3735 matches found
CVE-2026-57624
CVE-2026-57624 : Unauthenticated Remote Code Execution in WordPress Blocksy Companion Pro plugin (versions
CVE-2026-56011
CVE-2026-56011 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress plugin mapPress Maps for WordPress, affected versions are ≤ 2.97.3. The vulnerability is documented across multiple sources (NVD, CVE databases, and PatchStack) with consistent impact: XSS that c...
CVE-2026-52813
Gogs prior to 0.14.3 is vulnerable: organization names containing path traversal sequences (../) cause repositories to be written to arbitrary filesystem locations. By creating nested Git repo structures, an attacker can overwrite a repository’s hooks (notably hooks/update) and trigger Remote Cod...
CVE-2026-10735
CVE-2026-10735 concerns a supply‑chain compromise of ShapedPlugin Pro plugins (Product Slider Pro for WooCommerce, Real Testimonials Pro, Smart Post Show Pro) delivered via the vendor update server. Technical details show a stage 1 loader in src/Includes/LicenseLoader.php that runs on admin init ...
CVE-2026-55255
Langflow4: CVE-2026-55255 describes an IDOR in POST /api/v1/responses that lets an authenticated user execute another user’s flow by supplying the victim’s flow ID. Root cause: get_flow_by_id_or_endpoint_name queries by UUID without verifying ownership in both UUID and endpoint_name paths, enabli...
CVE-2026-28496
CVE-2026-28496 (FOSSBilling) affects versions prior to 0.8.0, where a Server-Side Template Injection (SSTI) in Twig template rendering allows an attacker with access to template-rendering features (email templates, mass mail campaigns, custom payment adapters, string_render API) to inject arbitra...
CVE-2026-7515
CVE-2026-7515 affects the BetterDocs Pro WordPress plugin (
CVE-2026-12569
This CVE affects PTC Windchill PDMlink and PTC FlexPLM (and CPS) with a critical remote code execution via deserialization of untrusted data. Affected versions are Windchill PDMlink and FlexPLM prior to 11.0 M030 (per multiple sources), with remediation to 11.0 M030 or later. The issue is exploit...
CVE-2026-20262
Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) exposes an Arbitrary File Write vulnerability in its web UI. An authenticated, lower-privileged user can craft requests to a file-upload API endpoint to create/overwrite files on the OS, with potential for root escalation. Cisco has released...
CVE-2026-48969
CVE-2026-48969 describes a Broken Access Control vulnerability in the WordPress plugin Really Simple SSL prior to or equal to version 9.5.9 . The initial description and connected records confirm the affected product and version range; the CVSS metrics indicate a Network attack vector with Low pr...
CVE-2026-54420
CVE-2026-54420 is a symlink-following vulnerability in LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM Plugin before 5.3.2.0). A user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS can abuse improperly validated symbolic links to access or ...
CVE-2026-48558
Summary of vulnerability (CVE-2026-48558) : SimpleHelp versions 5.5.15 and earlier and 6.0 pre-release contain an authentication bypass in the OpenID Connect (OIDC) flow. When OIDC is configured, identity tokens are accepted without cryptographic signature verification, allowing a remote, unauthe...
CVE-2026-42653
The CVE-2026-42653 vulnerability affects the WordPress SliceWP plugin (
CVE-2026-39494
The CVE-2026-39494 entry concerns WordPress Product Filter by WBW plugin
CVE-2026-42647
CVE-2026-42647 affects the WordPress plugin JoomSport
CVE-2026-49060
The CVE-2026-49060 entry concerns the WordPress plugin Hippoo Mobile App for WooCommerce. Affected: Hippoo Mobile App for WooCommerce plugin versions up to 1.9.4. Issue: Incorrect Privilege Assignment leading to Privilege Escalation. Impact: high risk across confidentiality, integrity, and availa...
CVE-2026-10795
UpdraftPlus (WordPress plugin)
CVE-2026-35273
CVE-2026-35273 is a remote, unauthenticated RCE in Oracle PeopleSoft Enterprise PeopleTools Updates Environment Management (PSEMHUB) affecting PeopleTools 8.61 and 8.62. Vendor advisories describe the flaw as a high-severity, network-exposed vulnerability with CVSS v3.1 score 9.8. Exploitation ha...
CVE-2026-20253
Summary: CVE-2026-20253 affects Splunk Enterprise and Splunk Cloud Platform due to an unauthenticated PostgreSQL sidecar service endpoint that can create or truncate arbitrary files when exposed on the network. Affected software/versions (per sources): Splunk Enterprise < 10.2.4 and < 10.0....
CVE-2026-53435
CVE-2026-53435 affects Jenkins 2.567 and earlier, including LTS 2.555.2 and earlier. The root cause is unsafe deserialization due to a deserialization sink that bypasses a ClassFilter, allowing an attacker who can POST a config.xml to deserialize arbitrary core/plugin types and reach them via HTT...