|
3211
|
9.3 |
CRITICAL
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of `sanitize-html` pr…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44990
|
2026-06-15 23:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3212
|
- |
|
-
|
-
|
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An…
|
CWE-863
Incorrect Authorization
|
CVE-2026-34023
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3213
|
- |
|
-
|
-
|
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-34022
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3214
|
- |
|
-
|
-
|
The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2026-34021
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3215
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects MasterStudy LMS Pro: from n/a before 4.7…
|
CWE-862
Missing Authorization
|
CVE-2025-64215
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3216
|
7.1 |
HIGH
Network
|
-
|
-
|
WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' param…
|
CWE-89
SQL Injection
|
CVE-2019-25746
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3217
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download_backup.php e…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2018-25437
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3218
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-p…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-25436
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3219
|
7.2 |
HIGH
Network
|
-
|
-
|
WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site …
|
CWE-79
Cross-site Scripting
|
CVE-2016-20084
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3220
|
5.3 |
MEDIUM
Network
|
-
|
-
|
WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft mali…
|
CWE-352
Origin Validation Error
|
CVE-2016-20083
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
