|
1311
|
5.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title …
|
CWE-79
Cross-site Scripting
|
CVE-2019-25744
|
2026-06-10 11:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1312
|
5.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title fiel…
|
CWE-79
Cross-site Scripting
|
CVE-2019-25743
|
2026-06-10 11:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1313
|
5.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when crea…
|
CWE-79
Cross-site Scripting
|
CVE-2019-25742
|
2026-06-10 11:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1314
|
5.4 |
MEDIUM
Network
|
-
|
-
|
GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers…
|
CWE-79
Cross-site Scripting
|
CVE-2019-25739
|
2026-06-10 11:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1315
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit pay…
|
CWE-79
Cross-site Scripting
|
CVE-2019-25737
|
2026-06-10 11:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1316
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inje…
|
CWE-79
Cross-site Scripting
|
CVE-2019-25731
|
2026-06-10 11:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1317
|
- |
|
-
|
-
|
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain…
|
CWE-74
Injection
|
CVE-2026-46546
|
2026-06-10 10:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1318
|
- |
|
-
|
-
|
SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a sta…
|
CWE-121
CWE-787
Stack-based Buffer Overflow
Out-of-bounds Write
|
CVE-2026-44634
|
2026-06-10 10:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1319
|
4.3 |
MEDIUM
Network
|
-
|
-
|
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-53675
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1320
|
7.1 |
HIGH
Network
|
-
|
-
|
BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP dat…
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-53674
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
