|
1391
|
7.2 |
HIGH
Network
|
-
|
-
|
WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers c…
|
CWE-79
Cross-site Scripting
|
CVE-2023-54351
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1392
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers ca…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-54352
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1393
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attack…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-58348
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1394
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-58349
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1395
|
7.5 |
HIGH
Network
|
-
|
-
|
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packet…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-3238
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1396
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScr…
|
CWE-79
Cross-site Scripting
|
CVE-2026-11569
|
2026-06-8 23:57 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1397
|
7.4 |
HIGH
Network
|
-
|
-
|
A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN sit…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-50752
|
2026-06-8 23:57 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1398
|
- |
|
-
|
-
|
## Summary
The iOS implementation of `cordova-plugin-inappbrowser` passes the `id` field from a `WKScriptMessage` body to `commandDelegate sendPluginResult:callbackId:` with no format validation (`C…
|
CWE-20
Improper Input Validation
|
CVE-2026-47430
|
2026-06-8 23:57 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1399
|
3.8 |
LOW
Network
|
-
|
-
|
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_si…
|
CWE-73
External Control of File Name or Path
|
CVE-2025-12656
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1400
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to pe…
|
CWE-862
Missing Authorization
|
CVE-2026-7523
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
