363767 matches found
CVE-2026-56064
Subscriber SQL Injection in Tourfic = 2.22.5 versions...
CVE-2026-56063
Unauthenticated Broken Access Control in MailChimp Block = 1.1.15 versions...
CVE-2026-56061
Unauthenticated Broken Access Control in Subscriptions for WooCommerce = 1.9.5 versions...
CVE-2026-56043
Unauthenticated Cross Site Scripting XSS in Customer Reviews for WooCommerce = 5.110.1 versions...
CVE-2026-56046
Subscriber Cross Site Scripting XSS in ListingPro = 2.9.11 versions...
CVE-2026-56045
Unauthenticated Cross Site Scripting XSS in Automatic 3.135.1 versions...
CVE-2026-56047
Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.3 versions...
CVE-2026-56055
Subscriber PHP Object Injection in RealHomes = 4.5.3 versions...
CVE-2026-56044
Unauthenticated Cross Site Scripting XSS in Blog2Social = 8.9.2 versions...
CVE-2026-56048
Unauthenticated Insecure Direct Object References IDOR in Payment Gateway Based Fees and Discounts for WooCommerce = 3.0.0 versions...
CVE-2026-56041
Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...
CVE-2026-56035
Unauthenticated Multiple Vulnerabilities in BitFire Security = 5.0.3 versions...
CVE-2026-56040
Unauthenticated Cross Site Scripting XSS in Gutenverse Form = 2.4.7 versions...
CVE-2026-56031
Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...
CVE-2026-56032
Subscriber PHP Object Injection in Buddyboss Platform = 3.0.4 versions...
CVE-2026-56036
Unauthenticated SQL Injection in 워드프레스 결제 심플페이 = 5.5.6 versions...
CVE-2026-56038
Contributor Privilege Escalation in Frisbii Pay = 1.8.2 versions...
CVE-2026-56033
Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...
CVE-2026-56039
Unauthenticated Cross Site Scripting XSS in Quick Interest Slider = 3.1.6 versions...
CVE-2026-56034
Unauthenticated SQL Injection in Library Management System = 3.5.7 versions...
CVE-2026-56011
Unauthenticated Cross Site Scripting XSS in MapPress Maps for WordPress = 2.97.3 versions...
CVE-2026-56026
Subscriber Server Side Request Forgery SSRF in utm.codes = 1.9.0 versions...
CVE-2026-56025
Unauthenticated Broken Access Control in Paymob for WooCommerce = 4.1.2 versions...
CVE-2026-56027
Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...
CVE-2026-56030
Unauthenticated Privilege Escalation in Paytium = 5.0.2 versions...
CVE-2026-56010
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce = 10.4.0 versions...
CVE-2026-56029
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...
CVE-2026-56028
Unauthenticated Privilege Escalation in Easy Elements for Elementor Addons & Website Templates = 1.4.9 versions...
CVE-2026-54837
Unauthenticated Broken Access Control in Intranet & Private Site All-In-One Intranet = 1.8.1 versions...
CVE-2026-54840
Unauthenticated Broken Access Control in Newsletters = 4.13 versions...
CVE-2026-54846
Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale = 1.0.27 versions...
CVE-2026-54847
Unauthenticated Broken Access Control in Stylish Cost Calculator = 8.3.9 versions...
CVE-2026-54839
Unauthenticated Sensitive Data Exposure in Trinity Backup Backup, Migrate, Restore, Clone & Schedule Backups = 2.0.9 versions...
CVE-2026-54835
Unauthenticated Broken Access Control in Five Star Restaurant Menu = 2.5.2 versions...
CVE-2026-56008
Contributor Privilege Escalation in Fusion Builder = 3.15.4 versions...
CVE-2026-54827
Unauthenticated SQL Injection in Real Estate 7 = 3.5.9 versions...
CVE-2026-54832
Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...
CVE-2026-54833
Unauthenticated Backdoor in Enable CORS = 2.0.3 versions...
CVE-2026-54831
Unauthenticated SQL Injection in GeoDirectory = 2.8.162 versions...
CVE-2026-54824
Unauthenticated Sensitive Data Exposure in Ads by WPQuads = 3.0.3 versions...
CVE-2026-54834
Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...
CVE-2026-54825
Unauthenticated SQL Injection in wpDataTables = 7.4 versions...
CVE-2026-54826
Subscriber Insecure Direct Object References IDOR in SupportCandy = 3.4.6 versions...
CVE-2026-45256
When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to th...
CVE-2026-52701
Unauthenticated Broken Access Control in User Registration = 5.2.2 versions...
CVE-2026-54820
Unauthenticated SQL Injection in JetBooking = 4.0.4.1 versions...
CVE-2026-45257
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...
CVE-2026-4339
Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery SS...
CVE-2026-3472
Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...
CVE-2026-30041
An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service DoS via supplying a crafted PSD file...