|
471
|
8.1 |
HIGH
Network
|
qnap
|
file_station
|
An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restr…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-24724
|
2026-06-12 22:47 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
472
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection.
This issue affects Product Filter …
New
|
CWE-89
SQL Injection
|
CVE-2026-39494
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
473
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection.
This issue affects JoomSport: from n/a through 5.7…
New
|
CWE-89
SQL Injection
|
CVE-2026-42647
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
474
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS.
This issue affects SliceWP: from n/a through 1.2.6.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42653
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
475
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation.
This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4.
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-49060
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
476
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_url' parameter of the [presto_player_overlay] shortcode in versions up to, and including, 4.2.0 This …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-9125
|
2026-06-12 22:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
477
|
8.8 |
HIGH
Network
|
-
|
-
|
Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security sev…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-12018
|
2026-06-12 22:08 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
478
|
- |
|
-
|
-
|
Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from pr…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-12026
|
2026-06-12 22:08 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
479
|
- |
|
-
|
-
|
Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band (OOB)
external entity res…
New
|
CWE-611
XXE
|
CVE-2026-49875
|
2026-06-12 22:08 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
480
|
- |
|
-
|
-
|
The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replay…
New
|
CWE-289
Authentication Bypass by Alternate Name
|
CVE-2026-50627
|
2026-06-12 22:08 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
