|
2011
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attack…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-58348
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2012
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-58349
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2013
|
7.5 |
HIGH
Network
|
-
|
-
|
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packet…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-3238
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2014
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScr…
|
CWE-79
Cross-site Scripting
|
CVE-2026-11569
|
2026-06-8 23:57 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2015
|
- |
|
-
|
-
|
## Summary
The iOS implementation of `cordova-plugin-inappbrowser` passes the `id` field from a `WKScriptMessage` body to `commandDelegate sendPluginResult:callbackId:` with no format validation (`C…
|
CWE-20
Improper Input Validation
|
CVE-2026-47430
|
2026-06-8 23:57 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2016
|
7.4 |
HIGH
Network
|
-
|
-
|
A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN sit…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-50752
|
2026-06-8 23:57 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2017
|
3.8 |
LOW
Network
|
-
|
-
|
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_si…
|
CWE-73
External Control of File Name or Path
|
CVE-2025-12656
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2018
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to pe…
|
CWE-862
Missing Authorization
|
CVE-2026-7523
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2019
|
7.5 |
HIGH
Network
|
-
|
-
|
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (profile template scope) functi…
|
CWE-22
Path Traversal
|
CVE-2026-9290
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2020
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missin…
|
CWE-352
Origin Validation Error
|
CVE-2026-9719
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
