|
1501
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery.
This issue affects YITH WooCommerce Product Slider Carousel: from …
|
CWE-352
Origin Validation Error
|
CVE-2022-44630
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1502
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Advanced AJAX Product Filter…
|
CWE-862
Missing Authorization
|
CVE-2022-45813
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1503
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Cross-Site request forgery (CSRF) vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery.
This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.…
|
CWE-352
Origin Validation Error
|
CVE-2022-47150
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1504
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Contact Form &…
|
CWE-862
Missing Authorization
|
CVE-2023-25969
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1505
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects MetroStore: from n/a through 1.3.2.
|
CWE-862
Missing Authorization
|
CVE-2023-32959
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1506
|
8.1 |
HIGH
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 ("Expand validation to block .. in config_file_name and configver …
|
CWE-22
CWE-697
Path Traversal
Incorrect Comparison
|
CVE-2026-45569
|
2026-06-11 23:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1507
|
8.1 |
HIGH
Network
|
-
|
-
|
FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos() function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the req…
|
CWE-20
CWE-176
CWE-178
Improper Input Validation
Improper Handling of Unicode Encoding
Improper Handling of Case Sensitivity
|
CVE-2026-45062
|
2026-06-11 23:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1508
|
8.8 |
HIGH
Network
|
nsa
|
ghidra
|
Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers c…
|
CWE-89
SQL Injection
|
CVE-2026-52758
|
2026-06-11 22:58 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1509
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_sampler
|
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-48306
|
2026-06-11 22:53 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1510
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_sampler
|
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-48305
|
2026-06-11 22:51 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
