2868 matches found
CVE-2026-49083 WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
Contributor Privilege Escalation in LatePoint = 5.5.1 versions...
CVE-2026-49083
Summary: CVE-2026-49083 affects the WordPress LatePoint plugin and is a privilege-escalation vulnerability in versions ≤ 5.5.1. What’s affected: WordPress LatePoint plugin (versions up to and including 5.5.1). Impact (as per provided metrics): CVSS 3.1 base score 7.5 (High), with network attack v...
EUVD-2026-36871
Unauthenticated Privilege Escalation in Listdom = 5.5.0 versions...
CVE-2026-49063 WordPress Listdom plugin <= 5.5.0 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Listdom = 5.5.0 versions...
CVE-2026-48970 WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...
EUVD-2026-36866
Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...
EUVD-2026-36855
Subscriber Cross Site Scripting XSS in WP Job Portal = 2.5.2 versions...
CVE-2026-42665
Summary (CVE-2026-42665): Unauthenticated SQL Injection in the WordPress plugin “WP Data Access” (versions
EUVD-2026-36723
Subscriber Broken Access Control in Really Simple SSL = 9.5.9 versions...
PT-2026-49407
Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...
PT-2026-49547
Name of the Vulnerable Software and Affected Versions Canon EOS Network Setting Tool versions prior to 1.5.1 Description The software employs weak SSH cryptographic algorithms, which are encryption methods used to secure communication over the Secure Shell SSH protocol that are no longer consider...
PT-2026-49480
Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...
CVE-2026-45328
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...
📄 Craft CMS 5.9.5 Missing Authorization / Authentication Bypass
This script is an assessment and exploitation framework targeting a missing authorization vulnerability in affected versions of Craft CMS that may permit unauthorized access to privileged migration functionality. Versions 5.9.5 and below are affected...
CVE-2026-48268
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
CVE-2026-47982
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
CVE-2026-47950
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
RHSA-2026:24761 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update
Bulletin has no description...
CVE-2026-10721
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...
EUVD-2026-35616
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...