|
571
|
- |
|
-
|
-
|
Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation.
comrak_nif::lumis_ada…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-53428
|
2026-06-30 05:17 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
572
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown.
…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-53427
|
2026-06-30 05:17 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
573
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pm_author_message' parameter in the pm_send_message_to_author functi…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-4610
|
2026-06-30 05:17 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
574
|
6.2 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no r…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-13757
|
2026-06-30 05:17 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
575
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-57700. Reason: This candidate is a reservation duplicate of CVE-2026-57700. Notes: All CVE users should reference …
New
|
-
|
CVE-2026-13008
|
2026-06-30 05:17 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
576
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, and including, 1.0.0. This is due to …
Update
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-12417
|
2026-06-30 05:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
577
|
7.5 |
HIGH
Network
|
-
|
-
|
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping…
Update
|
CWE-89
SQL Injection
|
CVE-2026-12077
|
2026-06-30 05:17 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
578
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'new_link' parameter. This makes it possible for authenticated a…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-11370
|
2026-06-30 05:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
579
|
6.1 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty cus…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-50745
|
2026-06-30 05:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
580
|
2.5 |
LOW
Local
|
gnu
|
libidn
|
GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.
Update
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-57053
|
2026-06-30 04:40 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|