikcu severity: medium description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting. impact: | Successful exploitation of this...

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting

The Easy Forms for Mailchimp plugin before version 6.8.9 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the sqlerror parameter before outputting it back in the page when the debug option is enabled, which could allow attackers to execute...

WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection

WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute...

WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting

WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting within the extension parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This can allow an attacker to convince an authenticated admin into clicking a link to run...

CVE-2026-50195

creationtimestamp| type| source ---|---|--- 2026-06-19 01:31:49+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mom72udh7u25 2026-06-19 09:11:46+00:00| seen| https://bsky.app/profile/canartuc.com/post/3momyrcpuo42y 2026-06-19 10:03:46+00:00| seen|...

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

Schools Alert Management Script - Arbitrary File Read

Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. id: CVE-2018-12054 info: name: Schools Alert Management Script - Arbitrary File Read author: wisnupramoedya severity: high description: Schools Alert...

CVE-2026-54223

creationtimestamp| type| source ---|---|--- 2026-06-18 05:55:00+00:00| seen| https://cert.pl/en/posts/2026/06/CVE-2026-54219 2026-06-18 16:08:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mol7lg5tfb27...

EUVD-2026-37584

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

CVE-2026-54803

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

CVE-2026-47340

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

CVE-2026-54803

CVE-2026-54803 affects the WordPress plugin SMS Alert Order Notifications up to version 3.9.4, with a subscriber privilege escalation vulnerability. Documents confirm affected product (WordPress plugin), vulnerable component (the plugin’s order notifications), and impact (privilege escalation for...

CVE-2026-54803 WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

CVE-2026-54802

CVE-2026-54802 affects the WordPress plugin “SMS Alert Order Notifications” (versions

CVE-2026-54802 WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

CVE-2026-47340 Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

CVE-2026-46766

creationtimestamp| type| source ---|---|--- 2026-06-17 05:31:59+00:00| seen| https://www.acn.gov.it/portale/w/critical-patch-update-di-oracle-8...

CVE-2026-46832

creationtimestamp| type| source ---|---|--- 2026-06-16 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1923 2026-06-17 05:31:59+00:00| seen| https://www.acn.gov.it/portale/w/critical-patch-update-di-oracle-8 2026-06-17 20:07:08+00:00| seen|...

CVE-2026-46875

creationtimestamp| type| source ---|---|--- 2026-06-16 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1923 2026-06-17 05:31:59+00:00| seen| https://www.acn.gov.it/portale/w/critical-patch-update-di-oracle-8...