160561 matches found
EUVD-2026-36814
Unauthenticated Broken Authentication in CloudSecure WP Security = 1.4.7 versions...
CVE-2026-42411 WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in CloudSecure WP Security = 1.4.7 versions...
CVE-2026-42411
CVE-2026-42411 affects the WordPress CloudSecure WP Security plugin (versions
EUVD-2026-36810
Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...
CVE-2026-42378 WordPress WP Full Stripe Free plugin <= 8.4.1 - Broken Authentication vulnerability
Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...
CVE-2026-42378
CVE-2026-42378 concerns the WordPress plugin WP Full Stripe Free (versions
CVE-2026-40799 WordPress Simple Cloudflare Turnstile plugin <= 1.38.0 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...
EUVD-2026-36808
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...
CVE-2026-40799 WordPress Simple Cloudflare Turnstile plugin <= 1.38.0 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...
CVE-2026-40799
CVE-2026-40799 affects the WordPress plugin Simple Cloudflare Turnstile (versions
CVE-2026-40785 WordPress AutomatorWP plugin <= 5.6.7 - Broken Authentication vulnerability
Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...
CVE-2026-40785 WordPress AutomatorWP plugin <= 5.6.7 - Broken Authentication vulnerability
Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...
CVE-2026-40785
CVE-2026-40785 concerns WordPress AutomatorWP plugin
CVE-2026-40781
CVE-2026-40781 affects the WordPress ReviewX plugin ≤ 2.3.6. Root cause: unauthenticated broken authentication vulnerability leading to high-severity impact (CVSSv3.1 base score 7.5; Network attack vector, no user interaction, no privileges required; integrity impact HIGH). Affected software is t...
CVE-2026-39450 WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability
Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...
CVE-2026-39450
CVE-2026-39450 concerns the WordPress FunnelKit Automations plugin, version
CVE-2026-39450 WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability
Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...
GHSA-WQP7-X3PW-XC5R Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows
Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as \attacker.com\share reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...
CVE-2026-45389
In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...
CVE-2026-38329
Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...