|
921
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Add bounds check on pat_index to prevent OOB kernel read in madvise
When user provides a bogus pat_index value through th…
New
|
-
|
CVE-2026-43280
|
2026-05-6 22:07 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
922
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mp_pix_image' WooCommerce API endpoint in all ver…
New
|
CWE-862
Missing Authorization
|
CVE-2026-3208
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
923
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmve_Schedules_Controller::s…
New
|
CWE-862
Missing Authorization
|
CVE-2026-5753
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
924
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the `createFluentCartTable` function in al…
New
|
CWE-862
Missing Authorization
|
CVE-2026-2306
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
925
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6672
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
926
|
7.2 |
HIGH
Network
|
-
|
-
|
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'first_name' parameter in all versions up to, and includi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7448
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
927
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments() method of EmailNo…
New
|
CWE-22
Path Traversal
|
CVE-2026-6344
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
928
|
7.2 |
HIGH
Network
|
-
|
-
|
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking_form_page_url' parameter in all versions up to, …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7332
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
929
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7457
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
930
|
7.5 |
HIGH
Network
|
-
|
-
|
The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of su…
New
|
CWE-89
SQL Injection
|
CVE-2026-1719
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
