|
831
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Cross-Site request forgery (CSRF) vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery.
This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.…
|
CWE-352
Origin Validation Error
|
CVE-2022-47150
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
832
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Contact Form &…
|
CWE-862
Missing Authorization
|
CVE-2023-25969
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
833
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects MetroStore: from n/a through 1.3.2.
|
CWE-862
Missing Authorization
|
CVE-2023-32959
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
834
|
6.1 |
MEDIUM
Network
|
-
|
-
|
draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. …
|
CWE-79
Cross-site Scripting
|
CVE-2026-46642
|
2026-06-11 23:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
835
|
8.1 |
HIGH
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 ("Expand validation to block .. in config_file_name and configver …
|
CWE-22
CWE-697
Path Traversal
Incorrect Comparison
|
CVE-2026-45569
|
2026-06-11 23:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
836
|
8.1 |
HIGH
Network
|
-
|
-
|
FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos() function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the req…
|
CWE-20
CWE-176
CWE-178
Improper Input Validation
Improper Handling of Unicode Encoding
Improper Handling of Case Sensitivity
|
CVE-2026-45062
|
2026-06-11 23:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
837
|
8.8 |
HIGH
Network
|
nsa
|
ghidra
|
Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers c…
|
CWE-89
SQL Injection
|
CVE-2026-52758
|
2026-06-11 22:58 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
838
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_sampler
|
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-48306
|
2026-06-11 22:53 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
839
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_sampler
|
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-48305
|
2026-06-11 22:51 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
840
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_sampler
|
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34710
|
2026-06-11 22:50 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
