|
471
|
7.3 |
HIGH
Local
|
-
|
-
|
OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 (2.246.0 on Windows) might allow an actor who controls the value of one or more bundling properties (e…
New
|
CWE-78
OS Command
|
CVE-2026-11417
|
2026-06-11 03:35 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
472
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all v…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-8444
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
473
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'title_tag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8613
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
474
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8853
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
475
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'grid[properties][borderColor]' and 'grid[images][N][attachment_url]' Parameters in all versions up to, an…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-9019
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
476
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() function not properly rest…
New
|
CWE-269
Improper Privilege Management
|
CVE-2025-6254
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
477
|
7.5 |
HIGH
Network
|
-
|
-
|
The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the use…
New
|
CWE-89
SQL Injection
|
CVE-2026-3018
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
478
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS.
This issue affects WPZOOM Portfolio: from n/a through 1.4…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-49069
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
479
|
8.1 |
HIGH
Network
|
google
|
chrome
|
Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML pa…
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11689
|
2026-06-11 03:35 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
480
|
5.4 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Hig…
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11666
|
2026-06-11 03:31 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
