|
1
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax…
New
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-12183
|
2026-06-14 03:16 |
2026-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
7.6 |
HIGH
Network
|
-
|
-
|
SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x b…
New
|
CWE-89
SQL Injection
|
CVE-2026-6428
|
2026-06-14 02:16 |
2026-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Cap-go Console < 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletio…
New
|
CWE-645
Overly Restrictive Account Lockout Mechanism
|
CVE-2026-53982
|
2026-06-13 22:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
7.2 |
HIGH
Network
|
-
|
-
|
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and inclu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5513
|
2026-06-13 21:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/save_shortcode in all vers…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-1291
|
2026-06-13 19:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
- |
|
-
|
-
|
The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users ha…
New
|
CWE-346
Origin Validation Error
|
CVE-2026-11624
|
2026-06-13 19:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output esca…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-9629
|
2026-06-13 17:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block in versions up to, and including, 2.0.9 due to insuf…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-3297
|
2026-06-13 17:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayer_sav…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-2470
|
2026-06-13 17:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomple…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-9134
|
2026-06-13 16:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
