|
681
|
10.0 |
CRITICAL
Network
|
-
|
-
|
UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. In versions 0.11.0 through 0.26.0, a logic error in t…
New
|
CWE-287
CWE-303
Improper Authentication
Incorrect Implementation of Authentication Algorithm
|
CVE-2026-46389
|
2026-06-6 04:21 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
682
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a…
New
|
CWE-285
Improper Authorization
|
CVE-2026-10580
|
2026-06-6 04:20 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
683
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenti…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-46390
|
2026-06-6 04:20 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
684
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of `<iframe>` el…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-46396
|
2026-06-6 04:20 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
685
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The applic…
New
|
CWE-78
OS Command
|
CVE-2026-46394
|
2026-06-6 04:20 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
686
|
8.8 |
HIGH
Network
|
-
|
-
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and includ…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-5411
|
2026-06-6 04:20 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
687
|
8.8 |
HIGH
Network
|
-
|
-
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and includ…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-5415
|
2026-06-6 04:20 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
688
|
8.8 |
HIGH
Network
|
-
|
-
|
Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename …
New
|
CWE-78
OS Command
|
CVE-2026-49492
|
2026-06-6 03:59 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
689
|
8.8 |
HIGH
Network
|
-
|
-
|
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS(), which evaluates the block content as code via vm.runInNewContext(), allowing arbitrary code execution. A…
New
|
CWE-94
Code Injection
|
CVE-2026-49493
|
2026-06-6 03:59 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
690
|
8.8 |
HIGH
Network
|
-
|
-
|
Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScript execution. The flaw affects every render path - th…
New
|
CWE-95
Eval Injection
|
CVE-2026-50733
|
2026-06-6 03:59 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
