235 matches found
EUVD-2026-37630
Subscriber SQL Injection in Cornerstone 7.8.8 versions...
CVE-2026-54185
Subscriber SQL Injection in Cornerstone 7.8.8 versions...
CVE-2026-54185 WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability
Subscriber SQL Injection in Cornerstone 7.8.8 versions...
CVE-2026-49113
The CVE-2026-49113 entry concerns the WordPress Cornerstone plugin, affected versions earlier than 7.8.8. It describes a Subscriber-level Arbitrary Code Execution vulnerability, with CVSSv3.1 metrics indicating a NETWORK attack vector, HIGH impact on confidentiality, integrity, and availability, ...
Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...
CVE-2026-48874
Subscriber SQL Injection in GamiPress = 7.8.7 versions...
CVE-2026-49068
The CVE concerns the WordPress Coupon Affiliates plugin (versions
EUVD-2026-36867
Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...
PT-2026-49421
Contributor Arbitrary File Deletion in Link Library = 7.8.8 versions...
CVE-2026-47248 Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL...
WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP Migrate Lite versions = 2.7.8...
WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Stefano in WordPress Plugin Coupon Affiliates versions = 7.8.1...
WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by kai63001 in WordPress Plugin GamiPress versions = 7.8.7...
CVE-2026-6495
The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2026-3829 WP Encryption - One Click SSL & Force HTTPS <= 7.8.5.10 - Missing Authorization to Authenticated (Subscriber+) SSL Setup Tampering
The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wplebasicgetrequests' function in all versions up to, and including, 7.8.5.10. This makes...
CVE-2026-28950
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly retained on the devi...
CVE-2026-41460
SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this...
📄 SocialEngine 7.8.0 Server-Side Request Forgery
SocialEngine versions 7.8.0 and below suffer from a blind server-side request forgery vulnerability. User input passed through the uri request parameter to the /core/link/preview endpoint is not properly sanitized before being used as URL to send an HTTP request from the web server...
CVE-2026-28950
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly retained on the device...
PT-2026-34534
Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.8 iOS versions prior to 26.4.2 iPadOS versions prior to 18.7.8 iPadOS versions prior to 26.4.2 Description A logging issue in the Notification Services system component allowed notifications marked for deletion to be...