|
831
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'title_tag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8613
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
832
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8853
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
833
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'grid[properties][borderColor]' and 'grid[images][N][attachment_url]' Parameters in all versions up to, an…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-9019
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
834
|
7.5 |
HIGH
Network
|
-
|
-
|
The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the use…
New
|
CWE-89
SQL Injection
|
CVE-2026-3018
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
835
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS.
This issue affects WPZOOM Portfolio: from n/a through 1.4…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-49069
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
836
|
8.1 |
HIGH
Network
|
google
|
chrome
|
Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML pa…
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11689
|
2026-06-11 03:35 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
837
|
5.4 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Hig…
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11666
|
2026-06-11 03:31 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
838
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a cra…
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11658
|
2026-06-11 03:30 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
839
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-11653
|
2026-06-11 03:29 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
840
|
5.5 |
MEDIUM
Local
|
cilium
|
ebpf
|
A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipul…
Update
|
CWE-189
CWE-190
Numeric Errors
Integer Overflow or Wraparound
|
CVE-2026-10722
|
2026-06-11 03:28 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
