364116 matches found
CVE-2026-49083
Contributor Privilege Escalation in LatePoint = 5.5.1 versions...
CVE-2026-49110
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...
CVE-2026-49085
Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...
CVE-2026-49112
Unauthenticated Path Traversal in Shared Files = 1.7.64 versions...
CVE-2026-49106
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact = 1.1.6 versions...
CVE-2026-49109
Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.4.3 versions...
CVE-2026-49104
Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.2.1 versions...
CVE-2026-49082
Subscriber Sensitive Data Exposure in Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons = 1.4.8 versions...
CVE-2026-49105
Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...
CVE-2026-49061
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...
CVE-2026-49067
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect = 1.6.9 versions...
CVE-2026-49063
Unauthenticated Privilege Escalation in Listdom = 5.5.0 versions...
CVE-2026-49068
Subscriber Sensitive Data Exposure in Coupon Affiliates = 7.8.1 versions...
CVE-2026-49066
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...
CVE-2026-49078
Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...
CVE-2026-49065
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce = 1.9.5 versions...
CVE-2026-49070
Unauthenticated Broken Access Control in Knit Pay = 9.4.0.0 versions...
CVE-2026-48966
Unauthenticated Cross Site Scripting XSS in Funnel Builder by FunnelKit = 3.15.0.2 versions...
CVE-2026-49043
Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...
CVE-2026-48965
Subscriber Sensitive Data Exposure in XCloner = 4.8.6 versions...
CVE-2026-48889
Subscriber Privilege Escalation in Amelia = 2.3 versions...
CVE-2026-49056
Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels = 4.9.4 versions...
CVE-2026-48970
Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...
CVE-2026-48964
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System = 3.3.6 versions...
CVE-2026-49055
Unauthenticated Cross Site Scripting XSS in Drag and Drop Multiple File Upload – Contact Form 7 = 1.3.9.7 versions...
CVE-2026-48878
Subscriber Sensitive Data Exposure in Visual Link Preview = 2.4.1 versions...
CVE-2026-48887
Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...
CVE-2026-48883
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...
CVE-2026-48876
Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...
CVE-2026-48880
Subscriber Cross Site Scripting XSS in WP Job Portal = 2.5.2 versions...
CVE-2026-48882
Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...
CVE-2026-48881
Unauthenticated Broken Access Control in TrueBooker = 1.1.9 versions...
CVE-2026-48886
Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...
CVE-2026-48885
Unauthenticated Cross Site Scripting XSS in HollerBox = 2.3.10.1 versions...
CVE-2026-48871
Unauthenticated Cross Site Scripting XSS in MW WP Form = 5.1.3 versions...
CVE-2026-48838
Unauthenticated Cross Site Scripting XSS in Post SMTP = 3.6.2 versions...
CVE-2026-48873
Unauthenticated Broken Access Control in Montonio for WooCommerce = 10.1.2 versions...
CVE-2026-48870
Subscriber Cross Site Scripting XSS in King Addons for Elementor = 51.1.62 versions...
CVE-2026-48868
Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...
CVE-2026-48867
Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.1.2 versions...
CVE-2026-48874
Subscriber SQL Injection in GamiPress = 7.8.7 versions...
CVE-2026-48872
Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...
CVE-2026-48708
OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance tpl package-level variable in service/internal/tpl/templates.go across all goroutines. Every action execution calls...
CVE-2026-48709
OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any authentication or authorization checks. Unlike all other data-returning API endpoints, it does not cal...
CVE-2026-48836
Unauthenticated Remote Code Execution RCE in Easy Invoice = 2.1.19 versions...
CVE-2026-48835
Unauthenticated Broken Access Control in Contact Form by WPForms = 1.10.0.4 versions...
CVE-2026-48518
MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, the team join endpoint POST /multi-juicer/api/teams/team/join accepted requests with any Content-Type, including text/plain. Because tha...
CVE-2026-48124
Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...
CVE-2026-47825
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud Gateway 4.1.x fix 4.1.13. Spri...
CVE-2026-47261
Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 pathopen interfaces by...