|
591
|
4.3 |
MEDIUM
Network
|
-
|
-
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause den…
New
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2026-10733
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
592
|
6.5 |
MEDIUM
Network
|
-
|
-
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authe…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-1500
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
593
|
3.1 |
LOW
Network
|
-
|
-
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authen…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-3553
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
594
|
- |
|
-
|
-
|
A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potent…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4764
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
595
|
5.4 |
MEDIUM
Network
|
-
|
-
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authe…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-6269
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
596
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonce verification. Attackers can trick an authenticated user into…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-53736
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
597
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-53737
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
598
|
8.1 |
HIGH
Network
|
-
|
-
|
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can delete posts or overwrite p…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-53738
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
599
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authe…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-53739
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
600
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to exec…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-53740
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
