|
811
|
5.4 |
MEDIUM
Network
|
-
|
-
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authe…
|
CWE-863
Incorrect Authorization
|
CVE-2026-6269
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
812
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonce verification. Attackers can trick an authenticated user into…
|
CWE-352
Origin Validation Error
|
CVE-2026-53736
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
813
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes …
|
CWE-79
Cross-site Scripting
|
CVE-2026-53737
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
814
|
8.1 |
HIGH
Network
|
-
|
-
|
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can delete posts or overwrite p…
|
CWE-863
Incorrect Authorization
|
CVE-2026-53738
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
815
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authe…
|
CWE-352
Origin Validation Error
|
CVE-2026-53739
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
816
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to exec…
|
CWE-79
Cross-site Scripting
|
CVE-2026-53740
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
817
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload …
|
CWE-79
Cross-site Scripting
|
CVE-2026-53741
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
818
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attr…
|
CWE-79
Cross-site Scripting
|
CVE-2026-53742
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
819
|
7.5 |
HIGH
Network
|
-
|
-
|
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-10142
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
820
|
7.5 |
HIGH
Network
|
-
|
-
|
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supp…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-10143
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
