148449 matches found
EUVD-2026-39691
Unauthenticated Privilege Escalation in Easy Elements for Elementor Addons & Website Templates = 1.4.9 versions...
CVE-2026-56028
CVE-2026-56028 describes an unauthenticated privilege-escalation vulnerability in the WordPress plugin Easy Elements for Elementor – Addons & Website Templates (versions
CVE-2026-56028 WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Easy Elements for Elementor Addons & Website Templates = 1.4.9 versions...
PT-2026-52744
Name of the Vulnerable Software and Affected Versions Easy Elements for Elementor – Addons & Website Templates versions prior to 1.5.0 Description An unauthenticated privilege escalation issue exists, allowing an attacker to gain higher-level permissions without providing valid credentials...
CVE-2026-57619
CVE-2026-57619 affects the WordPress Elementor Website Builder plugin (versions ≤ 4.1.3). The issue is a Sensitive Data Exposure vulnerability caused by the component/flow described in the sources. The CVSS 3.1 base score is 6.5 (MEDIUM) with network attack vector, low attack complexity, and priv...
EUVD-2026-39361
Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...
CVE-2026-57619 WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability
Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...
WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Steven Julian in WordPress Plugin Elementor Website Builder versions = 4.1.3...
PT-2026-52439
Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...
CVE-2019-5319
creationtimestamp| type| source ---|---|--- 2026-06-24 15:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mp2amxhblq2q...
CVE-2026-7165
The vulnerability is present in the ‘/addJugador’ endpoint: The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of other users’ information without requiring prior authorization validation. This could enable an authenticated attacker to alter any user’s ID and change their...
New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer
Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute the malware. Evidenc...
Astra Linux – Vulnerability in WebKit2GTK
There was an issue with URL handling that caused spoofing. This issue has been addressed through improved input validation. This issue is fixed in iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, and Safari 16.2. Visiting a malicious website may result in address bar spoofing...
Astra Linux – Vulnerability in WebKit2GTK
A logic issue has been resolved through improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6, iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, and watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers...
Astra Linux – Vulnerability in emacs
A command injection flaw was discovered in the text editor Emacs. This flaw could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirec...
PT-2026-50500
Name of the Vulnerable Software and Affected Versions Cisco Webex App affected versions not specified Description An issue in the browser-based version of the application allows an unauthenticated remote attacker to redirect users to a malicious webpage. This occurs due to improper input validati...
CVE-2026-7516
A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents...
CVE-2026-28301
A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...
CVE-2026-48265
This CVE affects Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier. It is a DOM-based Cross-Site Scripting (XSS) vulnerability where an attacker can cause malicious JavaScript to run in a victim’s browser by manipulating the DOM. Exploitation requires user interaction (the vi...
CVE-2026-49741
creationtimestamp| type| source ---|---|--- 2026-06-09 11:47:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnu4ssm3pq2p 2026-06-10 03:07:26+00:00| seen| https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-typo3-cms 2026-06-10 13:15:36+00:00| seen|...