WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting

The Easy Forms for Mailchimp plugin before version 6.8.9 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the sqlerror parameter before outputting it back in the page when the debug option is enabled, which could allow attackers to execute...

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

ZEROF Web Server 2.0 - Cross-Site Scripting

ZEROF Web Server 2.0 allows /admin.back cross-site scripting. id: CVE-2022-25323 info: name: ZEROF Web Server 2.0 - Cross-Site Scripting author: pikpikcu severity: medium description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting. impact: | Successful exploitation of this...

Schools Alert Management Script - Arbitrary File Read

Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. id: CVE-2018-12054 info: name: Schools Alert Management Script - Arbitrary File Read author: wisnupramoedya severity: high description: Schools Alert...

WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting

WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting within the extension parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This can allow an attacker to convince an authenticated admin into clicking a link to run...

CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

CVE-2026-8876

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...

CVE-2026-8876

The CERT/Kb entry for CVE-2026-8876 states that Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js, which decrypt crisis alert keyword data and intervention site data. This is a cryptographic weakness in the affected component, enabling p...

EUVD-2026-34162

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...

CVE-2026-8876 CVE-2026-8876

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...

CVE-2026-8876

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...

CVE-2026-35083

creationtimestamp| type| source ---|---|--- 2026-06-03 12:54:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnf5qnwy422d 2026-06-03 22:00:44+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mng4blz6vn2e...

CVE-2026-20230

creationtimestamp| type| source ---|---|--- 2026-06-03 12:22:10+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/cisco-security-advisory-av26-547 2026-06-03 23:03:34+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mng7rwuf3i2c...

WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection

WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute...

CVE-2025-14771

creationtimestamp| type| source ---|---|--- 2026-06-03 06:01:01+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/control-systems-abb-security-advisory-av26-545 2026-06-03 11:29:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mneyz2dgnr2o 2026-06-03 14:01:41+00:00| seen|...

PT-2026-46049

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software contains hardcoded, plaintext AES passphrases within the securly.min.js file. These passphrases are used to decrypt intervention site data and crisis alert keyword data...

CVE-2026-33245

creationtimestamp| type| source ---|---|--- 2026-06-02 21:01:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndiiziwpy2q 2026-06-02 23:26:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndqlviq3g23...

CVE-2026-28573

creationtimestamp| type| source ---|---|--- 2026-06-02 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/samsung-products-multiple-vulnerabilities20260603...

How Leading Organizations Are Turning EDR Into Operational Resilience

Most organizations now recognize that endpoint protection alone is no longer sufficient. That's why adoption of endpoint detection and response EDR has accelerated rapidly in recent years. Organizations understand that modern attacks move faster, evade traditional prevention controls, and require...

CVE-2026-10248

creationtimestamp| type| source ---|---|--- 2026-06-01 13:15:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mna5ytcuww2i...