|
11
|
7.2 |
HIGH
Network
|
-
|
-
|
The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API Translation Storage in all…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-9109
|
2026-06-13 16:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
- |
|
-
|
-
|
The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary `.php` files from…
New
|
-
|
CVE-2026-9062
|
2026-06-13 16:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
- |
|
-
|
-
|
The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, all…
New
|
-
|
CVE-2026-9061
|
2026-06-13 16:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
- |
|
-
|
-
|
We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator.
### S…
New
|
-
|
CVE-2026-11769
|
2026-06-13 15:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations.
The default algorithm is HMAC-SHA1, which should only be used for legacy systems.
These versi…
New
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2026-9641
|
2026-06-13 13:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
9.4 |
CRITICAL
Network
|
-
|
-
|
Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote attackers to hijack initial setup by submitting the _set_password parameter t…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-49973
|
2026-06-13 13:17 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
7.1 |
HIGH
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-49396
|
2026-06-13 13:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
7.7 |
HIGH
Network
|
-
|
-
|
Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule (DNS resolution + public IP check), but the individual episode <…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-47260
|
2026-06-13 13:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal authenticated user can edit another user's video subtitles because of a lack of authorization. They can…
New
|
CWE-639
CWE-863
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-47238
|
2026-06-13 13:17 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
5.4 |
MEDIUM
Network
|
-
|
-
|
NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) v…
New
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2026-47223
|
2026-06-13 13:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
