363520 matches found
CVE-2026-56027 WordPress Booster for WooCommerce plugin <= 8.0.1 - Arbitrary File Upload vulnerability
Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...
CVE-2026-56028 WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Easy Elements for Elementor Addons & Website Templates = 1.4.9 versions...
CVE-2026-56025 WordPress Paymob for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Paymob for WooCommerce = 4.1.2 versions...
CVE-2026-56026 WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability
Subscriber Server Side Request Forgery SSRF in utm.codes = 1.9.0 versions...
CVE-2026-56011 WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in MapPress Maps for WordPress = 2.97.3 versions...
CVE-2026-56010 WordPress Abandoned Cart Pro for WooCommerce plugin <= 10.4.0 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce = 10.4.0 versions...
CVE-2026-56008 WordPress Fusion Builder plugin <= 3.15.4 - Privilege Escalation vulnerability
Contributor Privilege Escalation in Fusion Builder = 3.15.4 versions...
CVE-2026-54847 WordPress Stylish Cost Calculator plugin <= 8.3.9 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Stylish Cost Calculator = 8.3.9 versions...
CVE-2026-54840 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Newsletters = 4.13 versions...
CVE-2026-54846 WordPress Syncee Premium Dropshipping & Wholesale plugin <= 1.0.27 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale = 1.0.27 versions...
CVE-2026-54839 WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin <= 2.0.9 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Trinity Backup Backup, Migrate, Restore, Clone & Schedule Backups = 2.0.9 versions...
CVE-2026-54835 WordPress Five Star Restaurant Menu plugin <= 2.5.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Five Star Restaurant Menu = 2.5.2 versions...
CVE-2026-54837 WordPress Intranet & Private Site – All-In-One Intranet plugin <= 1.8.1 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Intranet & Private Site All-In-One Intranet = 1.8.1 versions...
CVE-2026-54834 WordPress Object Cache 4 everyone plugin <= 2.3.2 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...
CVE-2026-54833 WordPress Enable CORS plugin <= 2.0.3 - Backdoor vulnerability
Unauthenticated Backdoor in Enable CORS = 2.0.3 versions...
CVE-2026-54832 WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...
CVE-2026-54831 WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability
Unauthenticated SQL Injection in GeoDirectory = 2.8.162 versions...
CVE-2026-54827 WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability
Unauthenticated SQL Injection in Real Estate 7 = 3.5.9 versions...
CVE-2026-54826 WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerability
Subscriber Insecure Direct Object References IDOR in SupportCandy = 3.4.6 versions...
CVE-2026-54825 WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability
Unauthenticated SQL Injection in wpDataTables = 7.4 versions...
CVE-2026-54824 WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Ads by WPQuads = 3.0.3 versions...
CVE-2026-54820 WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetBooking = 4.0.4.1 versions...
CVE-2026-52701 WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration = 5.2.2 versions...
CVE-2025-68075 WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in BNE Testimonials = 2.0.8 versions...
CVE-2026-24547 WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in SiteGround Email Marketing = 1.7.5 versions...
CVE-2025-68074 WordPress Image Carousel plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in Image Carousel = 1.0.0.41 versions...
CVE-2025-68064 WordPress Goya Core plugin < 1.0.9.4 - Local File Inclusion vulnerability
Contributor Local File Inclusion in Goya Core 1.0.9.4 versions...
CVE-2025-68063 WordPress Splash - Sport Club WordPress theme for Basketball, Football, Hockey theme <= 4.4.3 - Local File Inclusion vulnerability
Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey = 4.4.3 versions...
CVE-2025-68052 WordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Eagle Booking = 1.3.4.3 versions...
CVE-2025-64637 WordPress Auros Core plugin <= 5.3.1 - Content Injection vulnerability
Unauthenticated Content Injection in Auros Core = 5.3.1 versions...
CVE-2025-66123 WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in BookPro = 1.1.0 versions...
CVE-2025-64636 WordPress Donation Thermometer plugin <= 2.2.7 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Donation Thermometer = 2.2.7 versions...
CVE-2025-63079 WordPress Live Copy Paste for Elementor plugin <= 1.5.3 - Broken Access Control vulnerability
Contributor Broken Access Control in Live Copy Paste for Elementor = 1.5.3 versions...
CVE-2025-63078 WordPress Restaurant Menu by MotoPress plugin <= 2.4.11 - Broken Access Control vulnerability
Subscriber Broken Access Control in Restaurant Menu by MotoPress = 2.4.11 versions...
CVE-2025-63041 WordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerability
Contributor Broken Access Control in Forget About Shortcode Buttons = 2.1.3 versions...
CVE-2026-45257 Arbitrary file overwrite via the KTLS receive path
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...
CVE-2026-4339 SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server
Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery SS...
CVE-2026-9699 Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors
Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...
CVE-2026-57527 ZAP ViewState Add-on Insecure Deserialization via JSFViewState.decode()
Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...
CVE-2026-45256 Missing permission check in thr_kill2(2)
When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to th...
CVE-2026-3472 Markdown image rendering bypass in AI bot tool result posts in Mattermost
Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...
CVE-2026-56773 Teable - Missing Authorization in v2 REST API
Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST...
CVE-2026-13426 Client4 fails to validate path parameters
The Mattermost Go module github.com/mattermost/mattermost/server/public versions v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost...
CVE-2026-57940
HTMLy 3.1.1 contains a Server-Side Request Forgery SSRF vulnerability in the RSS feed import functionality. The function getfeed in system/admin/admin.php passes user-supplied $feedurl directly to filegetcontents without any validation. An authenticated attacker with administrative privileges can...
CVE-2026-53914
In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata...
CVE-2026-57926
In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack...
CVE-2026-57925
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...
CVE-2026-57924
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...
CVE-2026-57923
In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings...
CVE-2026-57922
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...