|
371
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.6.10.6. This is due to a flawed authorization logic in the nonce_permiss…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4807
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
372
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen_for_saving_export_schedule() function in library/cla…
New
|
CWE-862
Missing Authorization
|
CVE-2026-6214
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
373
|
8.8 |
HIGH
Network
|
-
|
-
|
The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient fil…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6692
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
374
|
7.5 |
HIGH
Network
|
-
|
-
|
The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `get_current_letter_docs` and `docs_sort_by_letter` AJAX actions in all versions up to, and including, 3.7.0. This is du…
New
|
CWE-89
SQL Injection
|
CVE-2026-4348
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
375
|
8.1 |
HIGH
Network
|
-
|
-
|
The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validat…
New
|
CWE-22
Path Traversal
|
CVE-2026-7252
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
376
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted C…
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-8004
|
2026-05-7 22:54 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
377
|
4.3 |
MEDIUM
Adjacent
|
google
|
chrome
|
Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic.…
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-8005
|
2026-05-7 22:54 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
378
|
8.8 |
HIGH
Network
|
redistimeseries
|
redistimeseries
|
RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE comma…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-25588
|
2026-05-7 22:46 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
379
|
8.8 |
HIGH
Network
|
redisbloom
|
redisbloom
|
RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTOR…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-25589
|
2026-05-7 22:44 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
380
|
7.5 |
HIGH
Network
|
owasp
|
modsecurity
|
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occu…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-30923
|
2026-05-7 22:41 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
