22475 matches found
EUVD-2026-36784
Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...
EUVD-2026-36793
Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...
EUVD-2026-36746
PublicCMS V5.202506.d has a Cross Site Scripting XSS vulnerability in the site configuration management module...
CVE-2026-49780
Customer Privilege Escalation in Dokan = 5.0.2 versions...
CVE-2026-48970
Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...
CVE-2026-48883
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...
CVE-2026-48868
Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...
CVE-2026-48872
Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...
CVE-2026-48871
Unauthenticated Cross Site Scripting XSS in MW WP Form = 5.1.3 versions...
CVE-2026-45441
Unauthenticated Other Vulnerability Type in WpEvently = 5.3.3 versions...
CVE-2026-42658
Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...
CVE-2026-42651
Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...
CVE-2026-40785
Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...
CVE-2026-40732
Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...
CVE-2026-39524
Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...
CVE-2026-39489
Author Arbitrary File Download in Download Monitor = 5.1.9 versions...
CVE-2026-39468
Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework = 5.11.1 versions...
CVE-2026-39472
Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips 5.9.0 versions...
CVE-2026-34901
Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...
CVE-2026-34898
Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce = 1.5.3 versions...