415 matches found
CVE-2026-14403
creationtimestamp| type| source ---|---|--- 2026-07-02 00:18:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpmqzc7uwk2k 2026-07-02 08:25:21+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702 2026-07-02 16:51:23+00:00| seen|...
WordPress Child theme Wizard plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Child Theme Wizard versions = 1.4...
PT-2026-52825
Name of the Vulnerable Software and Affected Versions Child Theme Wizard versions 1.4 and earlier Description An unauthenticated Cross Site Request Forgery CSRF exists, which allows attackers to force users to execute unwanted actions. CSRF is a type of attack that tricks a victim into submitting...
EUVD-2026-35091
phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing...
UBUNTU-CVE-2026-54516
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...
EUVD-2026-38590
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...
CVE-2026-11833
Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages:...
CVE-2026-45840 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-45840 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46068 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46068 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
PT-2026-50801
Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.4 Description Missing authorization in the public API allows users to bypass role permission checks. The system only verifies a shared API key header via the hasValidToken function instead of validating individua...
EUVD-2025-210253
Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...
EUVD-2026-37592
Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...
CVE-2026-48869
Unauthenticated Cross Site Scripting XSS in Enfold = 7.1.4 versions...
CVE-2026-40723
Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...
CVE-2026-35265
Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: Security. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successfu...
CVE-2025-69122
CVE-2025-69122 affects WordPress SeaFood Company theme versions up to 1.4. It describes an unauthenticated PHP Object Injection vulnerability with a CVSS v3.1 base score of 9.8 (NETWORK, NONE/LOW ACCESS, HIGH impact on confidentiality, integrity, and availability). The connected documents confirm...
CVE-2026-39574
Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...
PT-2026-50113
Unauthenticated PHP Object Injection in Roisin = 1.4 versions...
PT-2026-50081
Unauthenticated PHP Object Injection in SeaFood Company = 1.4 versions...
PT-2026-49510
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...