|
4901
|
4.3 |
MEDIUM
Network
|
-
|
-
|
DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may affect availability.
|
CWE-399
Resource Management Errors
|
CVE-2026-41983
|
2026-06-9 22:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4902
|
5.2 |
MEDIUM
Local
|
-
|
-
|
UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity.
|
CWE-284
Improper Access Control
|
CVE-2026-41984
|
2026-06-9 22:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4903
|
5.1 |
MEDIUM
Local
|
-
|
-
|
UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity.
|
CWE-284
Improper Access Control
|
CVE-2026-41985
|
2026-06-9 22:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4904
|
2.4 |
LOW
Physics
|
-
|
-
|
Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.
|
CWE-606
Unchecked Input for Loop Condition
|
CVE-2026-41986
|
2026-06-9 22:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4905
|
9.0 |
CRITICAL
Network
|
-
|
-
|
Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS Agen…
|
CWE-94
Code Injection
|
CVE-2026-11393
|
2026-06-9 22:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4906
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and o…
|
CWE-79
Cross-site Scripting
|
CVE-2026-10862
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4907
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege v…
|
CWE-266 CWE-272
Incorrect Privilege Assignment Least Privilege Violation
|
CVE-2026-11620
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4908
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulat…
|
CWE-284 CWE-434
Improper Access Control Unrestricted Upload of File with Dangerous Type
|
CVE-2026-11621
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4909
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘location_dir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5714
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4910
|
7.2 |
HIGH
Network
|
-
|
-
|
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7556
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4911
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versions up to, and including, 1.0.0 due to insufficient input sa…
|
CWE-79
Cross-site Scripting
|
CVE-2026-10024
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4912
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFo…
|
CWE-352
Origin Validation Error
|
CVE-2026-10553
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4913
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax) in all versions up to, and including, 1.4 due to insufficient in…
|
CWE-79
Cross-site Scripting
|
CVE-2026-10738
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4914
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter in all versions up to, and including, 1.0.6 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-11603
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4915
|
4.5 |
MEDIUM
Local
|
-
|
-
|
A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free of the file image.c. Such manipulation leads to use after free. Local access is required to approach…
|
CWE-119 CWE-416
Incorrect Access of Indexable Resource ('Range Error') Use After Free
|
CVE-2026-11623
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4916
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the `epaperflip_embed` shortcode in all versions up to, and including, …
|
CWE-79
Cross-site Scripting
|
CVE-2026-7662
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4917
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the `helpfulcrowd_validate_to…
|
CWE-843
Type Confusion
|
CVE-2026-8499
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4918
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is d…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8841
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4919
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute (and other attributes) of the romancart_button shortcode in versions up to, and i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8880
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4920
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8882
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4921
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, 1.3. This is due to insufficient input …
|
CWE-79
Cross-site Scripting
|
CVE-2026-8895
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4922
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.…
|
CWE-352
Origin Validation Error
|
CVE-2026-8904
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4923
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8883
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4924
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rc_o…
|
CWE-352
Origin Validation Error
|
CVE-2026-8902
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4925
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the process_init() function hook…
|
CWE-352
Origin Validation Error
|
CVE-2026-8907
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4926
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralS…
|
CWE-352
Origin Validation Error
|
CVE-2026-8909
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4927
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function…
|
CWE-352
Origin Validation Error
|
CVE-2026-8910
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4928
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-leve…
|
CWE-352
Origin Validation Error
|
CVE-2026-8940
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4929
|
8.1 |
HIGH
Network
|
-
|
-
|
The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insufficient validation and sanitization of the u…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-9662
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4930
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninja_gdpr_ajax_actions' AJAX action in versions up to, and including, 1.0.0. This is due to miss…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8977
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4931
|
7.5 |
HIGH
Network
|
-
|
-
|
The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the `userId` parameter of the `six_storage_g…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9185
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4932
|
8.8 |
HIGH
Network
|
-
|
-
|
The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajax_ayi_action() handler only applying str…
|
CWE-269
Improper Privilege Management
|
CVE-2026-11616
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4933
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 7.0.10. This is due to three compounding design flaws: (1) the plugin leak…
|
CWE-200
Information Exposure
|
CVE-2026-7542
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4934
|
8.8 |
HIGH
Network
|
-
|
-
|
The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 database migration in versions up to and incl…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-8365
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4935
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions …
|
CWE-79
Cross-site Scripting
|
CVE-2026-8599
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4936
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8677
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4937
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabi…
|
CWE-862
Missing Authorization
|
CVE-2026-4058
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4938
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
Revert "mm/hugetlbfs: update hugetlbfs to use mmap_prepare"
This reverts commit ea52cb24cd3f ("mm/hugetlbfs: update hugetlbfs to …
|
-
|
CVE-2026-46318
|
2026-06-9 22:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4939
|
8.0 |
HIGH
Network
|
-
|
-
|
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41723
|
2026-06-9 22:16 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4940
|
8.0 |
HIGH
Network
|
-
|
-
|
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41722
|
2026-06-9 22:16 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4941
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via…
|
CWE-284
Improper Access Control
|
CVE-2026-11190
|
2026-06-9 21:51 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4942
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restricti…
|
CWE-20
Improper Input Validation
|
CVE-2026-11189
|
2026-06-9 21:51 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4943
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds memory access in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security s…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-11191
|
2026-06-9 21:50 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4944
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium securi…
|
CWE-20
Improper Input Validation
|
CVE-2026-11192
|
2026-06-9 21:49 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4945
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium securit…
|
CWE-284
Improper Access Control
|
CVE-2026-11193
|
2026-06-9 21:49 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4946
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
io_uring/waitid: clear waitid info before copying it to userspace
IORING_OP_WAITID stores its result fields in struct io_waitid::…
|
-
|
CVE-2026-46315
|
2026-06-9 18:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4947
|
7.1 |
HIGH
Network
|
-
|
-
|
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-10840
|
2026-06-9 18:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4948
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HT…
|
CWE-20
Improper Input Validation
|
CVE-2026-11023
|
2026-06-9 12:08 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4949
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Stack buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-11024
|
2026-06-9 12:07 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4950
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium securit…
|
CWE-602
Client-Side Enforcement of Server-Side Security
|
CVE-2026-11025
|
2026-06-9 12:07 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|